All posts by Marcel Shaw

Marcel Shaw is a technology blogger focusing on ITSM, ITAM, and Endpoint Management at marcelshaw.com. Marcel has worked as technical consultant for more than 25 years for industry leading IT companies with a focus on United States government agencies. Marcel's experience also includes working as a legal expert witness for IT management. Marcel writes about industry technology trends and best practices. He incorporates his views and his many years of experience to provide unique technology advice for people that manage and support IT solutions. Marcel Shaw graduated from Brigham Young University in 1991. Marcel has worked in both pre-sales and post-sales roles for companies such as Softsolutions, Novell, Dell, Softricity, Gateway, Landesk, and Ivanti. Marcel’s expertise and experience include networking technologies (LAN, WAN), IP infrastructure. Internet Caching technology, Storage and Fibre technology (SAN), Security Standards and Technologies, Document Management, Directory Services (NDS, AD, LDAP), Federal Security Standards and Requirements (DIACAP, FDCC, USGCB), ITIL, Asset Management (ITAM), endpoint Management, and endpoint security. Marcel has worked extensively with United States federal agencies solving IT problems. These agencies include USDA, NIST, FDA, DEA, DHS, FBI, DHA, Whitehouse Communications, Army, Air Force, Navy, Joint Task Force, NIH, Social Security Administration, IRS, NOAA, and FAA among others. All of Marcel's posts are edited by Carrie Shaw (@carrieshaw). She is not only a very good editor, but a great wife. Thank You
Technology, Technology Opinion

Avoid Ransomware Attacks with IT Asset Management

When installing a home security system, it is important to perform a discovery so that you can document all vulnerabilities around the property you wish to secure. Why? Because a security system is worthless if you do not secure every window and door. When implementing an IT security solution to protect your data, it is important to perform a discovery so that you can identify all IT assets that need to be secured.

Unfortunately, many organizations continue to struggle with IT asset management and as a result, assets are often misplaced or lost. Why? Because IT assets are often misplaced or lost when they are changed, updated, relocated, or refreshed. Assets that are misplaced or lost can put an organization at risk because it is not possible to keep an IT asset up-to-date when you don’t see it.

It is no secret that many organizations have recently been hit with ransomware attacks such as WannaCry. On March 14, 2017, Microsoft released a critical patch that protected IT assets from WannaCry ransomware; however, on May 12, 2017, at least 230,000 computers in more than 150 countries were paralyzed by the ransomware.

Why? Because these organizations were not current with their patch and security updates. Many organizations that were hit with the ransomware were running unsupported operating systems like Windows XP and Windows 2003, which Microsoft no longer supports.

The Importance of an IT Asset Database

Maps are critical to generals and commanders who are at war because they provide a complete view of the battlefield. Maps provide details about the landscape along with all its obstacles. When fighting a war, it is important not to be surprised by the enemy. Without maps, generals and commanders would find it very difficult to identify and secure vulnerable areas on the battlefield.

IT asset databases are much like maps that provide a view of the battlefield. When IT can see everything, they are able to see obstacles that are putting the organization at risk. Organizations that want to protect themselves from ransomware attacks need to have reliable IT asset reports so they can see all assets that are vulnerable to a ransomware attack, such as older outdated operating systems and applications.

Organizations that do not have reliable asset reports are at risk. In other words, they are fighting a battle without a reliable map.

To avoid the cost and stress experienced by people who have been impacted by ransomware attacks, get a reliable map, i.e., build an accurate and complete IT asset database using a reliable IT asset management solution. Then build processes and procedures to track the assets throughout their lifecycle.

Security Starts with Discovery

To apply security policies to IT assets, security solutions must see the asset. Historically, organizations have not given much attention to the importance of discovery services and the IT asset database. They view it as a necessity to their security solution instead of a critical component to the business.

If you left one window unlocked in your home, it would not matter that the rest of the windows and doors were locked. Everything must be discovered for complete security. Be sure to choose reliable discovery solutions if you want to ensure your network is secure. An undiscovered device is like an unlocked window.

Summary

Organizations need to implement IT asset management to ensure security is applied to every IT asset on the network. Organizations that are not managing IT assets using ITAM principles do not have a complete security solution. Don’t let your data be compromised by an IT asset that you did not see.

-follow me on Twitter @marcelshaw

Technology Opinion

Why is Change Management Critical for Software Asset Management?

Early in my career, I often traveled to work with our customers. I remember one trip that required me to visit several cities in just four days. Before embarking on that trip, I remember calling a travel agent to make a change to the first flight of that trip. The travel agent was inexperienced because he made the change exactly as I had instructed.

To my surprise, the change that the travel agent made to the first leg of my flight caused the airline to cancel the flights I had scheduled for the entire trip. Why, because on most airlines, a change to the first segment of a trip requires the entire trip to be cancelled, and then the tickets have to be re-issued. Unfortunately, I lost all the discounts from my original ticket because my discounts were based on a seven day advance purchase.

As a result, I had to find another airline with cheaper flights, rearrange several of my appointments, and stay an extra night in a hotel. An experienced travel agent would have advised me of the consequences of my change request if it were to be granted. If I had been advised properly, I would not have made the change based on the additional costs that were to be incurred. Although some changes seem simple, they can have unintended consequences without the required expertise.

When audited, many organizations are required to pay thousands, and in some cases millions of dollars for violating software license agreements. Configuration changes and software updates are often to blame when an organization is found to be out-of-compliance with their contracts. For that reason, it is important that organizations consider software license contracts as part of their change management process.

Change Management

IT changes made within an organization are typically done to improve performance, and ultimately to save money. However, IT changes can also have unintended consequences that have a reverse affect, resulting in additional expenses as did the change to my flight. Change management is important for IT because it formally manages ongoing transitions from a current configuration to a future configuration.

Gartner states that “Change management is the automated support for development, rollout, and maintenance of system components (i.e., intelligent regeneration, package versioning, state control, library control, configuration management, turnover management, and distributed impact sensitivity reporting).

A change management request first requires detailed information about the future configuration to be submitted, then the configuration details to be reviewed by a change advisory board.

Change Advisory Board (CAB)

A change advisory board (CAB) supports IT personnel or a “Change Management Team” by reviewing change requests that have been submitted. After reviewing a change request, the CAB will either approve or deny the request.

The CAB is generally a team of representatives from various departments as well as people that have a specific expertise.

Because a configuration change can have an effect on employees and/or business processes, many organizations require a CAB to review all change requests in order to protect cost, risk, and revenue.

Software License Management Challenges

According to Gartner, “Optimizing complex licenses manually is labor-intensive; it requires specialized knowledge and does not scale. Larger enterprises will need a SAM tool. A SAM tool can automate, accelerate, and improve manual processes. It can pay dividends over manual alternatives, and can often pay for itself.”

Software license contracts are difficult to understand. For example, IBM releases over 3,000 license changes a year and they have over 100 license metrics. Some IBM products have up to 5 or 6 different license metrics depending on what a customer has purchased. The challenge many organizations face when managing software licenses is that they do not have a good understanding of their software license contracts which is required when using a Software Asset Management (SAM) tool. For this reason, it is important that change management requests are reviewed by a software license expert.

In the scenario above, Sally makes a request for change (RFC) to add a new partition to a server. After the RFC is reviewed by the CAB, the change is approved and then scheduled.

Following the change, a software audit is performed and the organization is found to be out-of-compliance with their contract based on the new partition that was added to the server.

How did this get past the CAB?

The CAB did not have the proper expertise required to make an evaluation about how that change would impact the software license agreement.

Add a License Expert to the Change Advisory Board (CAB)

To avoid unnecessary costs resulting from a software audit, organizations need to have a software license expert on the CAB.

Many organizations struggle when it comes to finding the expertise required to evaluate software license impact. For this reason, it is important to consider hiring a third-party with the proper expertise for the CAB. Although this is an additional expense for an organization, it will help avoid additional costs that come from being out-of-compliance with a software license agreement.

Conclusion

A change management process that requires software license contracts to be considered for every change request can help organizations avoid unnecessary costs resulting from a software audit. However, much like an inexperienced travel agent incurred additional costs for my trip, an inexperienced license expert on the CAB might approve changes that could incur more costs simply because they do not understand their software license agreements and the impact of the RFC. Be sure to hire or partner with the expertise required for evaluating software license contracts.

-follow me on Twitter @marcelshaw

Technology, Technology Opinion

Five Reasons the Data Center Needs Software License Optimization (Part 2)

In part one of this series, I suggested that every organization should consider implementing a software license optimization solution in the data center. Here are five reasons your organization needs Software License Optimization:

1 .  Complex License Variations

Software licenses are defined using multiple factors. These factors include the physical server, the number of processors, or the number of users; however, licensing becomes much more complicated if using virtual servers, cluster or fail-over solutions, and storage arrays.

IDC predicts that “Software License Complexity will Indirectly Cost Organizations an Average of 25% of their Software License Budgets in 2016.”  

 

Software vendors that sell into the data center tend to have many license variations for their product offerings. For example, terminology used in software license contracts will use terms such as Power Value Units (PVU), Resource Value Units (RVU), and Core Factor Table to define their software entitlement.

Complex statements in software license contracts are often confusing for most IT managers, especially when conditions or exceptions are added to the license definitions.

Some software vendors have up to 5,000 active license variations, which leaves many IT managers guessing about how to properly apply the licenses they have purchased.

2.  License vendors make changes which can affect licensing

Software license posture can be compromised when configuration changes or software updates are made to the network.

 

IT managers that are tasked to manage licenses need to understand how these updates or changes impact current license agreements. This is a lot to ask of someone who does not have licensing experience or expertise.

3.  Technology alone is not able to correctly calculate most server licensing

Software licensing tools provided by a software vendor or a third party are needed to monitor and manage software licenses, however these tools are not sufficient without people who have licensing knowledge and experience. It would be like providing software to model data in a database to someone who does not understand a database.

The complexity of datacenter software licenses requires those that manage the licenses to have a proficient understanding about the licenses and license contracts they are managing.

4.  Market expertise required – Having the right people with the right knowledge

Organizations that try to manage software licenses without hiring the proper expertise are at risk. Unfortunately, too many organizations are willing to take on this risk and as a result, software auditing has become a lucrative and profitable business for many software vendors and their partners.

Software optimization solutions require people with expertise in many areas. For example, Microsoft, IBM, and Oracle have unique licensing models that have many license variations that are often modified or updated.

Software optimization vendors typically employ software license experts that keep up-to-date with changes or updates to software licensing models. These experts can provide valuable insight and recommendations to help their customers stay compliant with their software license agreements.

5.  Software Audit Protection

Software optimization vendors can also assist an organization that is facing a software audit. In fact, some of these vendors will even represent an organization, much like an attorney, and fight on their behalf during an audit. These experts are usually people that have worked as software auditors in the past, so they are familiar with the software audit process.

Another important benefit is that software optimization experts can help organizations that have been hit with fines and penalties after a software audit by negotiating with the auditors on behalf of the organization. These experts are often successful at reducing penalties and fines demanded by the software auditors.

Conclusion

When software auditors are aware that an organization uses IT asset management (ITAM) best practices, they tend to move on to their next victim. In a study, Express Metrics claims: “Respondents whose organizations have implemented IT asset management (ITAM) tools report a 32% lower audit rate within the last two years than organizations with no such tools.”

Organizations that do not partner with software license optimization solutions and experts need to budget for unknown expenses. Why? Because these organizations will probably be out of compliance with software license agreements and as a result, they will pay the price.

-follow me on Twitter @marcelshaw

Technology, Technology Opinion

Five Reasons the Data Center needs Software License Optimization (Part-1)

Many years ago, I supported document management software used primarily by legal firms. The software provided attorneys with the ability to quickly access legal documents on the network. The software included intelligent searching capabilities, powerful reporting features, and version control for thousands of documents on a local area network. The capabilities we provided boosted the efficiency of legal departments and law firms all over world.

Although we provided a great software package that supported legal departments everywhere, the software alone was useless without the expertise of a legal expert or an attorney. When organizations need legal expertise, they hire legal experts. They don’t rely on legal software alone to handle legal matters.

Hire the Right Experts

When taxes are due, tax accountants are hired or subcontracted versus relying solely on a tax software solution. Software vendors that audit their customers typically employ software license experts along with software tools to perform the audit.

Regarding software license management, I am amazed how many organizations still do not employ or contract with  software license experts in addition to software optimization tools for software license management in the datacenter.

Software audits are on the rise because software vendors are realizing that audits can generate revenue, and that customers are not investing in software license management solutions or experts.

As long as there are organizations that are non-compliant with their software license agreements because of poor license management, software vendors will continue to find software audits to be profitable.  

In a gated Gartner report published May 28, 2014. Gartner claimed: “Tracking license entitlement has become a priority for many organizations as a means to alleviate the anxiety caused by annual software vendor audit. Gartner has seen an exponential increase in the number of contracts it has received from customers looking to purchase an SLOE tool during the past nine months. We don’t expect this trend to slow down…”

It is not practical to rely on IT managers to manage software licenses in the data center unless they have licensing expertise. This would be like having an accountant with very little legal expertise represent the organization in a lawsuit accusing executives of misappropriating funds. Although the accountant could provide the information required to defend against the accusation, the accountant would not have the required expertise to handle legal process, legal negotiation and most importantly, knowledge of local applicable laws.

Here are five good reason’s every organization should consider implementing an efficient software license optimization solution in the datacenter:

  1. Complex License Variations
  2. License vendors make changes which can affect licensing
  3. Technology alone is not able to correctly calculate most server licensing
  4. Market expertise required – Having the right people with the right knowledge
  5. Software Audit Protection

Part 2

In the second installment of this two part series, I will discuss complex license variations, market expertise, software audit protection, and how software licensing can be affected when configuration changes are made in the datacenter.

 

-follow me on Twitter @marcelshaw

Technology Opinion

Rise of the Chief Data Officer (CDO) and the Impact to ITSM

Within the IT organization, different entities often fight for control and resources to support their objectives. For example, IT security personnel might ask for more control by taking away rights from end users, while IT support services objects to the request for fear of increased call volumes. Furthermore, with limited budgets, resources are limited, making it difficult to support IT projects for each department. However, executives have to make decisions, leaving some IT projects unfunded.

Unfortunately, too many executives make decisions based on intuition instead of readily available data. This endangers the future of many organizations. In a gated report, Gartner predicts “through 2020, over 95% of business leaders will continue to make decisions using intuition, instead of probability distributions, and will significantly underestimate risks as a result.”

Intuition can be dangerous to an organization. For example, the evolution of Netflix over the past decade was a result of a series of decisions that were made based on the available data as well as some predictive analytics. The data they analyzed indicated a decline in store rentals, an increase in future bandwidth capabilities, and a generation (Gen Z) that expected “instant gratification.” Those who ignored the data did not understand what customers wanted, what future customers would expect, and the technology that would be available to meet customer expectations.

Many companies used “intuition,” to project that people would not want to abandon the local store experience. Today, those companies are nowhere to be found.

Who is the CDO?

Many organizations are realizing the value of their data so they are beginning to treat their data as a company asset; hence, the rise of the Chief Data Officer (CDO). The new executive CDO role is responsible for exploring how to use the organization’s data for its benefit. The CDO role will require this executive to have market and industry knowledge with a “technical” understanding of the organization’s data.

Gartner claims that “the race to drive competitive advantage and improved efficiency through better use of information assets is leading to a sharp rise in the number of chief data officers (CDOs). As a result, Gartner predicts that 90 percent of large companies will have a CDO role by the end of 2019.”

CDO responsibilities will more than likely vary across different organizations; however, we should expect the role will include data governance, data analytics, and data technology. Data governance responsibilities include setting standards and consistent processes to ensure the consistency, accuracy, security, and availability of the data. Interpreting data using data analytics from business intelligence tools will be a critical part of the CDO role as well as choosing the best software tools that support the organization’s objectives.

How will the CDO impact IT Service Management?

The CDO will play a large role in how the IT service management organization and software is structured and integrated with other software tools. Analytics and metrics provided by ITSM reports will provide critical information that will help the CDO determine risk to the organization when new software tools, new processes, and new policies are implemented.

The data provided from the ITSM tools and reports is important when setting IT strategy and defining IT architecture. ITSM reports help organizations make informed decisions when choosing software and hardware to support the objectives of the organization.

For example, if an organization decided to change from PCs to tablets on a project supporting one of the business units, a pilot program would ensure the objectives of the project are met. ITSM reports and metrics are important when analyzing data to determine the costs required to support the proposed solution.

ITSM reports and metrics will provide CDOs with the information they need in order to make informed decisions, avoiding the need to guess or use intuition to set objectives for future IT strategy and related IT projects.

Summary

Data provided from IT service management reports and metrics will be vital information for the CDO as he/she defines strategy for new technology, process, policy, security, and IT architecture. ITSM managers should expect the CDO role to have a direct impact on how IT service management will be implemented, delivered, measured, and most importantly, integrated with other IT solutions within the organization.

-follow me on Twitter @marcelshaw

Technology Opinion

Can RFID Help You Meet ITAM Objectives?

1 Comment

When I go to the grocery store, I tend to purchase much more than originally intended. To make matters worse, my usual grocery store seems to have more and more self-checkout registers every time I go. When I am ready to leave, my grocery cart is usually overflowing with items. Then I am expected to act like a cashier because I have to scan each item myself and finally pay a machine.

I estimate I spend an extra 12 hours a year in the grocery store working as a cashier at the self-checkout register. Imagine if I could simply walk up to the register and in a second, every item in my basket is instantaneously scanned without ever having to remove an item. Radio-Frequency Identification (RFID) is a technology that could make that wish come true. In fact, RFID can be used in many situations when an asset needs to be tracked. Many organizations use barcode scanners to track IT assets; however, barcode scanners require someone to see the asset and then find the barcode so it can be scanned.

What is RFID?

Much like barcode tags, RFID tags contain a unique identifier. RFID tags need to be read by an RFID reader just like barcode tags need to be read by a barcode scanner. The difference is that RFID readers use radio frequencies to communicate with an RFID tag instead of a line-of-sight scanner. RFID tags come in two formats: Active and Passive.

Active RFID

Active RFID tags have a battery so they can be set to automatically broadcast the asset information using a radio signal on a regular interval. The signal is picked up by an RFID reader located in the area.

Passive RFID

Passive RFID is when the tag is electrically charged when it is within range of the RFID reader, causing the chip in the RFID tag to power on, and send the tag’s unique hexadecimal value to the RFID reader. Passive RFID is commonly used to track assets as they enter or leave a dedicated area such as a room.

Can RFID technology help IT asset managers meet ITAM objectives?

To fully understand if RFID will help you with your ITAM objectives, it is important to understand how it works as well as its benefits and/or limitations. RFID capabilities include asset monitoring, asset tracking, checkpoint tracking, and bulk lifecycle updates. 

 1.  Asset Monitoring

Asset monitoring requires “active RFID” so that assets can send the asset information to a dedicated RFID reader at regular intervals, which is important in an environment containing assets with sensitive information. Alerts can be set when critical assets stop reporting to the asset management system; however, the problem with active RFID is that the battery on the RFID tags will eventually need to be replaced. Dead batteries can result in a false “asset missing” alert.

2.  Asset tracking

RFID provides the ability to instantly track assets within a building or room without having to scan individual assets, which will save IT administrators a great deal of time. I have witnessed IT employees walk through buildings scanning the barcodes of assets they can see. I have also seen inventory reports raise an alarm because some IT assets were not located using a barcode scanner due to human error. In one case, a laptop that was thought to be missing was simply locked in a drawer in someone’s office. If that laptop would have had an RFID tag, it would have been discovered by a mobile RFID scanner.

3.  Checkpoint Tracking

Checkpoint tracking is the ability to log an asset when it passes through a doorway or a checkpoint. For example, IT assets with an RFID tag could be logged as they enter or leave a building. Organizations that have sensitive data on PCs or laptops can be notified if an asset passes through a checkpoint.

Organizations with employees that share IT assets, such as hospitals could benefit by using RFID tags. Checkpoint tracking can give administrators insight to their operational landscape by showing when and where IT assets are used. For example, assuming a nurse uses a tablet throughout the day, the hospital could track and measure the time each nurse spends with a patient or client during therapy, and how many rooms were visited by that nurse over a given period of time.

4.  Bulk Lifecycle Updates

For IT asset administrators, RFID provides the ability to make bulk status changes to assets. For example, a room full of old laptops with RFID tags could instantly be changed to “decommissioned” without making contact with each IT asset. Making bulk asset lifecycle changes can be useful for IT service centers, loading docks, and receiving docks.

Conclusion

RFID tracking might not be for everyone doing IT asset management; however, there are some industries that could benefit from using RFID as part of their IT asset management solution. Educational institutions, medical institutions, police agencies, and manufacturing facilities are just a few examples where RFID technology could be helpful when operating an ITAM solution.

-follow me on Twitter @marcelshaw

A special thanks to Ron Kirkland for his contribution

Technology, Technology Opinion

Five Future Technologies to Watch for IT Service Management

As technology advances at such a rapid pace, many IT solutions become outdated very quickly. If organizations want to stay competitive and up-to-date with current technology, they need to stay informed about future technologies or their current solutions become quickly outdated . With regards to IT service management (ITSM), here are five technologies to watch that impact ITSM solutions in the future:

    1. Internet of Things (IoT)
    2. Security and Compliance
    3. Security Broker Authentication
    4. Predictive Analysis
    5. Virtual Reality

 

Internet of Things (IoT)

We will see an impact to ITSM solutions from IoT in two areas, CMDB and ITAM. To support IoT, ITSM processes and tools need the ability to integrate into IoT APIs.

Network systems and applications are typically provided access with Identity and Access Management (IAM) technology; however, IAM would be overwhelmed with the relationship and access demands required by IoT. Therefore, the Identity of Things (IDoT), which is an extension of IAM applies a unique identifier (UID) to IoT devices. This allows you to control relationships and access between the IoT and other entities inside and outside of your organization.

Gartner says, “IT asset management (ITAM) and software asset management (SAM) systems have traditionally managed IT and software assets of all types. The IDoT will assume some functional characteristics of ITAM and SAM within or integrated with IAM architecture, or be linked to ITAM as attribute stores.”

Without proper tracking of IoT devices and their configurations, it is difficult to apply security policies. ITAM and a CMDB will be critical for tracking the influx of IoT devices that are expected to hit company networks over the next several years.

Security and Compliance

Security is the number one priority in most organizations; however, not all organizations have integrated their security with IT service management processes. ITIL security management defines best practices when planning, controlling, analyzing, and maintaining security policies and processes to protect sensitive data.

A solid padlock securing the data paths of a circuit board. White Background.

It is important to build processes that integrate security management into change management processes if organizations are looking to minimize risk in the future. Over the next few years, IT organizations should expect to see more integration capabilities from their ITSM solution providers, which will allow them to integrate their security tools.

Security Broker Authentication

As IT solutions move into the cloud, many organizations will implement a cloud access security broker for authentication.

2016-09-16_8-08-31

Cloud Access Security Brokers (CASBs) can be on-premises or cloud-based. CASBs enforce security policies prior to allowing access to cloud resources.

Gartner says, “By 2018, 50 percent of enterprises with more than 1,000 users will use cloud access security broker products to monitor and manage their use of SaaS and other forms of public cloud.”

IT service management need to be prepared to support those having difficulty accessing the organization’s cloud solutions using CASBs

Predictive Analysis

In order to make informed decisions, it is important to understand current network service impact and costs. This is accomplished when current data as well as historical metrics are analyzed in order to predict future behaviors or to understand unknown events.

Predictive Analysis helps IT service organizations distribute workloads based on data from multiple sources.

Many ITSM software solutions are expected to add predictive analytics capabilities to their service management solution; however, these features are not useful if the IT organization does not have the expertise required to understand the data provided by these tools. IT organizations should consider employing a data scientist if they want to take full advantage of all the data and metrics that IT service management tools will soon deliver.

Virtual Reality

Virtual Reality (VR) solutions could soon work their way into the IT business environment. Knowledge management is a challenge for many organizations. In the near future, don’t be surprised to see IT organizations flirt with VR technology as they advance their employee training services.

Double exposure of man wearing virtual reality headset

Research and Markets believes that the industry will see over 60% growth every year for the next five years, transforming it from a fringe technology enjoyed by the techy few into a major medium for gaming, entertainment, and business.

VR could one day become a component of your Knowledge Management offering if the technology is retrofitted and accessible via an ITSM self-service portal.

-follow me on Twitter @marcelshaw

Technology, Technology Opinion

Three Tips for IT Asset Management (ITAM) Discovery

Many years ago, I observed a house being built directly behind my house. Once the house was completed, I was surprised when one day workers showed up and began to take the house down. In fact, they took everything apart including the foundation. As it turned out, the foundation was not built correctly. As a result, everything built on top of that foundation was not reliable.

IT discovery is the foundation to your IT asset management (ITAM) solution. If discovery is unreliable, then all of the asset information you are trying collect will not be reliable. According to an article published by computer weekly, “almost 66% of IT managers admit to not having a completely accurate record of their IT assets”

For accurate IT asset discovery, make sure you consider the following guidelines:

  1. Understand the difference between discovery and audit
  2. Don’t Discover everything from the start
  3. Define IT asset reports needed for IT asset management (ITAM)

Understand the Difference between Discovery and Audit

Do not confuse IT asset discovery with an IT asset audit. Discovery tools should allow you to automate manual processes. Gartner defines “discovery” as follows:

IT asset management (ITAM) entails collecting inventory, financial and contractual data to manage the IT asset throughout its life cycle. ITAM depends on robust processes, with tools to automate manual processes. Capturing and integrating autodiscovery/inventory, financial and contractual data in a central repository for all IT assets enables the functions to effectively manage vendors and a software and hardware asset portfolio from requisition through retirement, thus monitoring the asset’s performance throughout its life cycle.

The key difference between discovery and an audit is that an audit is more of a one-time event, whereas, discovery will be on ongoing process. For example, if a technician spends a day with a clipboard inventorying every PC in the organization, then you will have an accurate inventory report for that day only.

If you deploy discovery tools that show when PCs connect to the network, then you will have an accurate report every time you run an inventory report. Discovery tools will also account for PCs not connected to the network by showing you the last time they connected. PCs that do not check-in for a period of time can be flagged as missing in the inventory report.

Be sure to choose tools that can ‘monitor’ critical IT hardware assets such as PCs and Servers. PCs and Servers often contain additional software assets that need to be monitored.

IMPORTANT: If you are not able to see the hardware, then you probably won’t see the software.

IT assets that are not monitored need to check-in to the asset management system on a regular basis. This can be done by setting your discovery tools to run daily or weekly. Discovery tools should then be able to report any changes from the previous inventory scan.

Don’t Discover Everything from the Start

When looking to implement IT asset management, don’t try to do everything at once. Allow time for your asset management solution to mature. If your asset management solution is too complicated, chances are it won’t be successful.

When architecting your asset management solution, be sure to have a clear vision of what you are trying to accomplish. For example, are you able to address the following questions?

  • Why do you need asset management?
  • What do you want to track?
  • How do you want to track assets?
  • What type of reports do you expect?
  • Why do you want those reports?
  • Who will manage and maintain the ITAM solution?

If you don’t clearly define your IT asset management objectives, you could end up giving your employees a lot of unnecessary “busy” work. For example, if an organization is concerned about managing software licenses, it would make sense to build your solution so that it tracks the software, as well as the hardware hosting the software. You could complicate and distort you software asset management objectives if you try to include switches, routers, and printers.

Allow your IT asset management processes to be perfected before expanding the solution to include additional assets such as switches, routers, and printers. It is more important that your solution is successful. Keeping your solution simple from the beginning will increase your chances for success.

A simple and successful IT asset management solution can be matured into a fully functional and reliable solution that follows ITAM best practices.

Trend dashboard

Define IT Asset Reports Needed for IT Asset Management (ITAM)

Reports and dashboards will give you a summary of all your IT assets. Patricia Adams, an ITAM expert says ”by having an understanding of the benefits that a complete end-to-end solution can provide, CIOs, CFO’s and chief security officers (CSO’s) will be better able to address the issues they are facing (many unknowingly) within their particular organization.

As you begin your IT asset management project, define the type of IT asset reports you expect from your solution. This will help you identify what to discover and how often it will be re-discovered.

Be sure to design Business Value Dashboards (BVD) for your solution. BVD’s will help you translate technical information into cost and risk for non-IT management inside the organization. Ultimately, BVD’s will show the value that the IT department brings to the organization by helping executives make informed decisions.

Summary

Don’t let IT asset discovery become a stumbling block to your ITAM solution. Be sure to have clear objectives and a clear vision of the reports that will be needed to support those objectives. Set your discovery tools to discover and monitor assets relevant to your objectives. Most important, don’t overwhelm your IT employees with unnecessary discovery information, especially during the early phases of the project.

-follow me on Twitter @marcelshaw

Technology, Technology Opinion

How IT Asset Management (ITAM) Can Integrate With Your CMDB

1 Comment

Tracking IT assets using ITAM best practices can be confusing for organizations looking to use a Configuration Management Database (CMDB). The confusion stems from a perception that managing a configuration item (CI) and managing an IT asset is the same or very similar. In reality, ITAM and CMDB objectives are quite different.

If you were looking to travel from New York (NY) to London, you would identify the flight to London by a flight number. For example, let’s say the flight you book is identified as flight #192. The airline’s database for flight #192 from NY to London would have a date, time, plane, crew, gate, and any relevant information needed to complete the flight service offering.

2016-07-06_15-21-32

In addition to a database that tracks flights, airlines also have a database that tracks aircraft. The database used to track aircraft logs details about aircraft performance, maintenance, and contracts. This database is used to help airlines identify the lifecycle status of each aircraft. For example, is the aircraft in service or out of service? Is it time to service the aircraft? Is it time to replace the aircraft?

Obviously, Flight #192 needs an aircraft so let’s say that a Boeing 777 identified as B777-1421 is scheduled to support flight #192; however, an issue is discovered with the aircraft. To keep flight #192 in service, imagine the airline replaces the aircraft identified as B777-1421 with a similar aircraft identified as B777-1502.

2016-07-06_15-38-10

Notice that when the aircraft is replaced, the fight number does not change. Flight #192 will continue to be flight #192. Integrating your CMDB with an IT asset management solution should be similar to how an airline integrates their flights database with their aircraft database. An IT asset should be looked at as a supporting component of a configuration item (CI)

The CI can be a single physical asset but in most situations, the CI is a combination of IT assets, such as an email server which consists of hardware and software. Imagine a CI for the email server is identified as “EMAIL-SRV.” Let’s identify the physical server supporting EMAIL-SRV as SRV01.

ITAM CMDB 12

When SRV01 approaches the end of its lifecycle, a change request would be issued to replace the server. Let’s call the replacement server “SRV02”.

ITAM CMDB 9

Upon completion of this change, the CI record would need to be changed to show that it now uses the physical server identified as SRV02; however, the name of the CI, EMAIL-SRV would keep its identity.

ITAM CMDB 5

When you link the physical server to that CI, you will be able to update the CMDB with that server’s specifications logged in the asset management database.

Why should the CMDB and ITAM be separate solutions integrated with each other?

The CMDB and ITAM have much different objectives, so building a single solution to meet both objectives would be challenging. A CI located in a CMDB is tracked because the organization wants to monitor availability, stability, and impact to the organization.

ITAM CMDB 2

CIs use ITIL best practices and processes such as “problem” and “change” for the purpose of maintaining and improving business processes supported by IT assets.

ITAM best practices focus on tracking IT asset inventory (hardware and software) as well as associated contracts, cost centers, lifecycle status, and location.

ITAM CMDB 1

ITAM solutions will assign, unassigned, or re-assigned IT assets to end-users or to CIs so that IT assets are not misplaced or lost. ITAM provides details about the IT asset contracts, warranties, refresh schedules, and cost centers. ITAM primarily focuses on IT assets from an organization’s financial perspective.

Summary

When managing IT assets, use ITAM processes to manage the IT asset inventory. Build integration into the CMDB, then link supporting IT assets to the CI instead of recreating the IT asset in the CMDB. When choosing software tools, choose tools that provide seamless integration between the CMDB database and the ITAM database.

-follow me on Twitter @marcelshaw

Technology Opinion

Eight Questions to Ask About Your ITSM Software Solution

As technology continues to advance in the work place, many organizations are looking to move from their current ticketing or IT service management (ITSM) software solution to an ITSM software solution that can support ITIL processes such as Request fulfillment, Configuration Management, Problem, and Change.

When evaluating an ITSM solution, it is important to create a list of requirements so that you can properly evaluate the ITSM software solutions available.

ITAM CMDB 15

I sat down with Matt Hooper, an ITSM Evangelist, and together we created a list of questions we think every organization should ask when evaluating an ITSM software solution.

Matt 2

Can I create sub-tasks for requests that enable multiple people to resolve a single request?

Requests come in all sizes. While many requests will be simple, like ordering a new laptop or resetting a password, some requests involve multiple people or teams. Providing traceability and communications back to the requestor requires your ITSM solution manage this as one request. However, the activities need to be child tasks that link back to the request for status updates and closure.

Can I log and record an incoming inquiry when I don’t yet know it’s a request or an incident?

When inquiries come in, there may not be enough information to yet determine if it is a request or an incident. Thus a staging area, a queue where tickets can be assessed and evaluated, is required to allow the analyst time to determine the inquiry type. This will aid significantly in keeping reporting and metrics clean.

Are incidents and requests assigned automatically based on category or symptoms?

Knowing who can resolve a request or incident can sometimes be as difficult to determine as how to resolve the issue itself. Ownership and responsibility can easily be managed when the ITSM solution can route assignments based on pre-defined rules. This allows the analyst to focus on asking the right questions to determine the category, and then the tool can do the rest. It improves efficiency by reducing the misdirected assignments, and increases the visibility of demand on teams.

Can the risk of changes be easily detected by attaching a configuration item (CI)?

As asset configurations are changed, the services they support are jeopardized by misconfiguration, conflicting changes of dependent items, or the introduction of incidents. It is then vital that changes be assessed in real-time to determine the appropriate level of communication and approvals that need to occur for a change to happen.

marcel

Does it have a customizable self-service portal?

A self-service portal that can display information relevant to the end-user can help you reduce calls into the analyst. For example, a person who works in the accounting department might use accounting software. Knowledge information containing tips and tricks or frequently asked questions regarding the accounting software could be published only to those who are part of the accounting department. Furthermore, bulletins, such as service interruptions should only be posted to those who are impacted by the service interruption. When it comes to the self-service portal, the more it can be customized for the end-user, the better.

Does it support process integration with third party solutions?

Automated processes are critical when providing IT support, especially when providing request fulfillment services through a self-service portal. For example, if an end-user makes a request for software, your ITSM process should be able to integrate with your software distribution tools. When the software request is approved, software should be set up for installation without manual intervention from an analyst. Be advised that integration is important whether or not your ITSM solution is on premise or in the cloud.

Can we make simple changes to workflow processes without paying for services?

There are some very powerful ITSM software solutions available on the market today. If it is difficult to make changes to your ITSM automated processes, you could find yourself paying for additional services. Choose tools that minimize or eliminate the need for coding. There are several ITSM solutions available that allow a change to be made to a process through a “point-and-click” in place of writing or modifying a script.

Does it support Business Value Dashboards?

To measure how IT is doing, dashboards are critical. When analyzing your data from dashboards, you will be able to determine if IT is complying with established service level agreements (SLA’s). However, what would this information mean to non-IT managers and executives? Non-IT managers and executives are concerned about cost and risk.

**Don’t tell me how many miles/kilometers my car gets to the gallon/liter, tell me how much it will cost to drive to the store.  

If your dashboards can translate technical terms and ITIL mumbo jumbo into a dollar value, then you will have the attention of non-IT management. Business Value Dashboards provide a value beyond the IT department because they are relevant to non-IT management and easy to understand.

Summary

ITSM software solutions are expensive and will typically have a longer lifecycle within an organization. It is important to choose tools that support your objectives and requirements. Whether evaluating your current ITSM solution or evaluating a new ITSM solution, it is important to ask the right questions. Be sure to meet with IT managers and non-IT managers to determine what questions are needed in addition to the questions above or you could find yourself filling in the gaps with additional services or software solutions, which will drive your IT costs up instead of down.

-Thank You Matt Hooper ( @Vigilantguy )  for your contribution

-follow me on Twitter @marcelshaw