All posts by Marcel Shaw

Marcel Shaw is a technology blogger focusing on ITSM, ITAM, and Endpoint Management at marcelshaw.com. Marcel has worked as technical consultant for more than 25 years for industry leading IT companies with a focus on United States government agencies. Marcel's experience also includes working as a legal expert witness for IT management. Marcel writes about industry technology trends and best practices. He incorporates his views and his many years of experience to provide unique technology advice for people that manage and support IT solutions. Marcel Shaw graduated from Brigham Young University in 1991. Marcel has worked in both pre-sales and post-sales roles for companies such as Softsolutions, Novell, Dell, Softricity, Gateway, Landesk, and Ivanti. Marcel’s expertise and experience include networking technologies (LAN, WAN), IP infrastructure. Internet Caching technology, Storage and Fibre technology (SAN), Security Standards and Technologies, Document Management, Directory Services (NDS, AD, LDAP), Federal Security Standards and Requirements (DIACAP, FDCC, USGCB), ITIL, Asset Management (ITAM), endpoint Management, and endpoint security. Marcel has worked extensively with United States federal agencies solving IT problems. These agencies include USDA, NIST, FDA, DEA, DHS, FBI, DHA, Whitehouse Communications, Army, Air Force, Navy, Joint Task Force, NIH, Social Security Administration, IRS, NOAA, and FAA among others. All of Marcel's posts are edited by Carrie Shaw (@carrieshaw). She is not only a very good editor, but a great wife. Thank You
Technology, Technology Opinion

Five Future Technologies to Watch for IT Service Management

As technology advances at such a rapid pace, many IT solutions become outdated very quickly. If organizations want to stay competitive and up-to-date with current technology, they need to stay informed about future technologies or their current solutions become quickly outdated . With regards to IT service management (ITSM), here are five technologies to watch that impact ITSM solutions in the future:

    1. Internet of Things (IoT)
    2. Security and Compliance
    3. Security Broker Authentication
    4. Predictive Analysis
    5. Virtual Reality

 

Internet of Things (IoT)

We will see an impact to ITSM solutions from IoT in two areas, CMDB and ITAM. To support IoT, ITSM processes and tools need the ability to integrate into IoT APIs.

Network systems and applications are typically provided access with Identity and Access Management (IAM) technology; however, IAM would be overwhelmed with the relationship and access demands required by IoT. Therefore, the Identity of Things (IDoT), which is an extension of IAM applies a unique identifier (UID) to IoT devices. This allows you to control relationships and access between the IoT and other entities inside and outside of your organization.

Gartner says, “IT asset management (ITAM) and software asset management (SAM) systems have traditionally managed IT and software assets of all types. The IDoT will assume some functional characteristics of ITAM and SAM within or integrated with IAM architecture, or be linked to ITAM as attribute stores.”

Without proper tracking of IoT devices and their configurations, it is difficult to apply security policies. ITAM and a CMDB will be critical for tracking the influx of IoT devices that are expected to hit company networks over the next several years.

Security and Compliance

Security is the number one priority in most organizations; however, not all organizations have integrated their security with IT service management processes. ITIL security management defines best practices when planning, controlling, analyzing, and maintaining security policies and processes to protect sensitive data.

A solid padlock securing the data paths of a circuit board. White Background.

It is important to build processes that integrate security management into change management processes if organizations are looking to minimize risk in the future. Over the next few years, IT organizations should expect to see more integration capabilities from their ITSM solution providers, which will allow them to integrate their security tools.

Security Broker Authentication

As IT solutions move into the cloud, many organizations will implement a cloud access security broker for authentication.

2016-09-16_8-08-31

Cloud Access Security Brokers (CASBs) can be on-premises or cloud-based. CASBs enforce security policies prior to allowing access to cloud resources.

Gartner says, “By 2018, 50 percent of enterprises with more than 1,000 users will use cloud access security broker products to monitor and manage their use of SaaS and other forms of public cloud.”

IT service management need to be prepared to support those having difficulty accessing the organization’s cloud solutions using CASBs

Predictive Analysis

In order to make informed decisions, it is important to understand current network service impact and costs. This is accomplished when current data as well as historical metrics are analyzed in order to predict future behaviors or to understand unknown events.

Predictive Analysis helps IT service organizations distribute workloads based on data from multiple sources.

Many ITSM software solutions are expected to add predictive analytics capabilities to their service management solution; however, these features are not useful if the IT organization does not have the expertise required to understand the data provided by these tools. IT organizations should consider employing a data scientist if they want to take full advantage of all the data and metrics that IT service management tools will soon deliver.

Virtual Reality

Virtual Reality (VR) solutions could soon work their way into the IT business environment. Knowledge management is a challenge for many organizations. In the near future, don’t be surprised to see IT organizations flirt with VR technology as they advance their employee training services.

Double exposure of man wearing virtual reality headset

Research and Markets believes that the industry will see over 60% growth every year for the next five years, transforming it from a fringe technology enjoyed by the techy few into a major medium for gaming, entertainment, and business.

VR could one day become a component of your Knowledge Management offering if the technology is retrofitted and accessible via an ITSM self-service portal.

-follow me on Twitter @marcelshaw

Technology, Technology Opinion

Three Tips for IT Asset Management (ITAM) Discovery

Many years ago, I observed a house being built directly behind my house. Once the house was completed, I was surprised when one day workers showed up and began to take the house down. In fact, they took everything apart including the foundation. As it turned out, the foundation was not built correctly. As a result, everything built on top of that foundation was not reliable.

IT discovery is the foundation to your IT asset management (ITAM) solution. If discovery is unreliable, then all of the asset information you are trying collect will not be reliable. According to an article published by computer weekly, “almost 66% of IT managers admit to not having a completely accurate record of their IT assets”

For accurate IT asset discovery, make sure you consider the following guidelines:

  1. Understand the difference between discovery and audit
  2. Don’t Discover everything from the start
  3. Define IT asset reports needed for IT asset management (ITAM)

Understand the Difference between Discovery and Audit

Do not confuse IT asset discovery with an IT asset audit. Discovery tools should allow you to automate manual processes. Gartner defines “discovery” as follows:

IT asset management (ITAM) entails collecting inventory, financial and contractual data to manage the IT asset throughout its life cycle. ITAM depends on robust processes, with tools to automate manual processes. Capturing and integrating autodiscovery/inventory, financial and contractual data in a central repository for all IT assets enables the functions to effectively manage vendors and a software and hardware asset portfolio from requisition through retirement, thus monitoring the asset’s performance throughout its life cycle.

The key difference between discovery and an audit is that an audit is more of a one-time event, whereas, discovery will be on ongoing process. For example, if a technician spends a day with a clipboard inventorying every PC in the organization, then you will have an accurate inventory report for that day only.

If you deploy discovery tools that show when PCs connect to the network, then you will have an accurate report every time you run an inventory report. Discovery tools will also account for PCs not connected to the network by showing you the last time they connected. PCs that do not check-in for a period of time can be flagged as missing in the inventory report.

Be sure to choose tools that can ‘monitor’ critical IT hardware assets such as PCs and Servers. PCs and Servers often contain additional software assets that need to be monitored.

IMPORTANT: If you are not able to see the hardware, then you probably won’t see the software.

IT assets that are not monitored need to check-in to the asset management system on a regular basis. This can be done by setting your discovery tools to run daily or weekly. Discovery tools should then be able to report any changes from the previous inventory scan.

Don’t Discover Everything from the Start

When looking to implement IT asset management, don’t try to do everything at once. Allow time for your asset management solution to mature. If your asset management solution is too complicated, chances are it won’t be successful.

When architecting your asset management solution, be sure to have a clear vision of what you are trying to accomplish. For example, are you able to address the following questions?

  • Why do you need asset management?
  • What do you want to track?
  • How do you want to track assets?
  • What type of reports do you expect?
  • Why do you want those reports?
  • Who will manage and maintain the ITAM solution?

If you don’t clearly define your IT asset management objectives, you could end up giving your employees a lot of unnecessary “busy” work. For example, if an organization is concerned about managing software licenses, it would make sense to build your solution so that it tracks the software, as well as the hardware hosting the software. You could complicate and distort you software asset management objectives if you try to include switches, routers, and printers.

Allow your IT asset management processes to be perfected before expanding the solution to include additional assets such as switches, routers, and printers. It is more important that your solution is successful. Keeping your solution simple from the beginning will increase your chances for success.

A simple and successful IT asset management solution can be matured into a fully functional and reliable solution that follows ITAM best practices.

Trend dashboard

Define IT Asset Reports Needed for IT Asset Management (ITAM)

Reports and dashboards will give you a summary of all your IT assets. Patricia Adams, an ITAM expert says ”by having an understanding of the benefits that a complete end-to-end solution can provide, CIOs, CFO’s and chief security officers (CSO’s) will be better able to address the issues they are facing (many unknowingly) within their particular organization.

As you begin your IT asset management project, define the type of IT asset reports you expect from your solution. This will help you identify what to discover and how often it will be re-discovered.

Be sure to design Business Value Dashboards (BVD) for your solution. BVD’s will help you translate technical information into cost and risk for non-IT management inside the organization. Ultimately, BVD’s will show the value that the IT department brings to the organization by helping executives make informed decisions.

Summary

Don’t let IT asset discovery become a stumbling block to your ITAM solution. Be sure to have clear objectives and a clear vision of the reports that will be needed to support those objectives. Set your discovery tools to discover and monitor assets relevant to your objectives. Most important, don’t overwhelm your IT employees with unnecessary discovery information, especially during the early phases of the project.

-follow me on Twitter @marcelshaw

Technology, Technology Opinion

How IT Asset Management (ITAM) Can Integrate With Your CMDB

1 Comment

Tracking IT assets using ITAM best practices can be confusing for organizations looking to use a Configuration Management Database (CMDB). The confusion stems from a perception that managing a configuration item (CI) and managing an IT asset is the same or very similar. In reality, ITAM and CMDB objectives are quite different.

If you were looking to travel from New York (NY) to London, you would identify the flight to London by a flight number. For example, let’s say the flight you book is identified as flight #192. The airline’s database for flight #192 from NY to London would have a date, time, plane, crew, gate, and any relevant information needed to complete the flight service offering.

2016-07-06_15-21-32

In addition to a database that tracks flights, airlines also have a database that tracks aircraft. The database used to track aircraft logs details about aircraft performance, maintenance, and contracts. This database is used to help airlines identify the lifecycle status of each aircraft. For example, is the aircraft in service or out of service? Is it time to service the aircraft? Is it time to replace the aircraft?

Obviously, Flight #192 needs an aircraft so let’s say that a Boeing 777 identified as B777-1421 is scheduled to support flight #192; however, an issue is discovered with the aircraft. To keep flight #192 in service, imagine the airline replaces the aircraft identified as B777-1421 with a similar aircraft identified as B777-1502.

2016-07-06_15-38-10

Notice that when the aircraft is replaced, the fight number does not change. Flight #192 will continue to be flight #192. Integrating your CMDB with an IT asset management solution should be similar to how an airline integrates their flights database with their aircraft database. An IT asset should be looked at as a supporting component of a configuration item (CI)

The CI can be a single physical asset but in most situations, the CI is a combination of IT assets, such as an email server which consists of hardware and software. Imagine a CI for the email server is identified as “EMAIL-SRV.” Let’s identify the physical server supporting EMAIL-SRV as SRV01.

ITAM CMDB 12

When SRV01 approaches the end of its lifecycle, a change request would be issued to replace the server. Let’s call the replacement server “SRV02”.

ITAM CMDB 9

Upon completion of this change, the CI record would need to be changed to show that it now uses the physical server identified as SRV02; however, the name of the CI, EMAIL-SRV would keep its identity.

ITAM CMDB 5

When you link the physical server to that CI, you will be able to update the CMDB with that server’s specifications logged in the asset management database.

Why should the CMDB and ITAM be separate solutions integrated with each other?

The CMDB and ITAM have much different objectives, so building a single solution to meet both objectives would be challenging. A CI located in a CMDB is tracked because the organization wants to monitor availability, stability, and impact to the organization.

ITAM CMDB 2

CIs use ITIL best practices and processes such as “problem” and “change” for the purpose of maintaining and improving business processes supported by IT assets.

ITAM best practices focus on tracking IT asset inventory (hardware and software) as well as associated contracts, cost centers, lifecycle status, and location.

ITAM CMDB 1

ITAM solutions will assign, unassigned, or re-assigned IT assets to end-users or to CIs so that IT assets are not misplaced or lost. ITAM provides details about the IT asset contracts, warranties, refresh schedules, and cost centers. ITAM primarily focuses on IT assets from an organization’s financial perspective.

Summary

When managing IT assets, use ITAM processes to manage the IT asset inventory. Build integration into the CMDB, then link supporting IT assets to the CI instead of recreating the IT asset in the CMDB. When choosing software tools, choose tools that provide seamless integration between the CMDB database and the ITAM database.

-follow me on Twitter @marcelshaw

Technology Opinion

Eight Questions to Ask About Your ITSM Software Solution

1 Comment

As technology continues to advance in the work place, many organizations are looking to move from their current ticketing or IT service management (ITSM) software solution to an ITSM software solution that can support ITIL processes such as Request fulfillment, Configuration Management, Problem, and Change.

When evaluating an ITSM solution, it is important to create a list of requirements so that you can properly evaluate the ITSM software solutions available.

ITAM CMDB 15

I sat down with Matt Hooper, an ITSM Evangelist, and together we created a list of questions we think every organization should ask when evaluating an ITSM software solution.

Matt 2

Can I create sub-tasks for requests that enable multiple people to resolve a single request?

Requests come in all sizes. While many requests will be simple, like ordering a new laptop or resetting a password, some requests involve multiple people or teams. Providing traceability and communications back to the requestor requires your ITSM solution manage this as one request. However, the activities need to be child tasks that link back to the request for status updates and closure.

Can I log and record an incoming inquiry when I don’t yet know it’s a request or an incident?

When inquiries come in, there may not be enough information to yet determine if it is a request or an incident. Thus a staging area, a queue where tickets can be assessed and evaluated, is required to allow the analyst time to determine the inquiry type. This will aid significantly in keeping reporting and metrics clean.

Are incidents and requests assigned automatically based on category or symptoms?

Knowing who can resolve a request or incident can sometimes be as difficult to determine as how to resolve the issue itself. Ownership and responsibility can easily be managed when the ITSM solution can route assignments based on pre-defined rules. This allows the analyst to focus on asking the right questions to determine the category, and then the tool can do the rest. It improves efficiency by reducing the misdirected assignments, and increases the visibility of demand on teams.

Can the risk of changes be easily detected by attaching a configuration item (CI)?

As asset configurations are changed, the services they support are jeopardized by misconfiguration, conflicting changes of dependent items, or the introduction of incidents. It is then vital that changes be assessed in real-time to determine the appropriate level of communication and approvals that need to occur for a change to happen.

marcel

Does it have a customizable self-service portal?

A self-service portal that can display information relevant to the end-user can help you reduce calls into the analyst. For example, a person who works in the accounting department might use accounting software. Knowledge information containing tips and tricks or frequently asked questions regarding the accounting software could be published only to those who are part of the accounting department. Furthermore, bulletins, such as service interruptions should only be posted to those who are impacted by the service interruption. When it comes to the self-service portal, the more it can be customized for the end-user, the better.

Does it support process integration with third party solutions?

Automated processes are critical when providing IT support, especially when providing request fulfillment services through a self-service portal. For example, if an end-user makes a request for software, your ITSM process should be able to integrate with your software distribution tools. When the software request is approved, software should be set up for installation without manual intervention from an analyst. Be advised that integration is important whether or not your ITSM solution is on premise or in the cloud.

Can we make simple changes to workflow processes without paying for services?

There are some very powerful ITSM software solutions available on the market today. If it is difficult to make changes to your ITSM automated processes, you could find yourself paying for additional services. Choose tools that minimize or eliminate the need for coding. There are several ITSM solutions available that allow a change to be made to a process through a “point-and-click” in place of writing or modifying a script.

Does it support Business Value Dashboards?

To measure how IT is doing, dashboards are critical. When analyzing your data from dashboards, you will be able to determine if IT is complying with established service level agreements (SLA’s). However, what would this information mean to non-IT managers and executives? Non-IT managers and executives are concerned about cost and risk.

**Don’t tell me how many miles/kilometers my car gets to the gallon/liter, tell me how much it will cost to drive to the store.  

If your dashboards can translate technical terms and ITIL mumbo jumbo into a dollar value, then you will have the attention of non-IT management. Business Value Dashboards provide a value beyond the IT department because they are relevant to non-IT management and easy to understand.

Summary

ITSM software solutions are expensive and will typically have a longer lifecycle within an organization. It is important to choose tools that support your objectives and requirements. Whether evaluating your current ITSM solution or evaluating a new ITSM solution, it is important to ask the right questions. Be sure to meet with IT managers and non-IT managers to determine what questions are needed in addition to the questions above or you could find yourself filling in the gaps with additional services or software solutions, which will drive your IT costs up instead of down.

-Thank You Matt Hooper ( @Vigilantguy )  for your contribution

-follow me on Twitter @marcelshaw

Technology, Technology Opinion

Five Tips for Improving the ITSM End-User Experience

1 Comment

I often use public transportation services. Sometimes I have a good opinion of the service provider and sometimes I do not. I develop my opinion of service offerings based on the experience I have when I use the services offerings. For example, if I travel on a train that is dirty and doesn’t smell very good, then I am likely to judge the service offerings in a poor light. As a passenger, I am expecting to arrive at my destination so I am not going to develop my opinion of the services based on whether or not I arrive. Instead, I develop my opinion on the overall experience I had while traveling to my destination. If I have a poor experience, I will probably try to find another way to get to my destination even if it takes longer and costs more money.

When providing IT services to end-users, it is important to understand that end-users expect that IT services will be delivered much like I expected my train to arrive at its destination. Therefore, end-users will judge the quality of IT services based on their experience while using IT support. For example, imagine a process is published offering a way to request a laptop through a self-service portal. If the interface is difficult to navigate, or if the automated process fails to deliver the asset in the time it was promised, then you might find your end-users searching for other ways to fulfill their asset requests.

Unhappy end-users reflects poorly on the IT department. Without the support of the end-users, your ITSM solution will not be successful.

  • Do you know what makes end-users happy or unhappy?

When designing your ITSM solution, use the following steps to identify and document what makes end-users happy or unhappy, then design your ITSM processes and interface in such a way that end-users will have a positive experience:

  1. What makes end-users unhappy?
  2. How does IT make end-users happy?
  3. Design your ITSM solution to improve the end-user experience

sad face

What makes end-users unhappy?

When the IT department doesn’t notify end-users about projects that impacts end-users

  • End-users don’t want to be surprised by changes to the interface or changes to ITSM processes without prior knowledge. To ensure end-users buy in to new IT service offerings, be sure to include them in the design processes so they can provide feedback from their perspective.

IT analysts over commit and under deliver

  • Proper expectations need to be set for the end-users. If a callback to the end-user is promised by 5:00 PM, then be sure to call them back. If analysts are over committing, they might have too much on their plate. When assigning tasks to your analysts, be sure to monitor their follow-up. If analysts are not following up in a timely manner, monitor their workloads. Poor follow-up should never be acceptable. Remove analysts that consistently demonstrate poor follow-up capabilities.

We don’t make easy answers readily available

  • Knowledge is extremely important when providing IT services. It can take a lot of time for an analyst to troubleshoot an issue. Avoid duplicating troubleshooting efforts by providing up-to-date knowledge for your analysts. As methods for resolving an issue are discovered, document and publish those methods. When possible, publish methods for resolving an issue to the end-users. If they can fix the issue by following directions from a knowledge article, they will not have to call the help desk.

End-Users don’t like to wait on the phone

  • Long hold times frustrate end-users that call for IT support. It is important that the IT department understand peak call times, then develop methods to handle large call volumes during those times. Provide additional staffing during peak times if needed or build a process that facilitates a call-back from the analyst to the end-user when call volume is high so that end-users do not have to wait on the phone for a long period of time. The longer the wait time, the unhappier the end-user.

We treat end-users like end-users, not customers

  • The customer is always right mentality used by sales operations should be the mentality of the IT service Dept. ITIL calls the end-user a customer which is how they should be treated by the IT analysts. Encourage and positively reinforce good customer service provided by analysts.

Happy Face

How does IT make end-users happy?

Keep end-users informed and involved with IT projects

  • If end-users will be impacted by an IT project, involve them in the design and testing phase of the project. End-users are happy when they are heard. Furthermore, they will be more likely to support the IT project when it goes into production.

Apply Service Level Agreements

  • Service Level Agreements (SLA’s) provide a way for IT to set expectations for the end-user. SLA’s also provide a way for IT to monitor how well it is providing support for the end-users.

Create multiple ways to ask for assistance

  • Provide multiple ways for the end-user to open an incident or make a request. Providing multiple access points for opening incidents or making requests can alleviate long wait times for telephone support; especially during peak hours.

Provide help through a knowledge base with up-to-date relevant information

  • Today’s end-user knows how to find answers to their questions using a smartphone and Google search. If IT provides answers to commonly asked questions by publishing a knowledge database to the end-users, calls into the support center will decrease. Over-all wait times will decrease while end-users will feel empowered as they are able to solve issues themselves.

End-Users want respect

  • Although IT questions and requests might seem elementary to an analyst, they are not elementary for the end-user. Analysts need to avoid talking in a condescending way to the end-user. For example, “you should know that,” or “didn’t you go to training?” are statements that should never be uttered by an IT analyst. When end-users get respect, they will probably give respect to IT and appreciate all that the IT department does for them.

Self Service Portal 5

Design your ITSM solution to improve the end-user experience

  1. Build a self-service landing page – Publish services through a self-service catalog then automate request fulfillment processes where possible. Build approvals and authorizations into the automated self-service processes.
  2. Provide Multiple Ways to Open Incidents and Make Requests – Today’s end-users access the internet in a variety of ways. Be sure to provide a way for them to open incidents and to make requests from multiple access points. For example, not only should end-users be able to make a request for an asset by calling IT services, they should be able to make the same request using their mobile device or personal computer. I have also seen organizations that have IT services provide a “one-stop-shop” where employees can physically go to an office to report an issue or to make an IT request
  3. Look for Ways to Modernize Your Interface – Much like music and furniture, an IT interface can quickly become outdated. Be sure to use software solutions that have a modern, easy-to-use interface. Today’s software solutions need to be easy-to-use across all platforms. A good ITSM interface will change very little when going from a PC browser to a mobile app or browser. Today’s end-users want consistency.
  4. Never believe your processes are perfect – ITSM in not a destination, it is a journey. Never stop measuring and improving ITSM processes. End-users have little patience for redundant tasks that do not make any sense. Keep in communication with end-users and analysts to find areas where a processes can be improved to make them easier, faster, and more reliable.
  5. New technology is your friend – Stay current with the ITSM community by subscribing to ITSM magazines or online forums. New technology that can help you improve IT support will help you reduce your IT costs. Recently, I looked at some new ITSM technology that uses a screenshot to search a knowledge database.

Summary

If your ITSM software solution is not providing you with the latest technology available, or if it cannot be integrated with the latest technology features available, it’s probably time to look for another ITSM solution. To create a positive end-user experience, build an interface that is easy to navigate, provide processes that are quick and efficient, maintain an up-to-date knowledge database, and schedule re-occurring meetings with IT services and a focus group of end-users for the purpose of re-evaluating and improving your current IT services and their processes.

-A special thanks to Kirk Noren ( @kirkNoren ) for helping write this one

-follow me on Twitter @marcelshaw

Technology Opinion

Three Ways to Avoid a Software Audit

One rainy afternoon several years ago, I waited in a parking lot for a leasing company representative to pick up my car. I leased that car three years earlier so it was time to return it. Unfortunately, I exceeded the mileage in the agreement so I had to provide the representative with a check before he would take back my car. I exceeded the mileage by 3,000 miles and the penalty was 25 cents per mile.

When software auditors come knocking on your door, they are looking to see if your organization has exceeded the number of licenses purchased. Similar to how a penalty is applied for exceeding mileage on a leased car, a penalty is applied when you exceed your license count. These penalties can be very expensive, especially for smaller organizations. To make things worse, many organizations don’t know if they have exceeded their license count and if so, by how many.

Software Vendor Partners and Software Audits

To avoid damaging relationships with customers, software vendors commonly use partners to perform their software audits.

An article posted regarding Microsoft software audits states: “Most often we are seeing Microsoft approach customers via email to conduct a self-audit, but we also see the more invasive, third-party types of audit that will send a shiver down any CIO’s spine.”

Why would Software Vendor Partners Want to Perform Software Audits?

Partners who perform software audits usually receive a percentage of the proceeds from penalties and true-up costs that are billed to an organization for any unlicensed software discovered during the audit. To avoid being targeted by software auditors, you need to understand the motivation of most software auditors—money.

How Can I Avoid a Software Audit?

Software audits are expensive for software vendors and their partners to perform. I recommend three things for any organization looking to avoid a software audit.

  1. Use ITAM software tools
  2. Build accurate software license reports
  3. Demonstrate understanding of your software license agreements

Use ITAM Software Tools

With IT Asset Management (ITAM) tools in place, you will properly discover software assets installed on your network. You will also have normalization capabilities, which will prevent inaccurate software license reporting that is a result of inaccurate data in your database.

ITAM tools that see software utilization can help recover unutilized software licenses. This can be a life-saving feature, or at a minimum, a job saving feature if you exceed your license count and are facing an upcoming software audit. Many organizations have been able to save or re-appropriate funds when renewing software licenses after removing software that is never used by employees.

ITAM SAM

When organizations manage their software using ITAM processes and software, they discourage software auditors hoping to make money from penalties and true-up costs that result from discovering unlicensed software.

In a study, Express Metrics claims: “Respondents whose organizations have implemented IT asset management (ITAM) tools report a 32% lower audit rate within the last two years than organizations with no such tools.”

 Dashboard Blog 4

Build Accurate Software License Reports

Building accurate software reports is critical if you wish to avoid a full software audit. Often times, your software vendor or their third-party contractor will request a report that shows how many licenses you own versus how many you are using. If you are able to provide reports that are accurate and easy to understand, you can avoid a visit from the software auditing team.

Build reports similar to the software auditor’s reports. If your software license report looks like the software auditor’s report, you could lessen the chances that the software auditor will follow up by performing a full onsite software audit. Software audit report templates are available online.

  • Avoid contacting your software vendor or their partners to find sample/template reports.

This might raise a red flag from the software vendor’s perspective which could result in a date with the software auditor. Be advised that some software vendor partners not only sell licenses, they also do software audits.

If the software auditor decides to run their own software tools to build reports, it will be important to have your own software audit reports to address any discrepancies. The worst thing any organization can do is sit back and accept the findings of a software auditor at face value. Mistakes that favor the software auditor will result in unnecessary costs.

Demonstrate Understanding of Your Software License Agreements

It is important to understand your software license agreements, especially if you have to answer questions raised by a software auditor. Much like sharks will target an area where there is blood in the water, software auditors target organizations with a lack of knowledge about their contracts. When software auditors sense compliance issues they might see dollar signs, so if you demonstrate poor understanding about how your software licensing is structured, prepare to spend a day with the auditor at your location.

Summary

There is no indication that software audits are slowing down, so to avoid unexpected expenses as a result of a software audit, organizations should invest in ITAM tools. In a gated Gartner report published May 28, 2014. Gartner claimed:

Tracking license entitlement has become a priority for many organizations as a means to alleviate the anxiety caused by annual software vendor audit. Gartner has seen an exponential increase in the number of contracts it has received from customers looking to purchase an SLOE tool during the past nine months. We don’t expect this trend to slow down…”

No organization is immune from a software audit, however, organizations that demonstrate a good understanding about what they have through accurate software license reports will not be targeted as often as those who demonstrate poor ITAM practices.

-follow me on Twitter @marcelshaw

Technology Opinion

Tracking Bigfoot and Missing IT Assets: A Tale of Poor Discovery Techniques

One dark cold night, three men are quietly sitting deep in the woods, somewhere in the Appalachian mountains. They listen intently to every noise, then from a distance they hear a sound that could resemble the creature they are seeking—Bigfoot. One of the men jumps up, takes a deep breath, and with all his strength lets out a sickening howl that sounds like he is part screaming and part singing. Meanwhile, at a campsite a couple of miles away, a group of young adults are sitting around a campfire. They hear what sounds like a man screaming in the distance. A young man sitting by the fire and under the influence of alcohol, jumps up, takes a deep breath, and lets out a scream in an effort to mimic the sound he just heard. Upon hearing a scream off in the distance, the three Bigfoot hunters stare at each other, eyes wide open. One of the men says, “It’s a Squatch!”

An IT administrator has finally been able to free up some time to start a very important project. He cleans up his office and calls the warehouse to have someone retrieve the server for him. “What server?” replied the man from the warehouse. “I ordered a server two months ago,” said the IT administrator. “In fact, someone came by my office and told me it had arrived,” claimed the administrator. The man from the warehouse responded, “Are you sure they were talking about the server? Anyways, we will have someone search the warehouse and give you a call back.”

  • Marcel Shaw’s Observations – The Bigfoot hunters could probably benefit from scientific equipment while IT administrators will benefit using IT asset management discovery software with B2B and lifecycle tracking capability. If you don’t track your IT assets from the time they are purchased, including a method to document when they arrive, they could go missing.

-Poor discovery techniques lead to confusing conclusions.

  • Patricia Adams’ Observations – Having a formalized process that centrally receives all IT assets would assist with tracking. By linking the asset request and purchase order to the shipping info, when the asset is received it can be matched back to the request. When it is stored on the stockroom shelves, using a barcode on the exterior box will automate the manual processes so assets are not easily misplaced after they are entered into the ITAM tool.

Bigfoot1b

The Bigfoot hunters, or Bigfoot scientists as they like to call themselves, decided to document the Bigfoot with a camera. One of the men takes an apple and climbs eight feet into a tree. He takes the apple and pierces it into one of the branches. He positions his camera to capture anything that might come for the apple. The three men leave the area for several hours and return to see that the apple has been taken from the branch. The camera’s battery did not last for more than 30 minutes, which meant they did not capture any video of the apple eater. One of the men looked at the others and said, “Don’t worry about the video, that apple is eight feet up in the tree.” They instantly became excited, looked at each other, and simultaneously said, “Squatch!” Meanwhile, a black crow sits atop a tree not far away enjoying the rest of his fresh red apple.

The IT administrator stopped by the data center in search of his server. While he was there, one of his employees approached him and said, “You know those two virtual servers I told you about a couple of months ago?” “The servers that we don’t know anything about?” said the administrator. “Yes,” replied the employee. “Nobody knows what they are used for and I am afraid to remove them in case they are part of somebody’s project. If we keep them, we will have to pay for the licenses in the upcoming renewal. What do you you me to do?” asked the employee. “Turn them off and wait for the phone to ring,” replied the administrator.

  • Marcel Shaw’s Observations – Next time, the Bigfoot hunters should probably focus on making sure that the camera is working before making any conclusions. The servers in the data center are not properly tracked using current asset management processes. Virtual technology has drastically reduced the effort it takes to spin-up a server for projects or testing purposes; however, many organizations have been surprised with unexpected costs as the result of a software audit. Those servers need a license, so organizations need to put discovery procedures in place to ensure virtual servers are tracked when they are created. Be sure to track who it was that spun-up the server and for what purpose. The good news, the IT administrator did not make any assumptions as did the Bigfoot hunters. Shutting down the servers to see if someone would notice was probably their best option. If he had concluded that the servers were no longer in use, he might have destroyed important data or set someone’s project back several months.

-Assuming is not considered discovery.

  • Patricia Adams’ Observations – Virtual server sprawl is an expensive problem in many data centers. Any VM that has been staged requires a supporting software license. If it is online and hasn’t been used within a defined time period, it should be removed. You don’t want to leave costly software licenses sitting around unused for extended periods of time.

-Inaccurate conclusions lead to inaccurate decisions.

Bigfoot1a

While returning to their truck, the Bigfoot hunters (scientists) discover a dead deer not too far from the road. They analyze the deer. One of the men points to the bones and says, “You see how clean that break is right there? That is the result of a Squatch.” He explained to the others that when the Squatch eats, it breaks the bones much like what they were observing. “They just snap the bones,” he said. Meanwhile, eight miles down the road, a young family traveling home from vacation sits in a repair shop waiting for their car to be repaired after hitting a deer several miles up the road.

The IT administrator stopped by to see the asset manager. “Have you seen that server I ordered?” he asked. The asset manager looked at his spreadsheets. “I see here when it was ordered and I have an email from the warehouse that they received it. I told them to take it to your office,” said the asset manager.

  • Marcel Shaw’s Observations – Apparently there is little to no education required to be a Bigfoot scientist; however, asset managers should be educated on ITAM best practices. Using spreadsheets and email demonstrates a poor understanding about how IT asset management should be done when tracking IT assets.

-Subject matter training minimizes mistakes

  • Patricia Adams’ Observations – Putting in place a process to track hardware and software throughout its life cycle is not complex, though it might be difficult to standardize the process which might vary based on geographies, locations, headcount, IT staff, or many other factors. If an asset manager needs training on how to create applicable policies, processes, and metrics to implement an ITAM program successfully, IAITAM offers a hardware asset management training course.

Bigfoot1c

Conclusion

When the IT administrator returned to his desk, he looked around his office to see if there was a possibility someone had put the server in his office. He got down on his hands and knees and looked under his desk and sure enough, there it was along with a few other boxes. Meanwhile, the Bigfoot hunters went on to have a weekly TV show where they could demonstrate their Bigfoot expertise. Although Bigfoot never appeared in any of their episodes, they convinced millions of people to watch their show that was really about nothing at all.

Bigfoot2

Whether or not you are tracking animals or IT assets, poor discovery techniques will lead to inaccurate results.

Technology Opinion

Three Keys to an Efficient ITSM Self-Service Portal

1 Comment

Traveling can be quite stressful, especially when visiting unfamiliar places. Many years ago, when I rented a car, I would ask for a map and directions. Even though I had a map, I always seemed to get lost in unfamiliar places. Sometimes I misunderstood the directions I was provided, and sometimes I was given poor directions.

GPS technology simplifies the process of getting you to your destination because it has the ability to pinpoint your location. With GPS technology, it is almost impossible to get lost, even in the most unfamiliar places.

When IT Service Management organizations design efficient self-service capabilities for their customers, it is much like providing GPS capabilities to someone who is looking for directions. When customers are provided the ability to solve their own IT problems, or to make a request without soliciting the help of another person, they will have a better experience. Self-service improves customer satisfaction while reducing IT service management costs.

When building self-service capabilities for incident resolution and request fulfillment capabilities, it is important to have three key building blocks for an efficient ITSM self-service portal.

  1. Knowledge
  2. Automation
  3. Asset Management

Knowledge

Empowering your customers with relevant information in a self-service portal is critical. If customers do not trust the knowledge provided, they will not use the self-service portal. An app using GPS technology not only provides directions, it provides additional relevant information about surroundings such as restaurants, gas stations, and hotels. Like a GPS, a self-service portal needs to display relevant information to the customer through the self-service portal.

Knowledge provided to customers in the self-service portal should include the ability to search for an answer to a question. Known issues should be easily obtainable along with instructions for a resolution.

Self Service Portal1

Create a ‘How-to’ section on the portal. How-to knowledge will reduce support calls. If customers are calling to ask the same question about a specific task, create a ‘How-to’ knowledge document. For example, if customers often call support to have someone assist them through the task of connecting their phone to the wireless network, create a ‘How-to’ document and post it in the ‘How-to’ section of the self-service portal. Use pictures where possible to show the customer what to do.

Consider adding a social media component to your self-service portal. Much of the information we get today comes through social media. As customers learn tips and tricks, they will post their findings for other customers to see.

Be sure to monitor the knowledge information provided to keep it fresh. If the knowledge provided by the self-service portal is not helpful to the customers, they will not trust the content. If they don’t trust the content, they will not use the knowledge database. The result will be more calls to the support analysts.

Automation

Automating redundant tasks will reduce costs and minimize errors. Analyze your incidents to find the most common issues.

Self Service Portal 4

If possible, create an automated process to resolve common issues such as a password reset. For example, when someone forgets their password, have an automated task verify the person’s identity, then allow that person to reset the password. Meanwhile, the process can log an incident as opened then resolved without intervention from an analyst.

Self Service Portal 5

When providing catalog services to your customers, automate request fulfillment through the self-service portal. For example, a request for software that requires a license might need a manager’s approval. The request process can be automated to notify the manager of the request. When approved, the software will automatically install to the customer PC.

Asset Management

Automation in conjunction with asset management will enable your self-service portal to manage and track IT assets that are requested by the customers. For example, if a customer requests a laptop, integration with an asset management database allows you to verify if the asset is currently available.

Self Service Portal 2

Connect self-service hardware requests to IT asset management procurement processes, if possible. If an asset is not available, automated processes can facilitate a purchase request with minimal intervention from the analysts.

For software, create automated processes that will facilitate the automatic delivery and installation of the software package. Use asset management to track the software license. Map the software license to the customer in addition to the location of the device. Software license tracking will insure the organization is prepared in case of a software audit.

-follow me on Twitter @marcelshaw

Technology, Technology Opinion

Help Desk vs Service Desk: What’s the difference?

2 Comments

In my first IT job, I worked as a Help Desk Analyst. I supported a software package that tracked individual documents when DOS was predominantly used as the operating system on most IBM-compatible computers. The software we used to support customers would create incidents, which meant it would create a profile with a unique incident number, a category, the analyst, the customer, and various other pieces of information we considered important. The way we provided IT support was what many called a ‘Help Desk’ or ‘ticketing’ solution.

We often hear the term Help Desk or Service Desk when talking about IT Service Management (ITSM) solutions. Help Desk solutions usually refer to incident management, whereas Service Desk solutions extend beyond incident by adopting additional ITIL disciplines.

When defining an IT Service Desk, Gartner says that: “IT Service Desk (ITSD) products range from simple call tracking/trouble ticketing (aka “help desk” products) to broad suite solutions encompassing call management, incident management, problem management, IT change management, configuration/inventory repositories, request fulfillment and self-service portals.”

Let’s discuss the difference between a Help Desk and a Service Desk in more detail.

Help Desk 

Help Desk solutions, which do incident management without formalized processes for other ITIL disciplines, tend to focus on getting the customer back up and running as soon as possible. 

Help desk

Help Desk solutions provide a reactive method for IT support. Ownership of an incident from start to finish is typically the responsibility of the front–line-support analyst. Depending on what is considered to be most urgent, escalation analysts often perform all the tasks of a problem manager, change manager, and release manager.

Service Desk

Service Desk solutions provide a way to accomplish problem, change, configuration, knowledge, and release management, in addition to incident management. Today, most Service Desk solutions are able to be designed according to ITIL V3 best practices. When organizations move from simple ticketing systems (i.e. Help Desk) to an IT Service Desk solution, they usually require a change in software tools so they can meet their objectives.

ITSM Model

Service Desk solutions focus on preventing problems by measuring performance, sharing knowledge, managing configurations, and formalizing problem, change, and release management processes.

With a Service Desk, IT service management organizations will separate incident and request processes, creating an environment where IT can provide a value to the organization through request fulfillment and catalog services.

Service Desk software tools can also help improve efficiency by providing self-service portal capabilities. Services offered include requests such as software, hardware, and network access to corporate resources.

Help desk 2

With a Service Desk solution, IT service management organizations structure their employees into groups and roles such as change managers, problem managers, and release managers according to ITIL best practices. Furthermore, analysts are aligned with the appropriate IT experts when doing problem and change management.

Service Desk solutions share information with analysts, and their customers, through automation and a managed knowledge database.

Service Desk software solutions can be integrated with internal or external corporate resources.

Through integration and automation, a Service Desk solution will increase efficiency and add value to the organization by providing automated request fulfillment services.

Summary

Organizations not providing Service Desk capabilities should examine their ITSM software and their IT service management organizational structure so that appropriate changes can be made when moving from a Help Desk to a Service Desk.

BrightTalk ITIL BP

On February 16, 2016, I gave a presentation for BrightTalk discussing best practices for adopting ITIL into your ITSM solution. Adopting ITIL best practices, along with choosing the right software tools, will transform your IT service management organization from a Help Desk solution to a Service Desk solution.

-follow me on Twitter @marcelshaw

Technology Opinion

Three Reasons Government Needs ITAM

Several times a year, I take Constitution Avenue in Washington, D.C. on my way to visit government agencies. It is a beautiful city with many beautiful buildings and museums. Prior to my first visit, I imagined government buildings in Washington, D.C. were bland and boring, much like my old high school. To my surprise, I found each government building mesmerizing with beautiful architecture that is designed by some of the greatest architects in the world.

I also experienced the enormity of the U.S. federal government as I visited various agencies. I learned that the U.S. federal government is the largest IT consumer in the world, employing over 4.3 million people. However, unlike commercial enterprises, government agencies have a unique challenge with regard to how IT assets are purchased and managed.

Government Acquisition Requirements

Government agencies around the world typically have acquisition requirements that must be followed when making an IT purchase. In the United States, it is called the Federal Acquisition Regulation (FAR) which has an underlying objective of conducting business with integrity, fairness, and openness. These requirements help government agencies avoid corruption that can possibly occur when commercial companies lobby politicians.

Government agencies usually have a budget for IT expenditures; however, unlike commercial companies, if government agencies do not spend the entire budget during the government’s fiscal year (Oct. 1 – Sept. 30), they are at risk of their budget being reduced. For this reason, government agencies are at risk of purchasing IT assets that have redundant features, or assets that might not be necessary because they have an objective to spend their budget. This is unlike commercial enterprises who typically scrutinize every purchase with the objective of spending less.

For a government agency, IT Asset Management (ITAM) practices and processes can help control and manage IT asset costs. For agencies looking to meet budget, instead of saving money, ITAM is a good way to re-allocate funds to other projects that can help the agency be more productive and efficient.

Below are three areas where ITAM will help government agencies:

  1. Control Spending

Many years ago, I hosted a party and provided food and drinks for everyone attending. I was expecting quite a few people; however, I failed to ask the invitees to confirm whether or not they would attend. As a result, I was not sure how much food to purchase. To be safe, I bought a ton of food and drinks so that I would not run out of anything. I had leftovers for two weeks and still had to throw a lot of food in the garbage.

ITAM lets you see what IT assets you have which allows you to make accurate decisions about what assets are needed. It’s simple, if you are not using ITAM, it is like trying to provide food for a party of friends without knowing how many will attend. I have found that government organizations that lose track of IT assets usually purchase too many software licenses and they tend to purchase technologies with features that overlap each other.

In a report posted in 2015 by the International Association of Information Technology Asset Managers, Inc. (IAITAM) titled “Understanding the Federal Government’s ‘IT Insecurity’ Crisis,” they noted that in an audit of eight locations maintained by the U.S. Department of Energy (DOE), the Inspector General (IG) found that in 2012 DOE spent nearly $2 million more than necessary on IT equipment acquisitions. Another audit in September 2014 by IG found that over a three-year period, DOE paid approximately $600,000 more than necessary on software licenses.

2.  Eliminate IT Assets that are Underutilized

When purchasing IT assets for a large government organization, it is important to understand the requirements so that products purchased can be mapped to the specified requirements. Unless an agency is using ITAM, they will quickly lose track of recent IT acquisitions along with the requirements that had been used to justify the purchase.

For software assets, when features overlap, the result will be that applications or features within applications will not be utilized. Even when applications are not used, they are costing the organization money with ongoing maintenance and support costs. With ITAM, not only will organizations be able to see all the assets, they will be able to see if assets are utilized. On the website of the U.S. National Institute of Standards and Technology (NIST), they claim:

3.  Security

It is hard to imagine a good IT security system without proper ITAM practices. For example, think of how a physical security system is installed in order to protect a building. Before it can be installed, a security specialist evaluates the building by taking an inventory of all doors and windows, along with any other security risks. It would not be realistic to install a security system on most windows and doors. Security would need to be installed on ALL windows and doors.

It is no different when trying to secure IT assets. An inventory needs to be kept of all hardware and software assets before any security measures can be effective. If you don’t know what hardware assets you have, then you won’t know if something is lost or stolen. If you don’t know what software assets you have, then you can’t be sure that all software is patched and up-to-date.

The IAITAM published a report that states, “Spending greater and greater sums without proper ITAM controls in place is a prescription for more breaches, risks posed by unauthorized devices, increases in lost and stolen hard drives, and major vulnerabilities created by outdated and/or ‘unpatched’ software.”

Summary 

IT asset management can help identify risks in your IT environment and cutcosts by up to 50 percent. So why don’t more government organizations invest in asset management? For many, the reason could be they don’t know where to start and they don’t know how to sell the value of asset management to the rest of their organization.

Government agencies need to understand the importance of ITAM practices. They need to understand that it is not only required to keep costs down, it is also needed to ensure that every device is accounted for and secure.

-follow me on Twitter @marcelshaw