All posts by Marcel Shaw

Marcel Shaw is a technology blogger focusing on ITSM, ITAM, and Endpoint Management at Marcel has worked as technical consultant for more than 25 years for industry leading IT companies with a focus on United States government agencies. Marcel's experience also includes working as a legal expert witness for IT management. Marcel writes about industry technology trends and best practices. He incorporates his views and his many years of experience to provide unique technology advice for people that manage and support IT solutions. Marcel Shaw graduated from Brigham Young University in 1991. Marcel has worked in both pre-sales and post-sales roles for companies such as Softsolutions, Novell, Dell, Softricity, Gateway, Landesk, and Ivanti. Marcel’s expertise and experience include networking technologies (LAN, WAN), IP infrastructure. Internet Caching technology, Storage and Fibre technology (SAN), Security Standards and Technologies, Document Management, Directory Services (NDS, AD, LDAP), Federal Security Standards and Requirements (DIACAP, FDCC, USGCB), ITIL, Asset Management (ITAM), endpoint Management, and endpoint security. Marcel has worked extensively with United States federal agencies solving IT problems. These agencies include USDA, NIST, FDA, DEA, DHS, FBI, DHA, Whitehouse Communications, Army, Air Force, Navy, Joint Task Force, NIH, Social Security Administration, IRS, NOAA, and FAA among others. All of Marcel's posts are edited by Carrie Shaw (@carrieshaw). She is not only a very good editor, but a great wife. Thank You

Moving to a New IT Service Management (ITSM) Solution: Lessons Learned

Migrating your current ITSM solution from an older version to a newer version can be an enormous challenge. As requirements and technology change, many organizations find themselves looking to update to a different software solution so they can meet their ITSM objectives. However, the challenge of changing your ITSM solution can be daunting and if not implemented correctly, it could be a career-ending project for decision makers.

Bill Addenbrooke, an ITSM consultant,  recently worked as a services consultant for an ITSM solution provider. Bill has worked on several projects where an ITSM software solution was migrated to a completely different ITSM software solution. I recently sat down with Bill and asked him some questions about lessons learned and suggestions for successful migration.

What would you say is going to be an organization’s biggest challenge when they do an ITSM migration to a completely new solution?

“Making sure everyone buys into the new solution. It is important to get Help Desk feedback from all analysts who will use it. Your Service Desk is typically the tool used by all support groups.  Get their feedback on what would really make them happy or make their lives easier in terms of interface design and how to automatic assignments at different points. Remember, they are champions of the customers they support. They can offer great insight as to what would make their customers’ lives easier.”

For Incident Management (or helpdesk ticketing), what information is most important to export or replicate from the ITSM solution getting replaced?

“Incident Categories – These are critical from a reporting standpoint. If you need to know what’s happening/trending within your environment at any given time, this is often what people use.  It also helps to get customers one kick up on that ITIL maturity scale to being proactive about problem management.”

Does the migration consultant require the associated processes, if available, to be exported along with the Incident Categories?

“I am a huge proponent of standardizing service delivery by means of a process, and most Service Management platforms stress the same thing if they’re ITIL based. Standard Incidents and Requests are often assumed to have a good process behind them until the actual time comes to migrate them to a new system. Then once a consultant starts going through this with a customer, there’s a lot of holes found. Typically, processes are rebuilt in the new ITSM solution, not imported.”

What is critical information that you need to migrate or, if not already available, configure in the new ITSM solution to get meaningful reports?

“User Data from AD, or eDirectory, or from an excel spreadsheet, or whatever your system of record is for your users.  This is paramount to getting good reporting out of whatever system you go with. Going forward in the new system, you have to understand that if the user data isn’t good because it isn’t CONSISTENTLY getting filled out by the analyst, you’re going to struggle to get good meaningful reports about what’s happening in your Service Management environment. You will never be able to accurately get a count on how many tickets per department, or how many people are actually affected by an outage etc. Plus it just makes your Help Desk staff lives easier if they can quickly get consistent accurate data.”

Do you have any suggestions as far as “DO’s” and “DON’TS?”

“Rome wasn’t built in a day. If you’re handling Incident Management right now, don’t attempt to go to a new system and do Problem, Change, and Request Management if you’re not currently doing them. Rollout your ITSM solution to your users by using a phased approach instead of doing it all at one time.  Trying to bite off too much at once is by far the most common mistake  I see with a new implementation.

Also, don’t take away what customers are used to. For example, very often customers allow End Users to submit an email as a ticket. This usually makes analyst’s lives horrible because they’ve got to triage each one of those requests, and often it requires more information than the end user initially gave. It’s a huge time sink and is frequently something organizations want to change going forward. Even though we offered self-service tools to aid in that very scenario, which will over time replace the need for email request, taking away the option to email a ticket as you implement a new system does not bode well for the way a new system will be received.”

Finally, what can a customer do to reduce the cost of migration services?

“I have a spreadsheet I typically like to give out.”


Bill says, “Give the consultant as much as you can about incidents, process flow, service catalog, request management, and problem management. The costs can skyrocket when the consultant has to look for information that could have been shared prior to the onsite visit.”


After meeting with Bill, it was clear that when migrating to a different ITSM solution, it is critical to:

  • Involve your analysts as you plan and design the solution.
  • Take advantage of the opportunity to change the things they find to be hurdles, problems, or just simply annoying from the current ITSM solution.
  • Identify what is working and any improvements needed to existing processes.
  • Get your analysts’ advice when designing the user interfaces because they are the ones who will be using it every day.
  • To minimize costs, get as much information about your ITSM solution up front, then send it to your migration consultant before he/she comes on-site.

Follow me on Twitter @marcelshaw


A government agency in Washington, D.C. was informed of a hard drive recall because a certain type of hard drive in their new PCs’ could overheat and potentially start a fire. The PC vendor had three hard drive suppliers and only one of them reported hard drive issues. As a result, the government agency had to open 3,000 PCs to replace 1,000 hard drives.

If you figure it took 10 minutes every time a PC was opened to verify the type of hard drive being used, then 20,000 minutes (333 hours) was wasted opening PCs that did not actually have a hard drive issue. With asset management tools in place, the agency could have created a report that displayed the names of all the PCs with the defected hard drive.


After replacing all hard drives, asset discovery tools would also have discovered the new hard drives as soon as they connected to the network. Remember, just because an asset was added to the management database does not mean it is being tracked. An ongoing asset inventory process is needed to track an asset.

Asset discovery should not be a one-time event. It should be a continuing process that runs on your network. Asset discovery tools provide details about your IT assets by taking inventory of all the asset components on a regular basis, then reports the information back to a central database. Without tracking, assets are easily misplaced or lost.

In one study, laptops were reported to have a 5-10 percent chance of going missing during their lifecycle. Theft accounted for 25-40 percent of those missing laptops. The rest were simply missing. Ongoing inventory processes with most asset management systems will flag assets that stop communicating on the network.

IT Asset Management starts with choosing the right asset discovery tools. To make sure you have a tool that can discover and track the asset for its entire lifecycle in your organization, use the following checklist to define your IT Asset Discovery tool requirements.

The IT Asset Discovery Tool Checklist


Discovers Hardware Details

Choose discovery tools that give you detailed information about your devices. Information, such as part numbers and serial numbers for all the components that make up an IT asset, is not too much to ask. This type of information will come in very handy in the event of a hardware recall.

Discovers Software Details

Choose a discovery tool that can tell you about the Firmware, Drivers, Operating System, and the Software installed on all your PCs and laptops. At face value, you may not think that having this information is important for your security requirements. In actuality, having the ability to verify versions of your software is directly related to your security baselines.

Many older versions of software do not meet current security requirements. Security tools that keep software applications updated often do not account for additional installations of older versions of that same software on the same machine.

Also, do not forget about those software audits, which can cost your organization lots of money. It is important your discovery tools have the ability to give you an accurate inventory of all installed software. You need to know the version installed and the name of the PC or laptop where it is installed. I will discuss software audits in much more detail in an upcoming blog.

Checks-in Often

The asset information in your database is a snapshot in time. The accuracy of your asset information deteriorates over time. For example, imagine it has been a week since your PCs and laptops have checked into the asset management database. If you run a report today to see how many installations you have of a software application, your report will be a week old based on when the asset data was last updated.

Asset Management tools need to “monitor” the assets and report back on a regular basis. It is important to have a report that tells you how long it has been since an asset has checked in. Assets that have not checked in for several days should be flagged and investigated. The asset data should be in question and investigated until the asset is recovered.

Tracks Assets over the Internet

Many organizations allow their users to take their laptops with them for business travel or to work at home. When asked, many IT administrators feel confident about the accuracy of their IT asset information, including the security posture of those assets with one caveat, the remote users. It is important to have asset discovery tools that continue to monitor assets even when off the internal network.

Choose tools that can use the internet to connect to those assets to get any updates or changes. Many IT asset monitoring agents can be configured to “call home” using the internet. Make sure the discovery tools you choose meets this requirement. Simply waiting for the end-user to VPN on to the network so that you can get any asset updates is inefficient and unreliable. Tools that connect and update the asset management database each time the user connects to the internet should be the requirement.

Tracks Asset Changes

Choose asset management tools that can detect changes to your hardware or software. To minimize network traffic, only changes should be sent over the network to the asset management database.

Avoid tools that send ALL of the asset’s information each time the asset checks in to the asset management database. This can cause additional network traffic.

Tracks Location

Choose asset discovery tools that have the capability to provide the location of the asset. Determining the location of the asset can be done by looking at the IP address and mapping the address to the actual location. You could also track the asset location by the associated end user.

No matter how you locate the asset, choose an asset discovery tool that can provide a way for you to locate the asset you are managing. If the asset is off the network, then you should at least know who has it and that the asset is “remote.”

Eliminates End User Disruption

Choose a tool that prevents the end user from interrupting the ongoing processes and communication with the asset management database. The best way to prevent users from interrupting the asset management procedures is to make the solution transparent. If the local agent software is interrupted or removed, the asset tool should have the ability to detect and repair the local agent so that it can continue to report on the state of the asset.


The foundation of IT Asset Management is collecting all the asset information. Choose discovery tools that detect both hardware and software. Utilize discovery tools that keep the asset management database up-to-date by monitoring the assets for any changes to hardware and software. Above all, you need to be sure that your pcie is adequately providing connections from your computer processors and supplying memory to other components and peripherals. Make sure the tools you choose work on the internal network and over the internet. To ensure accuracy, implement measures to prevent users from interrupting the asset discovery tools. Remember, not only is it important to know the asset exists, it is also important to know where it is located.

Follow me on Twitter @marcelshaw

The WORST App Ever that’s Not Been Created, -Another Reason to Be Thankful

As we approach the Thanksgiving holiday in the U.S., many people use this time to reflect on all the reasons they should give thanks. People often tell their family and friends they are thankful to have them in their lives.

If you have secrets or have ever told a lie, exaggerated on your resume, cheated on a test, or cheated on a partner, you have one more reason to be thankful this year.  Rapid advances in technology assure us that soon we will see the most terrifying, life changing, heart-breaking app that will ever be created and released; the mobile lie detector app.


We may not see the app in the next year or for the next 10 years, but we all know it is coming. If you go to your App store today, you will see there are apps available claiming to have the technology for detecting a lie.

Lie detector apps available today are really for fun and do not possess the technology needed for credible lie detection. However, with the rapid advancements made every year in health, science and technology, we can probably expect a credible lie detector app to be released in our lifetime. For now, be grateful by taking a moment to consider what life could be like if such an app existed today.


Have you every cheated on your partner?

Imagine a wife suspects that her husband is up to something inappropriate. When he arrives home one evening, she confronts him. He denies everything. He swears on the bible, his family, and everything he loves that he is truthful. She pulls out a mobility wearable that looks like a wristband and asks him to put it on so he can answer some questions.

Refusing her is futile because this is when she will use an ancient old phrase we are all familiar with, “if you haven’t got anything to hide then…..,”. Now you are cornered. There is no respectable response that doesn’t make you look guilty when this ancient phrase is used. You’re stuck!

The test begins:

Sample Questions to husband

  1. Do you have a phone number I am not aware of?
  2. Do you have an email account I am not aware of?
  3. Do you ever text or email other women socially?
  4. Do you ever look at other women because you think they look better than me?
  5. Have you ever kissed another woman besides me and your mother since we have been together?

I think I make my point. If we don’t have any secrets, then we don’t have anything to worry about. But the statistics tell us that a good majority of men and women are in trouble when the lie detector app is one day released.

Have you ever cheated on a test?

Imagine after every major exam, students are asked to take a required survey which turns out to be a lie detector test. Some people might argue the lie detector test invades privacy, others will say if you don’t cheat, you have no worries.

Some people may claim that taking the lie detector test after an academic test is no different than putting a camera in a store to catch shoplifters. One day, cheating on a test might be a thing of the past.

Is your resume accurate?

“In a 2001 survey of more than 7,000 applicants for executive positions, it was found that 23 percent misrepresented personal information. Of those who misrepresented information, 71 percent lied about length of service, 64 percent lied about accomplishments, 60 percent exaggerated managerial experience, 52 percent identified mere attendance at college as a degree, 48 percent overstated job responsibilities, and 41 percent omitted negative employment experiences”


Imagine your phone rings and the company that interviewed you last week wants you to come back for a second interview.

Imagine you arrive to your interview, an HR person asks you to put on the wrist band for some additional questions and says to you,

“don’t worry, this is just a formality. You understand right? Occasionally, people exaggerate on their resumes so we like to perform this test with ALL applicants. You can refuse if you like.”

Really? Let’s be “honest,” will we really have a choice? Would it be possible to refuse and not look guilty?


The lie detector app will demand honesty in all things. Based on the statistics, relationships will be destroyed, teenagers will be punished, and people will be looking for new work in a field that actually lines up with their qualifications. This Thanksgiving holiday, as you give thanks for all that you have, remember to be thankful that all your secrets are safe for a little while longer.

Follow me on twitter @marcelshaw

IT Asset Management, a Three Tiered Approach (Part 4 of 4)

IT Asset Lifecycle Management Process Automation

IT Asset Lifecycle Management is Tier Three of IT Asset  Management.


Tier three is about managing IT Lifecycle Processes. This includes automating your processes to eliminate human error which can occur while doing manual input. It is important to choose automation tools that meet your asset management requirements and that allow you to apply ITAM principles.

Asset Lifecycle Process

The lifecycle of an asset is usually determined by the type of asset being managed. For example, the lifecycle of a laptop would be much different than the lifecycle of a software asset. To create an asset lifecycle process, you need to understand how you purchase, receive, procure, and dispose of an asset. A laptop lifecycle process may look something like this:


State Map

Each part of an asset’s lifecycle is a “State.” To determine the States of the lifecycle process, create a diagram such as the one above. Use your diagram to determine each State that will be used in the asset lifecycle process. For example, based on the diagram above, the different States assigned to laptops may look something like this:


The State of the asset tells you where the asset is in the lifecycle. The lifecycle process should NOT allow you to bypass States. In the diagram below, A can be changed to B, B can be changed to C, and C can be changed to D, E, or F.


In this example, A should not be allowed to jump to C, D, E, or F and B should not be allowed to jump to D, E or F. The method you use to change the State field should be enforced through an automated process.

If you rely on manual input to change the State of the asset, there is a greater possibility of human error and as a result, you will very likely lose track of some of your assets. Choose asset management tools that allow you to enforce your lifecycle processes by using process automation.

Process Automation for IT Asset Lifecycle Management enforces lifecycle processes by automatically enforcing the pre-determined lifecycle path.

For example, when a laptop arrives at the loading dock, a barcode scanner may be used to account for every box unloaded. If the asset is tracked from the time it was purchased, based on the laptop lifecycle process above, the moment the asset is scanned by the barcode scanner, an automated process should change the State from “Ordered” to “Received.”

When you evaluate tools for asset lifecycle process automation, it is helpful to understand the two types of process automation tools available: In-App Processes and Out-of-App Processes.

In-App Processes

In-App processes are processes that run within a software tool. The processes are designed as part of a software application or a software suite. They are usually built to support the features offered by the software.


A good example of In-App processes can be found in many ITSM tools. For example, an incident opened by the help desk will have a process associated with it to define how the incident is assigned, escalated, and closed.

However, if you attempt to do IT Asset Lifecycle Management using In-App processes from your ITSM tool, it might be a challenge since the processes were built to support the ITSM software solution.

Out-of-App Processes

Out-of-App processes are independent of a software tool. The goal for this type of process tool is automation. Out-of-App process tools are much more flexible which means you could build help desk processes with this type of process automation tool; however, it would require a lot more. For example, additional tools would be required to build forms, to build and manage a database, and to build reports.

The advantage of an Out-of-App process automation tool is the ability to build automation using multiple databases and software tools within your organization.

For example, your organization may build a form on the internal web site to order new printer toner. When the toner is ordered, a process may take the data and automatically update the purchasing department’s database, create a purchase order, and send it to the printer vendor without any intervention.

Hybrid-App Process Automation For IT asset lifecycle management, the best solution for process automation would be to have a hybrid of In-App process automation tools and Out-of-App process automation tools. Having both types of process automation tools would allow you to fully automate all your IT asset requests.



Many organizations use an ITSM tool for IT Asset Request Management. You could automate IT asset request processes from your ITSM tool using your IT asset management lifecycle processes.

If your asset lifecycle processes are Out-of-App processes, they will not only update the asset management database, they will also update the finance database, contracts database, and create the purchase order.

An Out-of-App process can also take a software request made from your ITSM solution and pass it to your software distribution tools, update the Asset Management database, and then notify the ITSM tool that the application has been delivered and installed. I will address asset management and help desk integration in greater detail later this year.


IT Asset Lifecycle Management is tracking an IT asset from when it is requested to when it is disposed. Lifecycle processes will track the State of the asset that is managed by the organization. Asset Lifecycle process automation enforces lifecycle processes by eliminating human error.

Process Automation can integrate and automate your IT Asset Management tools with other tools on your network. Using a three-tiered approach to implement asset management will help you collect, organize, and manage your assets when applying ITAM principles.

Follow me on Twitter @marcelshaw

See Also:

IT Asset Management, a Three Tiered Approach (Part 1 of 4)

IT Asset Management, a Three Tiered Approach (Part 2 of 4)

IT Asset Management, a Three Tiered Approach (Part 3 of 4)

IT Asset Management, a Three Tiered Approach (Part 3 of 4) -Three Keys to IT Asset Management Intelligence

Three Keys to IT Asset Management Intelligence


IT Asset Intelligence is Tier Two of IT Asset Management. It is accomplished by associating assets with relevant information contained within the asset database and with relevant information contained in external databases, both inside and outside the organization. Three key features are needed to build IT Asset Intelligence: IT Asset Normalization, IT Asset Mapping, and IT Asset Linking.

IT Asset Normalization

Your Asset Management solution contains asset information provided by manual input, scanning tools and software, and from remote sources such as spreadsheets. To report accurate information, your solution needs to be able to correct the database tables of inconsistencies. Inconsistencies can be caused from errors made during manual input or from inconsistent naming conventions used by the hardware and software vendors.

For example, a software vendor like Adobe may use the name “Adobe”, “Adobe Inc.”, or “Adobe Systems.” The company’s name may vary from one version to another, creating an inconsistency. Be sure to account for these inconsistencies for accurate reports.

To ensure accuracy in the database, develop a process that will detect inconsistencies as well as correct them prior to reporting.


Choose an asset management solution that can provide you with normalization capability otherwise, your expert SQL administrators will have to fix the problems for you, which can be a costly alternative.

IT Asset Mapping

Asset Mapping is critical for Asset Lifecycle Management, which just so happens to be Tier Three of IT Asset Management. Asset management tools need to be able to map asset information from one table to another. For example, you may have a table that lists the IP address assigned to each laptop.


Because you know that IP addresses are determined by the building location, you may want to create a custom table with your building names. Dynamically map the IP addresses of the laptops to the building name associated with the IP address.


This will then allow you to view laptops located in a given building without having to know the IP address assignment schemes for the buildings.


Mapping can also be used to generalize asset information where detailed information is not required.

For example, an organization may want to see how many software application licenses they own from a specific vendor instead of viewing the name of every software package.

Remember, mapping to custom fields is critical since not everything can be scanned and asset management vendors cannot anticipate everything you may want in your asset management solution. For example, there may be executives in your organization that have a flat screen TV in their office. The TVs are not scanned by network scanning tools and most asset management systems do not have a field for TVs.

To manage the TVs in your asset management solution, you need to be able to add a custom field, name the field accordingly, and then map it to the executive or to the executive’s department (another custom field) in the asset management solution.

Mapping allows you to see your IT assets, and anything that relates to the IT asset.

An even greater benefit of mapping is the ability to map assets back to the user who is accountable for that asset. A goal your organization should have is to be able to see the user and all the assets they use.


If you are unable to see what IT assets a user has, then you are at greater risk of losing track of the asset when the user moves within the organization or when the user leaves the organization.

IT Asset Linking

The properties of an asset can include information that might be stored in an external database within your organization or even outside your organization. For example, the contract information used to purchase software licenses might be stored in a database used by the legal department.

In this scenario, it would not make sense to duplicate the contract inside of the asset management database. Duplicating the contract would raise concerns for a document management system, often used by legal departments. Much like IT assets, legal documents and versions have to be tightly managed. Therefore, a link should be provided within the asset management database that points to the associated contract. That link could be a document number, document name, or some other identifier that a system uses to identify individual documents.

Asset linking can also be used to connect to your End-User License Agreements (EULA). For example, your asset management systems should be able to communicate with Microsoft over the internet to obtain the total amount of software entitlement licenses your organization owns for a given software package. In turn, it should then be able to compare the amount of licenses owned to what is installed within the organization.

The results of these findings would then be available in a report created by the asset management system. Hopefully, if your asset management database allows for custom fields, you will be able to create a field for “cost.” Then you can map that cost to a license enabling you to get true-up costs or over-licensing expenses.


If your asset database is accurate, and your asset mapping and asset linking designs are developed in advance, you will have an intelligent view of all your IT assets, asset users, asset licensees, asset purchasing information, and the asset costs throughout their lifecycle.

Most important, when Tier Two of asset management is designed properly, Asset Lifecycle Management at Tier Three will be much easier to implement and follow.

Follow me on Twitter @marcelshaw

See Also:

IT Asset Management, a Three Tiered Approach (Part 1 of 4)

IT Asset Management, a Three Tiered Approach (Part 2 of 4)

IT Asset Management, a Three Tiered Approach (Part 4 of 4)

Questions to consider regarding Shadow IT



IT Asset Management, a three tiered approach (Part 2 of 4)

4 Steps to IT Asset Discovery, tier 1 of IT Asset Management

Collecting IT Asset information is the first tier of an IT Asset Management strategy. This is where you build your database with IT assets that will be tracked. It is important to have a strategy for collecting, storing, and monitoring IT Assets. To begin your IT asset management project, start with these 4 steps to successfully collect your IT asset information.

First, you must define IT assets that need to be collected. Second, you need to identify IT assets that need to be monitored. Third, choose scanning tools that meet the requirements defined in step 1 and 2. Fourth, choose an IT Asset Database that allows you to add and map custom fields

1. Define IT Assets that Need to be Collected

Define IT Assets that will be managed and added to the IT asset management database. Start by identifying assets controlled by the end-user. PCs, laptops, mobile devices, and associated software applications are often lost or misplaced overtime when not accounted for in an IT asset management solution. Next, consider tracking printers, network devices such as routers, switches, servers, and storage with their associated applications.

  1. Identify IT Assets that need to be monitored

The level IT of tracking applied to an IT Asset will vary. A good way to differentiate the level of tacking is to have “monitored” devices and “un-monitored” devices.

Monitored devices will generally be the devices controlled by the end user like a laptop or PC. These assets are usually at most risk for security attacks. Monitored devices generally need a service or client that runs on the device. The monitored device needs to be able to report changes quickly since it has to react to change. Servers and their associated applications should also be considered for monitoring.

Unmonitored devices would be devices that are generally controlled by IT such as network printers, routers, and switches. These devices are usually changed pro-actively. Network devices under the control of the IT Management system should still follow ITIL principles relating to Configuration Change Management. Remember, “Un-monitored” refers to the level of tracking, not to be confused with monitoring/managing software that may be used to configure and alert on the health of the IT Asset.

Mobile Devices will usually fall somewhere between “monitored” and “un-monitored” but whatever is decided, they need to be tracked. At a minimum, IT needs to know what mobile devices are connecting to and accessing the organization’s data.

Integration between your ITSM solution and your asset management solution should be part of your strategy. If an IT asset is serviced, the incident management tool should be able to view details about the asset from the asset management system. For example warranty, contract information, and installed software may be helpful to an analyst working the incident.

  1. Choose the right Asset Discovery Tools

Agent-based Asset Discovery tools have the ability to discover everything that is connecting to your network. They also have the ability to collect detailed hardware information including manufacturer and part numbers from various components of an asset.

For example, in addition to being aware of a laptop, information about the memory, hard drive, and monitor can be available to you if and when you need it. Furthermore, asset tools can provide you with the Operating System (OS) information running on the laptop and any software application installed.

Choose a tool that can do network discovery by accessing network directories such as Active Directory, that can do ping sweeps and even listen to network management protocols such as SNMP. You want to know an asset exists and the type of asset discovered, If you would like to learn more about Simple Network Management Protocol aka snmp, you can visit ThousandEyes or a similar company.

The tool you choose should also allow you to manually input IT assets into the management system, often using forms. For example, a smaller company may want to track the lifecycle of assets but are not concerned with detailed information beyond the fact that it exists. A form can be created for end-users or an admin to enter the required information into the database.


Be sure to choose a tool that can import the IT Asset data from an external data source. Make sure the software can talk to external databases. Because spreadsheets are the most common tool used for IT asset management in organizations today, it is important to have the ability to access data from XML files, Excel files, or delimited-ascii files.

Many organizations use scanning tools such as barcode scanners and RFID scanners. When building IT Asset Management, integration with mobile scanning tools should also be a requirement

  1. Identify the Best IT Asset Management Database

When you consider gathering the IT Assets with all associated components and software, the amount of data collected can be extensive. As you prepare for tier 2 of IT Asset Management, you will want to carefully choose your asset management database and database tools.

Make sure the tools you choose allow you to extend the database with custom fields. For example, you may want to know the name of the person who scanned in a device with a barcode scanner.

If you cannot customize your asset management database to accommodate your requirements, then you are restricted by the limitations of the database. IT Asset Management Database tools must have the ability to add custom fields, to map IT assets to custom fields or link IT asset information to external sources. For example, you may want to link a mobile device to its associated account and service provider.


Processes defined at tier 1 are designed to get your IT Assets into your IT asset management solution. Processes defined at tier 2 normalize the database tables for consistency and accuracy. Tier 2 processes also map IT assets to other IT assets or to custom data that you define. Processes defined at tier 3 are aligned with ITAM principles for tracking the lifecycle of the asset.

The more information you collect and properly manage at tier 1, the better prepared you will be when implementing tier 2 and tier 3 of your IT Asset Management solution.

see also:

IT Asset Management, a three tiered approach (Part 1 of 4)

IT Asset Management, a Three Tiered Approach (Part 3 of 4) -Three Keys to IT Asset Management Intelligence

Follow me on Twitter @marcelshaw

IT Asset Management, a three tiered approach (Part 1 of 4)

Asset Management is an enormous task for any IT department. Gartner predicates shadow IT expenditures will reach 35% in 2015. IT Assets not tracked may pose security risks and additional costs.   An IT Asset Management strategy is critical however the larger your organization, the harder it becomes to track every IT asset. Learn how to take on the IT asset management challenge by using a three tiered approach.


Tier 1 – Asset Data Collection

Tier 2 – Asset Data Intelligence

Tier 3 – Asset Lifecycle management

When organizations neglect any of these components, they have a security problem in addition to an IT asset management problem.

 Tier 1 – Asset Data Collection

Collecting your asset information is the first consideration for IT asset management. It is important to have a central database that contains all the asset information you collect. Next, you need tools that scan your network on a regular basis. These tools need to report back to your database, providing as much information about all the devices connecting to your network. These tools also need to provide a way for you to connect to your business partners, so you can begin to track your asset from the moment you issue a purchase order. These tools should also integrate with mobile devices, such as bar code scanners, that are used to collect asset information. Most important of all, is to have a method to inventory every software application and virtual OS that runs on the hardware you have in your inventory. I will go into tier 1 in greater detail on my next blog.

Tier 2 – Asset Data Intelligence

Tier 2 is where the magic happens. After the asset information is stored in the database, you will have thousands and thousands of data points at your fingertips. Now it is time to normalize the information, to map the assets to relevant information, and to link the assets to their contracts, projects, departments, and people.

Tier 3 – Asset Lifecycle Management

IT assets are upgraded and change on a regular basis. You need to build processes that control how you purchase, procure, and dispose of IT assets. This includes virtual devices and software, along with the associated software licenses. Tier 3 is where you apply ITAM principles. Follow me on Twitter @marcelshaw

Why Your Organization Should Embrace Social Media


Why should your organization embrace social media? When organizations underestimate the power of social media, they put themselves at risk. It is ignorant to ignore how significant measures of success like having many instagram followers actually is. They also miss out on a much more efficient way of supporting their users and customers.

Social media offers a way for an organization to better understand their customers and competitors. Social media is a great way for companies to communicate with their employees. IT Support and company email are services that should be evaluated to see how social media can enhance those offerings.

How Social Media Worked for Me

My kids came out to visit me for Christmas last year. When I dropped them off at the airport, I paid for all their bag fees. Unfortunately for me, they decided to fly one of two airlines that charge for “carry-on” luggage. My daughter logically put her iPAD with its case inside her larger carry-on roller bag so that we would not be charged for two bags.

While at the gate waiting for her connecting flight in Denver, my daughter pulled out her iPad and used it. When the flight began to board, the gate attendant demanded $100.00 from my daughter because she accused her of hiding her bag inside another bag to avoid bag fees. Because she didn’t have the money in her account, they left her in Denver. Yes, they left her. Then, they offered her a hotel in Denver and put her on the first flight the very next day without charging her any additional fees.

I sent an email to the CEO because I was sure that he would not approve. Her responded within an hour. To my surprise, he not only approved of what his airline did, he threatened to put my daughter on the “no-fly” list. I then turned to social media and here are the results of my actions:

  • USA Today printed the story.
  • The story has been re-shared 2314 times on Facebook
  • The story has been re-tweeted 157 times on Twitter
  • The story has been re-posted 6 times on LINKEDIN
  • The comments posted about the story on the social media sites were overwhelmingly against the airline

The world we live in today empowers the individual as never before. Social Media is the world’s soap box and anyone can listen. Organizations that offer services to customers have to monitor sites where users go and provide feedback to the whole world about their experience. One bad complaint can cost your organization a lot of money if it gets out of control. How much money did it cost the airline? More than the value of a ticket I imagine.

CUSTOMER SUPPORT should embrace Social Media

Organizations can embrace social media by extending customer support responsibilities to monitor social media sites. When negative comments are posted in open forums on social media, customer support should respond with empathy and a willingness to make things right. Although I was not impressed with the airline, I was impressed with how quick they responded to tweets that were posted at #”The airline referred to in USA Today” on Twitter and on their Facebook page.

INTERNAL EMAIL should push some TYPES of communication to Social Media

Organizations need to start thinking about pushing certain types of internal communication to internal social media. For example, you know those emails that are sent to the entire company. The email usually says something like “Where can I find…”, “Has anyone had this happen….”, “Can someone send me…”

Organizations should expand their ITSM solutions to include Social Media

Organizations need to expand IT Support to internal social media forums. There is so much to learn from user comments. For example, a user may post “my laptop crashed again today” or “is anyone having trouble accessing the internet”, or “Why is email running so slow”.

Users make observations which don’t always equate to opening an incident but when you observe, you may find there really is a problem. For example, you might see a comment by several different users regarding a perceived pause or slowness to email and the internet. Upon further observation, you may realize these comments are posted between 8:00AM and 9:00AM. With this knowledge, you may find there is a problem that needs to be addressed.

Observing comments is also a good way to evaluate the tools you have provided to your employees. They may not like the new laptops your are providing compared to the old laptops, and their comments will tell you why.


Social Media is commonly looked at as a distraction or anti-productive app used by employees while on the clock. I believe to counter this, companies need to figure out a way to be a part of the user’s social media experience. To start, if your organization offers customer support, you need to monitor social media posts that mention your company. Also, I think organizations should begin to explore how their ITSM tools can be extended to Social Media. When ITSM social media solutions are worked out, organizations should then consider categorizing their email communication and where it makes sense, move certain types of communication to an internal social media page.

-follow me on Twitter @marcelshaw

Questions to consider regarding Shadow IT

What is Shadow IT?

Shadow IT refers to IT devices and applications that an organization does not track or manage. In many cases, the organization does not even know these devices or applications exist. Furthermore, they cannot audit and track how these assets are being used.

Is it costing my organization money?

Gartner once estimated that 35% of enterprise IT expenditures will happen outside of the corporate IT budget in 2015.    However, there are organizations that believe shadow IT actually reduces costs.

Projects that use Shadow IT increasingly have the resources and bandwidth to build solutions on their own and can deliver them much faster. Thus reducing the budget that would otherwise be required for overall IT expenses. In other words, some say it is a wash.

Are there many risks created by shadow IT?

Let’s start by looking at the top security breaches in 2014 so far..


145 million customer names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth. The breach is thought to have affected the majority of the company’s 145 million members.

Michaels Stores

The company said up to 2.6 million payment card numbers and expiration dates at Michaels stores and 400,000 at Aaron Brothers could have been obtained in the attack.

Montana Department of Public Health and Human Services

Names, addresses, dates of birth and Social Security numbers on roughly 1.3 million people

Variable Annuity Life Insurance Co.

A former advisor used a thumb drive to obtain Social Security numbers and other details on 774,723 of the company’s customers.


Texas wine retailer’s network resulted in the loss of information of as many as 550,000 customers. Hackers got away with customer names, debit or credit card details, card expiration dates, card security codes, bank account information from checks and possibly driver’s license numbers.

St. Joseph Health System

Approximately 405,000 former and current patients’ and employees names, Social Security numbers, dates of birth, medical information and, in some cases, addresses and bank account information.

When business processes are not under the control of a centralized IT or IS department, there is an increased risk that shortcuts will be taken, security procedures will be overlooked, and at least one or more of the security standards your organization adheres to will be compromised.

If we embrace Shadow IT, what Security Standards could we break?

  • FISMA (Federal Information Security Management Act of 2002),
  • GAAP (Generally Accepted Accounting Principles),
  • HIPAA (Health Insurance Portability and Accountability Act),
  • IFRS (International Financial Reporting Standards),
  • ITIL (Information Technology Infrastructure Library),
  • PCI DSS (Payment Card Industry Data Security Standard),
  • TQM (Total Quality Management), etc.

How should we approach the problem?

The bottom line is that you can’t secure something you don’t know about. It’s time for organizations to implement IT Asset Management processes. I suggest a three tiered approach which I will discuss in an upcoming blog.

Three Reasons Mobility Wearables will Improve Your Health

In light of the recent announcement and release of the iWatch from Apple, it appears that all the major mobility players now see the market potential for mobility wearable’s. I’m not talking about reading your messages or getting the scores from your favorite team. I’m talking about your health.

Wearable mobility devices will eventually be a key part of every consumer’s physical and mental wellbeing. I predict these devices will change the way health care is provided as we know it.

When talking about mobility wearable’s for your health, three key areas are now in play and will see significant improvement over the next 10 years. These areas are:

  • Monitoring
  • Personalization
  • Alerting

About six months ago, I was horrified to see the scale hit 232lbs, the heaviest I had ever weighed. I consulted with a friend who had recently lost a lot of weight. He introduced me to a mobility wearable device and pointed out some apps for my phone that communicate with my wearable device. I also purchased a scale that would keep the apps up-to-date with my progress.

The concept is simple, burn more calories than you eat. Using an app on my phone, I would scan each item of food I consumed. I became aware of the calories that I was eating and the app told me how many calories I was burning based on what my wearable mobility device was reporting.

In four months, I hit 203lbs and changed my body mass index from 32% to 27.5%, still considered overweight but I am going in the right direction.

The app on my phone monitored my activities, personalized my goals based on my personal information and my progress reported by the scale. It also would alert me when I reached my goals, or if I was short on my goals.

Data from the National Health (NIH) and Nutrition Examination Survey, 2009–2010

• More than 2 in 3 adults are considered to be overweight or obese.

• More than 1 in 3 adults are considered to be obese.

• More than 1 in 20 adults are considered to have extreme obesity.

• About one-third of children and adolescents ages 6 to 19 are considered to be overweight or obese.

• More than 1 in 6 children and adolescents ages 6 to 19 are considered to be obese.

Over the next decade, we should expect to see school children wearing mobility devices. Information gathered by schools and parents will effect decisions about their schedules and activities. Imagine if a child starts a fever while in school, not only will these devices record the information, they will notify the teacher and the parent.

We will see these devices notify someone who is about to have a seizure, a heart attack, or maybe even a stroke. For those with Diabetes, they will be monitored and alerted when blood sugar levels reach dangerous levels.

The future of wearable mobility devices will one day become an essential part of our lives by monitoring our progress, personalizing our health profiles, and proactively warning by alerting us about actions that need to be taken in order to avoid a health problem.

Wearable Mobility Management

How will companies manage these devices? Integration with mobile devices like tablets and phones, and integration with IT infrastructure will be required for authentication and identification.

Security will be a critical component for protecting the detailed personal health information of each individual using a device. The ability to manage inventory and the lifecycle of wearable mobile devices will also be important. Nobody wants disposed devices to contain personal information.

The adoption of mobility wearables will be driven by the health problems they will solve in the near future, not the features that we can already get with our phones and tablets today.