IT Asset Management, a Three Tiered Approach (Part 3 of 4) -Three Keys to IT Asset Management Intelligence

Three Keys to IT Asset Management Intelligence


IT Asset Intelligence is Tier Two of IT Asset Management. It is accomplished by associating assets with relevant information contained within the asset database and with relevant information contained in external databases, both inside and outside the organization. Three key features are needed to build IT Asset Intelligence: IT Asset Normalization, IT Asset Mapping, and IT Asset Linking.

IT Asset Normalization

Your Asset Management solution contains asset information provided by manual input, scanning tools and software, and from remote sources such as spreadsheets. To report accurate information, your solution needs to be able to correct the database tables of inconsistencies. Inconsistencies can be caused from errors made during manual input or from inconsistent naming conventions used by the hardware and software vendors.

For example, a software vendor like Adobe may use the name “Adobe”, “Adobe Inc.”, or “Adobe Systems.” The company’s name may vary from one version to another, creating an inconsistency. Be sure to account for these inconsistencies for accurate reports.

To ensure accuracy in the database, develop a process that will detect inconsistencies as well as correct them prior to reporting.


Choose an asset management solution that can provide you with normalization capability otherwise, your expert SQL administrators will have to fix the problems for you, which can be a costly alternative.

IT Asset Mapping

Asset Mapping is critical for Asset Lifecycle Management, which just so happens to be Tier Three of IT Asset Management. Asset management tools need to be able to map asset information from one table to another. For example, you may have a table that lists the IP address assigned to each laptop.


Because you know that IP addresses are determined by the building location, you may want to create a custom table with your building names. Dynamically map the IP addresses of the laptops to the building name associated with the IP address.


This will then allow you to view laptops located in a given building without having to know the IP address assignment schemes for the buildings.


Mapping can also be used to generalize asset information where detailed information is not required.

For example, an organization may want to see how many software application licenses they own from a specific vendor instead of viewing the name of every software package.

Remember, mapping to custom fields is critical since not everything can be scanned and asset management vendors cannot anticipate everything you may want in your asset management solution. For example, there may be executives in your organization that have a flat screen TV in their office. The TVs are not scanned by network scanning tools and most asset management systems do not have a field for TVs.

To manage the TVs in your asset management solution, you need to be able to add a custom field, name the field accordingly, and then map it to the executive or to the executive’s department (another custom field) in the asset management solution.

Mapping allows you to see your IT assets, and anything that relates to the IT asset.

An even greater benefit of mapping is the ability to map assets back to the user who is accountable for that asset. A goal your organization should have is to be able to see the user and all the assets they use.


If you are unable to see what IT assets a user has, then you are at greater risk of losing track of the asset when the user moves within the organization or when the user leaves the organization.

IT Asset Linking

The properties of an asset can include information that might be stored in an external database within your organization or even outside your organization. For example, the contract information used to purchase software licenses might be stored in a database used by the legal department.

In this scenario, it would not make sense to duplicate the contract inside of the asset management database. Duplicating the contract would raise concerns for a document management system, often used by legal departments. Much like IT assets, legal documents and versions have to be tightly managed. Therefore, a link should be provided within the asset management database that points to the associated contract. That link could be a document number, document name, or some other identifier that a system uses to identify individual documents.

Asset linking can also be used to connect to your End-User License Agreements (EULA). For example, your asset management systems should be able to communicate with Microsoft over the internet to obtain the total amount of software entitlement licenses your organization owns for a given software package. In turn, it should then be able to compare the amount of licenses owned to what is installed within the organization.

The results of these findings would then be available in a report created by the asset management system. Hopefully, if your asset management database allows for custom fields, you will be able to create a field for “cost.” Then you can map that cost to a license enabling you to get true-up costs or over-licensing expenses.


If your asset database is accurate, and your asset mapping and asset linking designs are developed in advance, you will have an intelligent view of all your IT assets, asset users, asset licensees, asset purchasing information, and the asset costs throughout their lifecycle.

Most important, when Tier Two of asset management is designed properly, Asset Lifecycle Management at Tier Three will be much easier to implement and follow.

Follow me on Twitter @marcelshaw

See Also:

IT Asset Management, a Three Tiered Approach (Part 1 of 4)

IT Asset Management, a Three Tiered Approach (Part 2 of 4)

IT Asset Management, a Three Tiered Approach (Part 4 of 4)

Questions to consider regarding Shadow IT



IT Asset Management, a three tiered approach (Part 2 of 4)

4 Steps to IT Asset Discovery, tier 1 of IT Asset Management 

Collecting IT Asset information is the first tier of an IT Asset Management strategy. This is where you build your database with IT assets that will be tracked. It is important to have a strategy for collecting, storing, and monitoring IT Assets. To begin your IT asset management project, start with these 4 steps to successfully collect your IT asset information.

First, you must define IT assets that need to be collected. Second, you need to identify IT assets that need to be monitored. Third, choose scanning tools that meet the requirements defined in step 1 and 2. Fourth, choose an IT Asset Database that allows you to add and map custom fields

1.  Define IT Assets that Need to be Collected

Define IT Assets that will be managed and added to the IT asset management database. Start by identifying assets controlled by the end-user. PCs, laptops, mobile devices, and associated software applications are often lost or misplaced overtime when not accounted for in an IT asset management solution. Next, consider tracking printers, network devices such as routers, switches, servers, and storage with their associated applications.

  1. Identify IT Assets that need to be monitored

The level IT of tracking applied to an IT Asset will vary. A good way to differentiate the level of tacking is to have “monitored” devices and “un-monitored” devices.

Monitored devices will generally be the devices controlled by the end user like a laptop or PC. These assets are usually at most risk for security attacks. Monitored devices generally need a service or client that runs on the device. The monitored device needs to be able to report changes quickly since it has to react to change. Servers and their associated applications should also be considered for monitoring.

Unmonitored devices would be devices that are generally controlled by IT such as network printers, routers, and switches. These devices are usually changed pro-actively. Network devices under the control of the IT Management system should still follow ITIL principles relating to Configuration Change Management. Remember, “Un-monitored” refers to the level of tracking, not to be confused with monitoring/managing software that may be used to configure and alert on the health of the IT Asset.

Mobile Devices will usually fall somewhere between “monitored” and “un-monitored” but whatever is decided, they need to be tracked. At a minimum, IT needs to know what mobile devices are connecting to and accessing the organization’s data.

Integration between your ITSM solution and your asset management solution should be part of your strategy. If an IT asset is serviced, the incident management tool should be able to view details about the asset from the asset management system. For example warranty, contract information, and installed software may be helpful to an analyst working the incident.

  1. Choose the right Asset Discovery Tools

Agent-based Asset Discovery tools have the ability to discover everything that is connecting to your network. They also have the ability to collect detailed hardware information including manufacturer and part numbers from various components of an asset.

For example, in addition to being aware of a laptop, information about the memory, hard drive, and monitor can be available to you if and when you need it. Furthermore, asset tools can provide you with the Operating System (OS) information running on the laptop and any software application installed.

Choose a tool that can do network discovery by accessing network directories such as Active Directory, that can do ping sweeps and even listen to network management protocols such as SNMP. You want to know an asset exists and the type of asset discovered

The tool you choose should also allow you to manually input IT assets into the management system, often using forms. For example, a smaller company may want to track the lifecycle of assets but are not concerned with detailed information beyond the fact that it exists. A form can be created for end-users or an admin to enter the required information into the database.


Be sure to choose a tool that can import the IT Asset data from an external data source. Make sure the software can talk to external databases. Because spreadsheets are the most common tool used for IT asset management in organizations today, it is important to have the ability to access data from XML files, Excel files, or delimited-ascii files.

Many organizations use scanning tools such as barcode scanners and RFID scanners. When building IT Asset Management, integration with mobile scanning tools should also be a requirement

  1. Identify the Best IT Asset Management Database

When you consider gathering the IT Assets with all associated components and software, the amount of data collected can be extensive. As you prepare for tier 2 of IT Asset Management, you will want to carefully choose your asset management database and database tools.

Make sure the tools you choose allow you to extend the database with custom fields. For example, you may want to know the name of the person who scanned in a device with a barcode scanner.

If you cannot customize your asset management database to accommodate your requirements, then you are restricted by the limitations of the database. IT Asset Management Database tools must have the ability to add custom fields, to map IT assets to custom fields or link IT asset information to external sources. For example, you may want to link a mobile device to its associated account and service provider.


Processes defined at tier 1 are designed to get your IT Assets into your IT asset management solution. Processes defined at tier 2 normalize the database tables for consistency and accuracy. Tier 2 processes also map IT assets to other IT assets or to custom data that you define. Processes defined at tier 3 are aligned with ITAM principles for tracking the lifecycle of the asset.

The more information you collect and properly manage at tier 1, the better prepared you will be when implementing tier 2 and tier 3 of your IT Asset Management solution.

see also:

IT Asset Management, a three tiered approach (Part 1 of 4)

IT Asset Management, a Three Tiered Approach (Part 3 of 4) -Three Keys to IT Asset Management Intelligence

Follow me on Twitter @marcelshaw

IT Asset Management, a three tiered approach (Part 1 of 4)

Asset Management is an enormous task for any IT department. Gartner predicates shadow IT expenditures will reach 35% in 2015. IT Assets not tracked may pose security risks and additional costs.   An IT Asset Management strategy is critical however the larger your organization, the harder it becomes to track every IT asset. Learn how to take on the IT asset management challenge by using a three tiered approach.


Tier 1 – Asset Data Collection

Tier 2 – Asset Data Intelligence

Tier 3 – Asset Lifecycle management

When organizations neglect any of these components, they have a security problem in addition to an IT asset management problem.

 Tier 1 – Asset Data Collection

Collecting your asset information is the first consideration for IT asset management. It is important to have a central database that contains all the asset information you collect. Next, you need tools that scan your network on a regular basis. These tools need to report back to your database, providing as much information about all the devices connecting to your network. These tools also need to provide a way for you to connect to your business partners, so you can begin to track your asset from the moment you issue a purchase order. These tools should also integrate with mobile devices, such as bar code scanners, that are used to collect asset information. Most important of all, is to have a method to inventory every software application and virtual OS that runs on the hardware you have in your inventory. I will go into tier 1 in greater detail on my next blog.

Tier 2 – Asset Data Intelligence

Tier 2 is where the magic happens. After the asset information is stored in the database, you will have thousands and thousands of data points at your fingertips. Now it is time to normalize the information, to map the assets to relevant information, and to link the assets to their contracts, projects, departments, and people.

Tier 3 – Asset Lifecycle Management

IT assets are upgraded and change on a regular basis. You need to build processes that control how you purchase, procure, and dispose of IT assets. This includes virtual devices and software, along with the associated software licenses. Tier 3 is where you apply ITAM principles. Follow me on Twitter @marcelshaw

Why Your Organization Should Embrace Social Media


Why should your organization embrace social media? When organizations underestimate the power of social media, they put themselves at risk. They also miss out on a much more efficient way of supporting their users and customers.

Social media offers a way for an organization to better understand their customers and competitors.  Social media is a great way for companies to communicate with their employees.  IT Support and company email are services that should be evaluated to see how social media can enhance those offerings.

How Social Media Worked for Me

My kids came out to visit me for Christmas last year. When I dropped them off at the airport, I paid for all their bag fees. Unfortunately for me, they decided to fly one of two airlines that charge for “carry-on” luggage.  My daughter logically put her iPAD with its case inside her larger carry-on roller bag so that we would not be charged for two bags.

While at the gate waiting for her connecting flight in Denver, my daughter pulled out her iPad and used it.  When the flight began to board, the gate attendant demanded $100.00 from my daughter because she accused her of hiding her bag inside another bag to avoid bag fees.  Because she didn’t have the money in her account, they left her in Denver. Yes, they left her.  Then, they offered her a hotel in Denver and put her on the first flight the very next day without charging her any additional fees.

I sent an email to the CEO because I was sure that he would not approve. Her responded within an hour.  To my surprise, he not only approved of what his airline did, he threatened to put my daughter on the “no-fly” list. I then turned to social media and here are the results of my actions:

  • USA Today printed the story.
  • The story has been re-shared 2314 times on Facebook
  • The story has been re-tweeted 157 times on Twitter
  • The story has been re-posted 6 times on LINKEDIN
  • The comments posted about the story on the social media sites were overwhelmingly against the airline

The world we live in today empowers the individual as never before. Social Media is the world’s soap box and anyone can listen. Organizations that offer services to customers have to monitor sites where users go and provide feedback to the whole world about their experience. One bad complaint can cost your organization a lot of money if it gets out of control.  How much money did it cost the airline?  More than the value of a ticket I imagine.

CUSTOMER SUPPORT should embrace Social Media

Organizations can embrace social media by extending customer support responsibilities to monitor social media sites. When negative comments are posted in open forums on social media, customer support should respond with empathy and a willingness to make things right.  Although I was not impressed with the airline, I was impressed with how quick they responded to tweets that were posted at #”The airline referred to in USA Today” on Twitter and on their Facebook page.

INTERNAL EMAIL should push some TYPES of communication to Social Media

Organizations need to start thinking about pushing certain types of internal communication to internal social media. For example, you know those emails that are sent to the entire company. The email usually says something like “Where can I find…”, “Has anyone had this happen….”, “Can someone send me…”

Organizations should expand their ITSM solutions to include Social Media

Organizations need to expand IT Support to internal social media forums. There is so much to learn from user comments. For example, a user may post “my laptop crashed again today” or “is anyone having trouble accessing the internet”, or “Why is email running so slow”.

Users make observations which don’t always equate to opening an incident but when you observe, you may find there really is a problem. For example, you might see a comment by several different users regarding a perceived pause or slowness to email and the internet.  Upon further observation, you may realize these comments are posted between 8:00AM and 9:00AM.   With this knowledge, you may find there is a problem that needs to be addressed.

Observing comments is also a good way to evaluate the tools you have provided to your employees. They may not like the new laptops your are providing compared to the old laptops, and their comments will tell you why.


Social Media is commonly looked at as a distraction or anti-productive app used by employees while on the clock.  I believe to counter this, companies need to figure out a way to be a part of the user’s social media experience.  To start, if your organization offers customer support, you need to monitor social media posts that mention your company.  Also, I think organizations should begin to explore how their ITSM tools can be extended to Social Media. When ITSM social media solutions are worked out, organizations should then consider categorizing their email communication and where it makes sense, move certain types of communication to an internal social media page.

-follow me on Twitter @marcelshaw

Questions to consider regarding Shadow IT

What is Shadow IT?

Shadow IT refers to IT devices and applications that an organization does not track or manage. In many cases, the organization does not even know these devices or applications exist. Furthermore, they cannot audit and track how these assets are being used.

Is it costing my organization money?

Gartner once estimated that 35% of enterprise IT expenditures will happen outside of the corporate IT budget in 2015.    However, there are organizations that believe shadow IT actually reduces costs.

Projects that use Shadow IT increasingly have the resources and bandwidth to build solutions on their own and can deliver them much faster. Thus reducing the budget that would otherwise be required for overall IT expenses. In other words, some say it is a wash.

Are there many risks created by shadow IT?

Let’s start by looking at the top security breaches in 2014 so far..


145 million customer names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth. The breach is thought to have affected the majority of the company’s 145 million members.

Michaels Stores

The company said up to 2.6 million payment card numbers and expiration dates at Michaels stores and 400,000 at Aaron Brothers could have been obtained in the attack.

Montana Department of Public Health and Human Services

Names, addresses, dates of birth and Social Security numbers on roughly 1.3 million people

Variable Annuity Life Insurance Co.

A former advisor used a thumb drive to obtain Social Security numbers and other details on 774,723 of the company’s customers.


Texas wine retailer’s network resulted in the loss of information of as many as 550,000 customers. Hackers got away with customer names, debit or credit card details, card expiration dates, card security codes, bank account information from checks and possibly driver’s license numbers.

St. Joseph Health System

Approximately 405,000 former and current patients’ and employees names, Social Security numbers, dates of birth, medical information and, in some cases, addresses and bank account information.

When business processes are not under the control of a centralized IT or IS department, there is an increased risk that shortcuts will be taken, security procedures will be overlooked, and at least one or more of the security standards your organization adheres to will be compromised.

If we embrace Shadow IT, what Security Standards could we break?

  • FISMA (Federal Information Security Management Act of 2002),
  • GAAP (Generally Accepted Accounting Principles),
  • HIPAA (Health Insurance Portability and Accountability Act),
  • IFRS (International Financial Reporting Standards),
  • ITIL (Information Technology Infrastructure Library),
  • PCI DSS (Payment Card Industry Data Security Standard),
  • TQM (Total Quality Management), etc.

How should we approach the problem?

The bottom line is that you can’t secure something you don’t know about. It’s time for organizations to implement IT Asset Management processes. I suggest a three tiered approach which I will discuss in an upcoming blog.

Three Reasons Mobility Wearables will Improve Your Health

In light of the recent announcement and release of the iWatch from Apple, it appears that all the major mobility players now see the market potential for mobility wearable’s. I’m not talking about reading your messages or getting the scores from your favorite team. I’m talking about your health.

Wearable mobility devices will eventually be a key part of every consumer’s physical and mental wellbeing. I predict these devices will change the way health care is provided as we know it.

When talking about mobility wearable’s for your health, three key areas are now in play and will see significant improvement over the next 10 years. These areas are:

  • Monitoring
  • Personalization
  • Alerting

About six months ago, I was horrified to see the scale hit 232lbs, the heaviest I had ever weighed. I consulted with a friend who had recently lost a lot of weight. He introduced me to a mobility wearable device and pointed out some apps for my phone that communicate with my wearable device. I also purchased a scale that would keep the apps up-to-date with my progress.

The concept is simple, burn more calories than you eat. Using an app on my phone, I would scan each item of food I consumed. I became aware of the calories that I was eating and the app told me how many calories I was burning based on what my wearable mobility device was reporting.

In four months, I hit 203lbs and changed my body mass index from 32% to 27.5%, still considered overweight but I am going in the right direction.

The app on my phone monitored my activities, personalized my goals based on my personal information and my progress reported by the scale. It also would alert me when I reached my goals, or if I was short on my goals.

Data from the National Health (NIH) and Nutrition Examination Survey, 2009–2010

• More than 2 in 3 adults are considered to be overweight or obese.

• More than 1 in 3 adults are considered to be obese.

• More than 1 in 20 adults are considered to have extreme obesity.

• About one-third of children and adolescents ages 6 to 19 are considered to be overweight or obese.

• More than 1 in 6 children and adolescents ages 6 to 19 are considered to be obese.

Over the next decade, we should expect to see school children wearing mobility devices. Information gathered by schools and parents will effect decisions about their schedules and activities. Imagine if a child starts a fever while in school, not only will these devices record the information, they will notify the teacher and the parent.

We will see these devices notify someone who is about to have a seizure, a heart attack, or maybe even a stroke. For those with Diabetes, they will be monitored and alerted when blood sugar levels reach dangerous levels.

The future of wearable mobility devices will one day become an essential part of our lives by monitoring our progress, personalizing our health profiles, and proactively warning by alerting us about actions that need to be taken in order to avoid a health problem.

Wearable Mobility Management

How will companies manage these devices? Integration with mobile devices like tablets and phones, and integration with IT infrastructure will be required for authentication and identification.

Security will be a critical component for protecting the detailed personal health information of each individual using a device. The ability to manage inventory and the lifecycle of wearable mobile devices will also be important. Nobody wants disposed devices to contain personal information.

The adoption of mobility wearables will be driven by the health problems they will solve in the near future, not the features that we can already get with our phones and tablets today.

Marcel's Suggestions, Opinions, and Visions for Technology