As that doyen of management theory, Peter Drucker, once said: “If you can’t measure it, you can’t manage it.” And this applies to IT just as much as it does to the wider business. So it is surprising that so few organisations have a well thought out IT asset management strategy in place.
While most will have noted down the serial numbers of their hardware and the version of the software that runs on it in an Excel spreadsheet, too few have introduced coherent and sustainable policies around managing their resources.
Robert Lee, IT director for the logistics and marine business of the Bibby Line Group, explains: “Asset management is not a project, it’s a process. It’s troublesome because a lot of companies take a snapshot of where the world is today but if there’s no process behind it, it quickly becomes outdated and the value of doing it is lost. They undertake many costly audits and while the benefits come initially, they’re often frittered away.” Failure to undertake such a process consistently means that it becomes almost impossible to know what IT assets the organisation has at any given moment in time and this can have an impact on everything from expenditure to security policy and regulatory compliance.
For example, Peter Green, operations director at The Telegraph Group, discovered that they were paying for too many licences after addressing the issue. “We won’t be spending the sort of money that we had been on software licences any longer,” he says. “We were about £100,000 over-licensed and that’s a big chunk of money. If we need software now, we have licences in a pool so we don’t have to buy more. We also don’t have to buy software on the basis that we don’t know whether we’ve got the licences or not.”
Moreover, the company no longer has to worry about using more copies of software than it has paid for, which “is clearly illegal and would be considered as theft”, says Green.
Asset management feeds into governance and risk management and, if undertaken properly, can act as a foundation from which to tackle them. Lee explains the rationale: “We’d gone through a period of considerable change due to acquisitions and when you do that you have to ensure that all the fundamentals are covered and you’ve got the basic building blocks in place to move forward. Dealing with governance and legality is crucial, particularly because meeting governance standards is integral to our brand.”
A key problem here is that, while IT organisations are generally aware of the make-up and function of their key systems, they may not necessarily have a handle on less high profile or legacy equipment. They may not even understand what depends on what to provide an effective service to users. Jon Collins, principal consultant at analyst company MWD Advisors, argues: “There’s an old datacentre anecdote: the only way you can know what something does is to turn it off and see who calls the helpdesk.
“So asset management feeds into risk management, understanding what supports which business processes and what is likely to happen if something goes wrong.”
Poor asset management also has ramifications for information security. It becomes impossible to safeguard systems, devices and data using basic techniques such as patching if the organisation is not even aware that they exist or if there are no processes in place to ensure that equipment can be retrieved when staff members leave.
As Mike Denis, IT director at South London and Maudsley NHS mental health Trust, points out: “What asset management brought for us was the ability to discover all of our assets and monitor and control information on them in a single location. That in itself was a huge transformation from something that had felt out of control. We were able to understand what we had and provide assurance to the board that we were managing our assets and protecting them from risk.”
"If you know what you have, you can control it better and sweat your assets. But if you intend to meet governance, legal and licensing requirements, it needs to become a way of life, not a one off"
Robert Lee, IT director, Bibby Line Group
So how can organisations go about introducing a workable asset management strategy that is sustainable in the long term? There are many ways to skin a cat but some basic rules apply. First of all, says Steve Turner, general manager at consultancy Stratic, it is necessary to sit down and think through what the organisation wants to achieve and how it intends to get there. “Most CIOs don’t have a strategy around asset management. They’re doing bits and pieces but in general, they’re not thinking strategically about it,” he says.
The failure to do this means that most organisations end up buying point solutions that do not work together, which undermines the process of keeping asset management information up-to-date. For example, if helpdesk applications are not integrated with asset management systems, it is unlikely that any changes made to the configuration or status of machines during the support process will be recorded in the latter.
Once a coherent strategy has been established, the next step is to create an inventory of all of the organisation’s hardware and software assets. This discovery and auditing process is generally automated, although some manual intervention may be required. When the Telegraph Group undertook its software asset management initiative, for example, it hired Creative Technology Management Solutions (CTMS) to help out. The consultancy recommended using Centennial Software’s Discovery tool to enable it to create an accurate picture of what executable files were running on its 1,300 desktops and servers.
“There are hundreds if not thousands of executable files on each machine,” says Green. “So it took time to figure out what applications we had because you might have 100 executable files but only 15 applications, for instance. It was a very laborious job.”
The next time-consuming issue was to reconcile what software was on the machines with what licences had been purchased. This involved trawling through the previous three years worth of purchase orders and feeding the information, which includes software versions and configuration details, into Right2use’s Software Organiser repository.
The final piece of the jigsaw for the Telegraph Group was to integrate the two tools with each other and with CMTS’ Quick Query Reporter so that it produced a weekly status report that could be checked by a member of the IT team to ensure that everything is in order.
Key to any such initiative is the use of a repository to store information about the organisation’s assets. This repository, ideally, should be integrated with other applications such as helpdesk, procurement and HR to ensure that any change in the status of hardware, software or personnel is recorded and easy to see. The repository does not necessarily have to be retained inhouse. Bibby Line hired asset management software and services provider Liken not only to audit its IT assets, but also to host its management system. This is accessed via the company portal and integrated with the organisation’s purchasing and software deployment applications.
“We get a real-time view of our hardware and software asset base and the system is linked to our primary software suppliers so that at any time, we can produce a complete listing of what we’ve got and where it’s come from. That’s as good an assurance as I can give that we’re meeting governance targets,” says Lee. But an important advantage of using a third-party supplier, he believes, is gaining access to skilled staff with specialist expertise.
“One of the key things they bring is a considerable knowledge of licensing detail, which is a minefield. End user licensing deals are almost an art form but ensuring you’ve got compliance is key,” explains Lee. Ensuring this compliance took about four months, with several Liken consultants and two inhouse staff working on a part-time basis on the initiative. But it will now be used as the bedrock on which to work towards compliance with the ISO19770 software asset management standard. “It’s important to treat asset management not as a chore but as a way of life and that’s what the new standard enshrines,” says Lee.
Denis agrees, seeing asset management as the foundation stone to enabling “proactive centralised management of the IT infrastructure”. In the Trust’s case, this led to it purchasing Computer Associate’s Unicentre systems management offering. “The fact that asset management tools are integrated with other modules such as helpdesk was the most powerful thing to me. So if someone phones up with a PC problem, you can look up all of the information about it in the asset management system and see how its configured,” says Denis.
“You can see what software’s running on it, how it’s being secured and the like. It means that there’s a full inventory of information immediately available to helpdesk operators, which is crucial,” he adds.
But the tools are also integrated with other functions such as software delivery, which helps makes it easier to identify target machines for upgrades. It is also now possible to undertake more considered procurement planning because the Trust knows how old each of its machines are and so can predict when they are likely to need replacing.
This means that it can negotiate better price deals because rather than replace them one-by-one, it can schedule a refresh years in advance. As Lee concludes: “If you know what you have, you can control it better and sweat your assets. But if you intend to meet governance, legal and licensing requirements, it needs to become a way of life, not a one off.”