Which options should typically be included in a software asset management implementation?

Without a solid plan and a streamlined process flow, it is difficult to track and manage all your hardware, software, virtual, and non-IT assets from one place. Therefore, implementing an IT asset management (ITAM) process is the right thing to do. It also brings you plenty of benefits. It can help you cut down extra maintenance costs, use licenses optimally, reduce the number of unused assets and security risks, gear up for audits, increase the efficiency of other ITIL® processes, make effective purchasing decisions, formulate precise budgets, and do more. These seven IT asset management best practices will help you overcome ITAM challenges, reap maximum benefits, and revolutionize the way you manage your IT assets.

• 1. Build your asset inventory using multiple discovery sources
• 2. Track the complete life cycle of assets
• 3. Manage software and licenses in one place
• 4. Make ITAM work with other ITIL processes
• 5. Keep tabs on the ITAM metrics that matter
• 6. Conduct IT asset audits
• 7. Continuously improve the ITAM processes

What is IT asset management (ITAM)?

"Asset management is a systematic process of developing, operating, maintaining, upgrading, and disposing of assets in the most cost-effective manner (including all costs, risks and performance attributes)." - Wikipedia

"IT Asset Management is a set of business practices that incorporates IT assets across the business units within the organization. It joins the financial, inventory, contractual and risk management responsibilities to manage the overall life cycle of these assets including tactical and strategic decision making." - International Association of IT Asset Managers (IAITAM)

Objectives of ITAM process

• Quantify the total value of unused hardware and software applications. This helps optimize asset usage and cut down extra maintenance costs.
• Identify stolen hardware and software applications. According to Gartner, about five percent of assets are stolen annually. To minimize the losses due to theft, you should be able to identify and replace the stolen components as soon as possible.
• Plan for the future. You can assess the adverse impact of aging hardware on IT and avoid unprecedented losses. This helps you make decisions on new asset purchases and dispose or repair aging equipment.

Benefits of ITAM processes to your IT

• Offers visibility by providing an in depth view of your IT environment. It plays a vital role in helping an organization define and control its IT infrastructure, from scratch.
• Offers support to other ITIL processes by providing accurate information about the assets affected due to an incident, problem, or change. It helps in identifying the impact of incidents and performing a root cause analysis.
• Helps your organization stay compliant, gear up for audits, and reduce legal and security risks.
• Reduces unwanted IT spending by optimizing asset usage and controlling IT asset purchases.

Three interesting use cases on ITAM

Let's take a look at three interesting stories on ITAM.

First use case:

The first story talks of how ITAM helped curb IT spending. A large medical institution in California wanted to consolidate its IT assets, which were scattered, with licenses lying unused and with several other problems.The company wanted answers for the following:

• Is the company using all the licenses it had?
• Is the company using servers that it was unaware of?
• Is the company maintaining unused hardware?

The company's goal was to cut unwanted maintenance of assets, reduce license fees, and optimize the use of existing licenses. Answers to these questions helped the company save three million dollars in just three years.

Second use case:

The second story is about what might happen when you don't have an effective ITAM in place. The Department of Justice in London lost sensitive prisoner data and was fined 180,000 euros. The prison authorities had failed to turn on the encryption mechanism on their hard disks. They also did not have a proper system to track and maintain hardware assets, risking the security of sensitive data.

Third use case:

The third story talks of how an effective ITAM process saved the day for Marriott. The hotel was destroyed completely in the 9/11 attacks, as was its main server, which had sensitive client and staff data. An organization named Tangram was hired to recover the lost data. Tangram was easily able to get the original server configuration details through an inventory tool that Marriott was already using. A backup server was quickly replicated, and the data was retrieved successfully.

1. Build your inventory using multiple discovery sources

The bottom line is to discover and track every asset in your organization. Let's look at a three-step approach to do this.

1.1. The first step is to discover the assets inside your home network.

You can use the Windows domain or network asset management scan, depending on the types of devices you are looking to discover and track. If your assets are scattered across multiple sites, use the distributed asset scan to get the information you need.

1.2. The second step is to discover assets outside your home network.

This is where agent-based scans come in handy. You need to deploy agents on your workstations to scan the machine information and send the information back to your central server. On subsequent scans, the agent scans your assets for changes sends out only the differential data to the ServiceDesk Plus database, reducing the burden on the ServiceDesk Plus server and your network.

The third step is to ensure that your mobile assets are tracked as well. Initially, you may not have a Bring Your Own Device ITAM policy in place, but you can always start by asking users to register their personal devices for MDM tracking. These personal devices are on and off the home network, and therefore require dynamic asset discovery techniques.

An advantage of using MDM is that it reduces the adverse effects of shadow IT.

There is always a dilemma between choosing agent-based and agentless asset discovery techniques. It is advisable to use a combination of both to achieve the best results.

The agent-based asset discovery technique

• Offers visibility by providing an in depth view of your IT environment. It plays a vital role in helping an organization define and control its IT infrastructure, from scratch.
• Offers support to other ITIL processes by providing accurate information about the assets affected due to an incident, problem, or change. It helps in identifying the impact of incidents and performing a root cause analysis.
• Helps your organization stay compliant, gear up for audits, and reduce legal and security risks.
• Reduces unwanted IT spending by optimizing asset usage and controlling IT asset purchases.
• Can be used to selectively scan individual workstations that have undergone a change.

The agentless asset discovery technique

• Is a light-weight, non-invasive method because authentication is not required.
• Requires very minimal implementation time.
• Incurs no extra cost for installation, maintenance, or upgrades.
• Requires all devices to be in the network and switched on.

It is important that you know everything about your assets. You need to capture as much asset information as possible to help you drive critical decisions later. Here are some basic hardware and software parameters that you should track.

To access assets easily, without tedious searching, you typically need to classify them under three sections, as depicted below.

2. Track the complete life cycle of assets

Organization have their unique asset procurement, maintenance, and disposal policies. You need to frame an asset life cycle to cover all stages of an asset in your organization. Each asset stage can have one or more asset status associated to it.

In the above diagram, an asset is initially requested by a department or a user. A purchase request is then raised and sent for approval. Upon approval of the purchase request, the asset is procured and installed in the IT environment. The asset is then put to use by mapping it to a user. If the asset needs to be repaired or is not currently in use, it is placed in storage. Finally, if the asset has expired or depreciated, a decision must be made to either dispose or reuse the asset.

Another important task is to track asset states meticulously because they are dynamic in nature. For example, a workstation can be used for a couple of days and then kept in storage until the next need arises. Therefore, it is important that you periodically refresh your asset states and stay current.

Advancements in technology have benefited us with IT asset tagging concepts like barcodes, RFID, and GPS, which simplify tracking assets. These IT asset tagging concepts help reconcile ownership, location, and configuration of hardware assets continuously.

Let's take a look at the benefits of tracking assets.

Benefits of IT asset tracking:

Asset data becomes more reliable

Having updated and accurate information about your assets, at any given point in time, helps you make the right decisions.

It offers scalability

As your organization grows in size, the number of IT assets required to support your business operations increases. A proper IT asset tracking process flow helps you track and maintain assets with minimal effort, regardless of what the numbers are. This allows your help desk staff to concentrate on resolving issues than tracking the assets.

You can plan ahead for any surge in IT asset management software requirements

Let's use the example of Walmart. During its peak season, the company hires temporary staff to meet the extra demand. This, in turn, causes a spike in gadget requirement. The company needs to have an optimal buffer stock of gadgets to run its business without interruption. This estimate of the buffer stock can only be easily identified if the existing assets are tracked properly.

3. Manage software and licenses in one place

Here are a few software compliance best practices to ensure that you stay software compliant.

3.1. Study existing software and licenses

Scan and identify all your existing license details and deployments. Learn what type of licenses you own, when they will expire, and if they are linked to any contracts.

3.2. Choose license types that will suit your needs

You will have a wide choice of license types such as volume, individual, OEM, CAL, concurrent, and perpetual to choose from. You need to do your research to identify the type or combination of types that would best suit your organization, based on the type of software you own. For example, trial software would need a temporary license, whereas core software, such as a coding platform, would need a perpetual license.

3.3. Reconcile licenses

This is the most tedious task in ITAM because it involves a lot of manual effort. If you are using a software asset management tool, you will be able to record three important details: the number of installations, the licenses available, and the licenses already allocated. Analyzing this data will help you determine your software compliance level. Do not panic if the numbers do not tally initially because very few organizations can be perfect the first time.

3.4. Ensure software compliance by either purchasing new licenses or deleting existing software applications

This, again, is a time-consuming process, but a necessary evil. Do not be even slightly over or under compliant because it would either induce a heavy penalty or increase your total cost of ownership. It is advisable to have real-time dashboards to measure and track software compliance metrics.

4. Make ITAM work with other ITIL processes

Here are a few prerequisites for an effective ITAMITSM integration. Make sure your technicians and end users adhere to these prerequisites.

4.1. Make sure to map your workstations to end users

Mapping your workstations can help you effectively track and manage a specific end user's workstation for quick analysis. You will also have a count of workstations that are currently in use, which can help you tackle fluctuations during ad hoc IT asset requirements.

4.2. Build a comprehensive CMDB to get one view of your entire IT

A CMDB is a virtual replica of your organization. CMDB also supports other modules such as incident, problem, change, and project. Therefore, perfecting your CMDB translates to better efficiency of all your other modules, as well.

4.3. Tie impacted assets to incidents, problems, and changes

Tying assets to issues helps with easy analysis and resolution.

ITAM influences other ITIL processes such as

Incident management

ITAM provides key diagnostic information about assets used by the requester. It also helps technicians access any workstation, via a remote asset management control feature to troubleshoot issues.

Problem management

ITAM provides diagnostic information to perform root cause analysis.

Change management

ITAM helps carry out IT changes with minimal risk, downtime, and impact. It also lets you understand the impact of planned changes on IT, in advance.

5. Keep tabs on the metrics that matter

Generating specific ITAM reports can help you accomplish specific objectives. Let's take a look at a few of those objectives and their corresponding reports.

Today's ITAM tools offer the advantage of generating both built-in standard reports, as well as custom reports. Pre-configured standard reports can be generated at the click of a button. This eliminates redundant effort and saves a lot of time if you are looking to generate a report multiple times under various scenarios. Reports can also be custom built using an interactive platform whenever you want.

It is good practice to pin key metrics that matter to your dashboard. Some ITAM tools allow you to add generated reports as dashboard widgets. This ensures that the information you seek is readily available. Here are a few dashboard components every IT asset manager should track

• Workstations by operating system
• Software usage to monitor rarely used, unused, and frequently used software
• License compliance details

6. Conduct self audits

Here is why self audits are important. Being compliant and audit-ready ensures that you are in control of your IT, and that you have already curbed a lot of unwanted IT spending. Real audits may occur any time, and therefore you need to ensure that you are always audit-ready. Conduct self-audits for all your vendors at least twice a year.

Now, let's take a look at the benefits of conducting internal self-audits.

• Serves as an early warning system.
• Helps you save huge fines and penalties.
• Reduces existing discrepancies in your IT infrastructure.
• Helps your staff get enough hands-on experience to face real audits without any panic.

Here is an IT asset management audit checklist to conduct a hassle-free audit.

6.1. Prioritize your vendors

Audits are usually time-consuming. Make sure you prioritize your vendor list before a self-audit, based on external factors such as likeliness of audit from the vendor, vendor profile, and vendor who has supplied the majority of inventory. Always remember to perform the audit one vendor at a time and not rush things.

6.2. Set audit policies

You need to clearly define the people and ITAM tools involved in your audits. You also need to plan your audit execution strategy and set the scope of your audit.

People aspect

Define appropriate audit roles. List the department names and their level of involvement in the audit. Choose skilled people from the legal and technical departments to play the auditor's role. Also, form a committee to represent and defend the organization.

ITAM Tools involved

Check to see if you need to install a third-party tool, or if you are planning to use existing ITAM tools for the software and hardware audit. Some vendors may not entertain the use of third-party ITAM tools.

Planning

You also need to plan between having a fast paced surface audit or a time-consuming, in-depth audit. Devise proper roll-out and back-out plans to execute the audit.

Setting the scope

Some audits might focus on just license violations, while others might focus on finding the usage of prohibited software. You need to identify specific parameters to track for individual audits based on the purpose of the audit.

6.3. Facilitate an audit-friendly environment

Keep records related to purchases, entitlements, and inventory ready and accessible for the audit. Provide incentives to your workforce to participate in the audit. This will give them a purpose and the motivation to dive deep into executing the software and hardware audits wholeheartedly. Prepare your ITAM tools to run usage and compliance reports multiple times, if required.

6.4. Come up with a remediation plan

Audit results are mostly disappointing, with a lot of discrepancies. Answering the following questions will help you make necessary modifications to properly set your inventory.

• How do I install/uninstall software?
• How do I purchase new licenses?
• Do I have the budget to pay potential fines?

7. Continuously improve, because ITAM is an ongoing battle

To continually improve, you need to keep refreshing your asset database and CMDB regularly with different scan techniques. You can also automatically schedule scans to track changes to the IT asset database. Broadly, these changes would mean additions, modifications, and deletions to the asset database.

You need to check for continual improvement by creating a checklist of systematic activities that need to be performed. You should also review your ITAM process results with benchmarks for past data. This would be a good opportunity to take stock and identify areas of improvement.

Conclusion

The seven ITIL asset management best practices discussed above cover most aspects of an ITAM process, right from detecting your assets and integrating ITAM with other ITIL processes to improving ITAM on a continual basis. You need to identify a tool that will help you accomplish your ITAM objectives effectively. But, today's ITSM market is overloaded with IT asset management tools, which make your selection process more complicated. You need to look out for those unique advantages and out of the box features that some tools offer to gain an edge over your business competitors.

7 Step Guide to IT Asset Management Success - View PDF.

Which options would be considered to be biometric methods of authentication?

Which types of object should typically be included in a network diagram?

Which actions would be considered to be device or host hardening techniques?

Which process is concerned only with establishing the identity of a user or device?