A three step, risk based approach to team building

13 March 2018
8 minute read
Best practice

A three step, risk based approach to team building

13 March 2018
8 minute read

This article is the third of a four part series by Martin Thompson of The ITAM Review and Hugh Skingley of Livingstone. The series explores Building the Business Case for SAM Managed Services.

Introduction

Before we delve into team building and the role that SAM Managed Services providers might play, let’s recap the first two parts of this series:

In the first article we covered cost considerations for SAM tool implementation. We highlighted that implementation costs can extend way beyond the SAM tool license price and summarized some of the potential hidden costs to factor into budgeting in order to avoid the embarrassment of asking for further funds down the line.

In the second article we explored the business case for SAM Managed Service providers and why organizations utilize them: namely access to expertise, cost savings, faster ROI and potentially less risk.

Service providers and specialists also play a role in the team, and it’s common for teams to include elements from external parties.

ITAM managed service providers have become more popular in recent years; especially SAM managed service providers who provide compliance visibility for a fixed monthly fee. Some organizations choose managed service providers as a short-term fix whilst they build out the capabilities of their team; some choose to work with managed service providers as a long-term solution to allow their team to focus on more strategic ITAM initiatives.

In this article we will explore a three-step, risk-based approach to team building and how SAM Managed Service providers can help with this process. In particular, how they can help address gaps in your expertise.

When to build a team

The ideal time to build a team is once you have your SAM business plan written and approved by your senior management sponsor. Or in Practical ITAM parlance, your build TEAM, once AUTHORITY and PLAN are completed. As the diagram suggests below, building your team is part of the preparation phase of building an ITAM function. With senior management approval, a focused business plan, engaged stakeholders and a well-resourced team – you are ready for take off.

In the three-phased approach to ITAM take off, “team” sits squarely within the taxi (preparation) phase. We’ve developed the authority and we’ve built the implementation plan. Now, we get the team together to help us execute. Practical ITAM.

A three step, risk-based approach to team building

How should you build a team? Who should be in it and what skills should it include? The short answer is: your team should be resourced to address the goals in your business plan. (You have a business plan, right?).

We recommend a three-step risk-based approach to resourcing your team.

Firstly, take a risk-based approach and determine which are your highest risk software publishers. Identify the top 5, 10 or 20 software publishers that, if managed correctly, will have the biggest impact on your business plan (which typically involves removing audit risk, removing software waste, or gathering information to make smarter decisions).

Secondly, with your top priority publishers in hand, what are the major product categories, data requirements and license metrics involved to manage those publishers?

Thirdly, create a matrix to build a team based on these requirements. At this point you’ll have a bird’s eye view of your requirements and where Managed Services providers and specialist skills might be able to help.

Summary:

  1. Determine high risk publishers.
  2. Identify metrics to measure consumption.
  3. Build a virtual team to manage risk.

 

A three-step example

To show the three-step risk approach to building a team, let’s look at a very simple example:

  1. A company has determined that managing Microsoft, Adobe and a niche engineering application called ‘Oojamaflip’ will have the biggest impact on their goal of saving money on unused software.
  2. Both their Microsoft and Adobe agreements are user-based license models, both on premise and cloud. Oojamaflip is based on perpetual installs. The company also has significant investment in Microsoft SQL server.
  3. The Software Asset Manager builds a draft virtual team to help address the key elements of their business plan as follows:
 

Building a virtual team to manage risk

How do we measure consumption? Who do we know with license expertise for this area? Who do we know with sufficient expertise to help us save money for this area?
Microsoft Users We could use our existing in-house inventory tools, Microsoft data and take a look at Active Directory? Fred, the existing Software Asset Manager has good knowledge of Microsoft Licensing. Our existing Software Asset Manager, with help from our reseller partner, can address this.
Adobe Unknown Unknown Unknown
Oojamaflip An inventory tool with usage tracking Unknown Unknown
Microsoft SQL Unknown Unknown One of our engineers might be able to help.

 

By using this matrix and asking a few simple questions, we can quickly establish if we have the in-house skills to be able to address our business plan. Using the example above, it looks like the organization might be able to address ‘Microsoft Users’ thanks to the Software Asset Manager’s expertise, but may need to either hire or work with a partner to address other gaps. You could also extend the matrix to include an estimate of time, effort and cost to manage these vendors and products (to support your business case to either extend your SAM team or use a third party).

Incidentally, the same matrix approach can be used to select appropriate SAM data sources, tools and solutions. In the example above, the organization would need a solution capable of working with the hybrid cloud user-centric models from Microsoft and Adobe, the ability to identify and manage the niche engineering application Oojamaflip and the ability to identify SQL Server. That’s not to say that all the other applications in their estate are not important, but to complete the business plan and meet their objectives, they need to focus on the high-profile vendors above.

In relation to using a managed service partner, the strategy needs to be decided: it might be the case that the partner is used for the short-term to help get you up to speed, or some organizations stay with a partner for the longer term so that it frees them up to pursue more strategic activities. This can all be part of the SAM plan and helps make you think more strategically about SAM.

What roles are required in a SAM team?

In our simple example above we asked three questions: How will we measure consumption? Who do we know with license expertise? And whom do we know with sufficient expertise to help us save money for this area?

This is a good starting point to help you start identifying gaps in your team, but it’s worth digging a little deeper to identify the key roles and responsibilities of a SAM team.

The list below includes some key SAM activities: which of these can you cover in-house and which elements might need some external expertise?

  • SAM Process owner, process engineering.
  • Licensing specialists, knowledge of product use rights and optimizing positions.
  • Entitlement management – reviewing and recording entitlement documents such as contracts and license agreements.
  • Producing and refining an Effective License Position.
  • Tool management – Data analysis, Project Management.
  • Tool administration.
  • Inventory Management (ensuing smooth inflow of good inventory data from working agents, ample coverage and data feeds from secondary sources, managed non-inventoried instances).
  • Executive reporting, communicating and escalating risk, justifying and explaining accuracy.
  • Audit defence expertise.
  • Software recognition expertise – who rectifies the quality and coverage of data from your SAM technologies if it is incomplete? (Do you even know if it is incomplete)!?

What SAM Managed Service Providers CAN’T do

Finally, it’s worth noting that whilst SAM Managed Service Providers can be very useful in de-risking your SAM implementation and addressing gaps in your team – You cannot outsource your risk. So, whilst you might have a virtual team or multiple stakeholders delivering your compliance position – the buck stops with you and your CEO for your compliance responsibility.

Livingstone has built a SAM calculator for simulating these costs over a three-year period. Download a copy here (Registration Required). 

Can’t find what you’re looking for?