This is part 2 of Brandon Smeets’s and Johan West’s article which looks at how ITAM can build a business case beyond the more traditional ITAM disciplines of cost savings, cost avoidance and risk mitigation. In Part 1 they explored ITAM’s expanding role in Audit Defense & Compliance, and SaaS Governance. In part 2 of they explore ITAM’s role in sustainability and how ITAM data can help different parts of organisation to make more informed decisions.
Read on for part 2.
“All of the above!” – How to build the business case for ITAM (part 2)
I kindly invite you to take a look at the annual reports of large enterprises. Did you notice something? Almost all organizations mentioned that the environment – and sustainability in general – is a very important factor in conducting their business, and they will do their best to be as green as possible. The European Commission (2020) calculated that in 2018, the energy consumption of datacenters in Europe is responsible for 2,7% of the entire energy consumption within the EU and increases day by day. Various studies have proven that all datacenters worldwide together use more energy than most individual countries. Knowing this gives you the opportunity to relate your ITAM business case to a global objective: becoming more sustainable. But what does this exactly mean in terms of ITAM?
- Cloud storage vs. Local datacenters. Do you still need a full high-tech datacenter on-premises or is cloud storage based in efficient datacenters also an option? Many organizations start to struggle with the business case of corporate datacenters as more and more services are being offered via the cloud.
- Recycling hardware. Do not simply scrap something but try to re-use systems and scrap them in an environmentally friendly way. Do you really need to replace a laptop after 3 years? Are all laptops active in use? Is there still something on the shelf?
The two above are just two of many green IT initiatives. We recommend that you take a look at your organization sustainability mission. Maybe there are already green IT initiatives being developed to which you can opt-in. If not, you have an opportunity to relate your strategy to an organization specific goal and make the world a better place at the same time.
4. Big ITAM data
With your discovery tools actively sniffing around the enterprise round the clock, the ITAM department collects vast amounts of information on the IT environment and its components, composition, structure, users and usage. Typically, information collected (and stored) by ITAM tools tend to exceed the use case for ITAM alone – although that might depend on your precise definition of ITAM, but let’s save that philosophical discussion for another day.
At the very basic level, your ITAM tool’s inventory functions offer much more than insights in devices and software usage and how they relate to licenses and subscriptions. Detailed information on OS capable computer devices (both physical and virtual), their hardware configuration and primary users, all software components installed, it’s all there for the taking, including useful information on vendors, device health, warranty and systems and services owners if you play your cards right. Being able to match a device’s or application’s user with a current employee or contractor repository for instance is vital for properly applying information security controls in regards to access to sensitive information, whether the organization’s security framework of choice is either NIST, CIS, ISO27000 or all of the above. In fact, having real-time insight into all IT assets, and who can access them at all times, is a prerequisite for any of those.
Speaking of cyber security, fundamental questions regarding the existence – and equally important, the location and associated owner – of vulnerable IT assets can either be answered based on ITAM data, or verified by matching what the security tools say with what’s in the ITAM repository. “Do we have Citrix? Or SolarWinds? And if yes, where, who owns it and what business is impacted in case of an incident?”. What about Log4j? Any unpatched or legacy OSs out there? Any cloud applications that do not have multifactor authentication enabled? Combine ITAM data with security data and you’ll know instantly. That is, provided that proper governance is in place to ensure complete coverage of the entire IT estate with these tools – which in itself greatly benefits from correlating data sources.
If the cyber security angle doesn’t do the trick, know that there’s a lot more you can do with your ITAM data to make friends. How about helping that CMDB get properly filled and maintained? How about helping the organization predict and plan for upgrades and migrations by providing enterprise-wide End-of-Life and End-of-Support data (yes, the better ITAM tools know all about that). The CIOs out there will love you for it, as according to Gartner tech debt is on top of their headache list.
Another headache that you can help alleviate would be the dispersed application landscapes we tend to see, especially in larger organizations. Being able to categorize applications on functionality – all the way down to the level of differentiating applications as either BI for finance or BI for customer service, as an example – will help the organization make data-driven choices in regards to standardization and rationalization. This will not only get the CIO to grant you an extra year-end bonus; your friends at procurement will stand in line to do the same – as will the security team (there you have them again) and the people from service management, for standardization remains key for all of them in their own right. And before you ask: yes, the better ITAM tools out there can indeed provide this information, regardless of an application being on-prem or in the cloud. No such tool yet at your disposal? If you move quickly, you can still get the acquisition of one into next year’s budget and start reaping the benefits as early as February 2023. Friends from other disciplines might even be inclined to chip and split the bill with you.
Typically, organizations hardly know about half of the information ITAM sits on – and ITAM can hardly get half of the work done that it aspires to. Getting the right resources and tools dedicated to ITAM – and getting the right mandate to be able to execute effectively – are key success factors. Whether working for commercial companies, government entities or charities, money is bound to be the universal language understood by any executive, and with that, efficiency, risk reduction and responsible entrepreneurship. Link your ITAM goals explicitly to organizational goals, and you’ll become indispensable to your management and colleagues. There is an interesting side-benefit to all the data that you collect in the process too; sharing this will make you even more friends – and will allow you to even better contribute to your organization’s goals, and ultimately build the business case for ITAM. In other words, ITAM is a no-brainer. Like breathing.
- Tags: podcast-include