The pain of IT Asset Management

Last week I attended an international IT asset management conference in Orlando, Florida. This is the first time in several years that I've been able to simply attend such an event; usually I have to give a workshop or provide some type of presentation, so I was really looking forward to being a nameless face in the crowd. While at the conference, the thing that struck me most was that I have become almost desensitized to the fear and the overwhelmed feeling that most folks experience when taking on an IT asset management project. I had forgotten the pain. Listening to asset managers, software license analysts and IT managers discuss the obstacles they face was a cold-shower-in-winter wake-up call for me. I'm sorry, gentle readers; I have become a jaded consultant giving lip service to my clients when I say, "I know your pain." So, today, I turn over a new leaf. I now remember the excruciating misery I felt the first few times I was responsible for such a project! Yep, it hurts! I can remember clearly now how panic and dread filled my belly when I first heard of the Business Software Alliance (BSA) and how they are the software police, advertising on the radio and billboards trying to get disgruntled employees to blow the whistle on their employers who might be out of license compliance. I had begun to believe that the BSA wasn't really going after companies anymore but the statistics I heard at the conference prove otherwise. The BSA published information about 200 settlements, valued at a total of over $19.8 million, made during a three-year period ending December 2004. In the first quarter of 2005, they published data on more than 15 new settlements, valued at over $1.5 million total. Now the important fact to remember is this: these are only the published settlements. Savvy lawyers can negotiate to keep a settlement private for companies found to be out of compliance. The other fact that I had almost forgotten is that settlements are only a small portion of the expense companies face when caught being out of compliance. Experts estimate that in addition to settlement fees, organizations can expect to spend three to six times that amount for other costs associated with an audit and settlement. In addition to audits by watchdog organizations such as the BSA and the Software Information and Industry Association (SIIA), software publishers have apparently stepped up audits among their own clients. At the conference, a presenter asked for a show of hands of folks who had been audited by a publisher, and about 50% to 75% of those attending had been audited. Yikes! If you read your license agreements carefully, you will likely note a clause that permits the publishers to audit you too! Another bit of news that I got out of the conference was an update on the BSA. Apparently, they have been conducting antipiracy marketing campaigns in the Dallas and Pittsburg, PA areas to attempt to encourage corporate whistleblowers in those markets. Judging by the press releases on the BSA site listing settlements in those cities, those efforts are paying off. These successes may be helped by the fact that for the first time in the U.S., the BSA is offering rewards of up to $50,000 for qualifying reports received using its hotline or online reporting form by December 15, 2005. The SIIA also offers up to a $50K reward to whistleblowers. So besides the potential risk of failing an audit, IT asset management is about knowing what you have, buying only what you need and maximizing the value of the asset throughout its lifecycle. Why is it so difficult and painful? One presenter asked attendees what the number one obstacle is to a successful software asset management program. The top cited reasons were: lack of executive buy-in, inadequate staffing, inability to understand software licenses, and organizational silos. This wasn't news to me! These issues are often cited by my clients as why their efforts to date haven't been successful. So with those concerns in mind, I will try to address these primary issues. Executives usually relate to the financial bottom line. Managing IT assets effectively improves the bottom line, reduces risk exposure and increases the return on technology investments. Gartner, Inc. reports that in the first year of a SAM program companies can typically save up to 30% in management costs per asset, and in the subsequent four years savings are about 10% to 15%. In addition, the executives of an organization are responsible for compliance -- be it Sarbanes-Oxley, regulatory or software license. Many of my clients have me provide a presentation to senior management and the board of directors to elevate awareness and to help obtain executive buy-in. Awareness elevation can be done internally, although many have said that having a third party deliver the message helps significantly. Executives should know (but may need to be reminded) that the actions of employees are the legal responsibility of company directors. Once executive buy-in has been achieved, your focus should move to middle management and then to end users. It is essential that everyone in the company respect the need for information technology asset management. Experts agree that it is not uncommon to see multiple, individually funded, virtually identical projects going on within a company. I've seen this in several instances. While the projects may have seemingly dissimilar goals such as a compliance program, security initiative or preparation for a PC refresh, the majority of the efforts really do overlap. In addition, although most companies think of asset management as an IT initiative, it really does involve virtually everyone in the company and should include departments other than IT. This directly refers back to the problem with corporate silos or, as I like to say, the left hand not knowing what the right hand is doing. A good communications effort will undoubtedly uncover this type of corporate disconnect. Information technology is strategically important to the organization, regardless of the size of the company. Is there another area in the business that escapes a strong return on investment analysis? I doubt it! But to be able to measure the ROI, a strong asset management program must be in place. Understanding software licenses is no small feat. Consider the fact that most organizations have several hundred unique commercial applications on their infrastructure. This could mean, at any given time, that there are hundreds of contracts in effect. To take just one publisher as an example, it has been reported that Oracle has made 397 pages of changes to its licensing rules and regulations over the past 12 months. Now multiply that by the number of publishers represented on your systems and you can clearly see that just keeping up with changes is a daunting task for anyone! Remember that contracts can include not only software licenses but also maintenance agreements, upgrade programs, leases, services and more. The job of negotiating and managing contracts should not be left to the untrained. The person or persons managing contracts should have the ability to read contract terms and conditions, to understand those terms and conditions and to apply that understanding to IT requirements. If your organization doesn't have internal resources to address the nuances of license agreements, then consider outsourcing this role to experts. There are a number of companies available to handle the analysis, negotiation and management of software license contracts. Outsourcing this task could very likely pay for itself in savings gained through skillful negotiations and management by experts. At the very least, contracts should be centrally managed and reviewed by experienced staff or legal counsel. In addition, every contract should be examined to determine what entitlements and restrictions exist. Those responsible for the installation, maintenance and retirement of software should be made aware of the contract elements so that the terms of the agreement are strictly followed. And contracts must be managed throughout the life of the agreement; often upgrades are free or less expensive if taken within specified timeframes. As far as corporate silos, gee, they exist everywhere! The best advice that I can give you is to get top-level support for your SAM or IT asset management initiative. Include on your SAM team members from various areas within the business, including those outside your own silo! I've often found that winning over the biggest troublemakers (or project saboteurs) as early in the project as possible can be the best tactic for overcoming these obstacles. Consider the fact that just about everyone in the organization can gain something from a good asset management program. Find out what is needed by other business groups, departments, etc. You may find not only staffing but budget dollars available to apply to your project. If, for example, security is looking for a tool for some specific purpose, it may be that there is a comprehensive tool that addresses both the needs of the security team as well as those for asset management. Perhaps the service or help desk is in need of information or controls; is there an asset management tool that can serve both needs? Often the finance and/or procurement groups are in need of a company-wide method of tracking expenses, contracts, physical assets, etc. Another avenue is to ask yourself (or management) these questions: "What is the company doing to prepare for a disaster? How will the disaster recovery team know what assets exist without a proper asset management program? What would happen if disaster struck today? Where would this company be without our IT assets?" Believe it or not, many companies have yet to plan an adequate disaster recovery or business continuity program. You just may be able to sell your idea on the premise that it will significantly enable any disaster plan or recovery effort. Remember that IT asset management (ITAM) should be viewed as the physical, contractual and financial management of technology assets. ITAM allows us to optimize assets to best meet the needs of the organization. Make sure that your goals for a SAM or ITAM program are clear and include performance, risk reduction, savings, control and accountability. While I cannot take away the pain of an IT asset management program, hopefully you have gleaned some helpful hints from my advice. Further, may I recommend aspirin and antacid on a regular basis; you will get through it despite the pain!