The pain of IT Asset Management
Last week I attended an international IT asset management
conference in Orlando, Florida. This is the first time in
several years that I've been able to simply attend such an
event; usually I have to give a workshop or provide some type of
presentation, so I was really looking forward to being a
nameless face in the crowd.
While at the conference, the thing that struck me most was that
I have become almost desensitized to the fear and the
overwhelmed feeling that most folks experience when taking on an
IT asset management
project. I had forgotten the pain. Listening to asset
managers, software license analysts and IT managers discuss the
obstacles they face was a cold-shower-in-winter wake-up call for
me. I'm sorry, gentle readers; I have become a jaded consultant
giving lip service to my clients when I say, "I know your pain."
So, today, I turn over a new leaf. I now remember the
excruciating misery I felt the first few times I was responsible
for such a project! Yep, it hurts! I can remember clearly now
how panic and dread filled my belly when I first heard of the
Business Software Alliance (BSA) and how they are the software
police, advertising on the radio and billboards trying to get
disgruntled employees to blow the whistle on their employers who
might be out of license compliance.
I had begun to believe that the BSA wasn't really going after
companies anymore but the statistics I heard at the conference
prove otherwise. The BSA published information about 200
settlements, valued at a total of over $19.8 million, made
during a three-year period ending December 2004. In the first
quarter of 2005, they published data on more than 15 new
settlements, valued at over $1.5 million total. Now the
important fact to remember is this: these are only the published
settlements. Savvy lawyers can negotiate to keep a settlement
private for companies found to be out of compliance.
The other fact that I had almost forgotten is that settlements
are only a small portion of the expense companies face when
caught being out of compliance. Experts estimate that in
addition to settlement fees, organizations can expect to spend
three to six times that amount for other costs associated with
an audit and settlement.
In addition to audits by watchdog organizations such as the BSA
and the Software Information and Industry Association (SIIA),
software publishers have apparently stepped up audits among
their own clients. At the conference, a presenter asked for a
show of hands of folks who had been audited by a publisher, and
about 50% to 75% of those attending had been audited. Yikes! If
you read your license agreements carefully, you will likely note
a clause that permits the publishers to audit you too!
Another bit of news that I got out of the conference was an
update on the BSA. Apparently, they have been conducting
antipiracy marketing campaigns in the Dallas and Pittsburg, PA
areas to attempt to encourage corporate whistleblowers in those
markets. Judging by the press releases on the BSA site listing
settlements in those cities, those efforts are paying off. These
successes may be helped by the fact that for the first time in
the U.S., the BSA is offering rewards of up to $50,000 for
qualifying reports received using its hotline or online
reporting form by December 15, 2005. The SIIA also offers up to
a $50K reward to whistleblowers.
So besides the potential risk of failing an audit, IT asset
management is about knowing what you have, buying only what you
need and maximizing the value of the asset throughout its
lifecycle. Why is it so difficult and painful? One presenter
asked attendees what the number one obstacle is to a successful
software asset management program. The top cited reasons were:
lack of executive buy-in, inadequate staffing, inability to
understand software licenses, and organizational silos. This
wasn't news to me! These issues are often cited by my clients as
why their efforts to date haven't been successful. So with those
concerns in mind, I will try to address these primary issues.
Executives usually relate to the financial bottom line. Managing
IT assets effectively improves the bottom line, reduces risk
exposure and increases the return on technology investments.
Gartner, Inc. reports that in the first year of a SAM program
companies can typically save up to 30% in management costs per
asset, and in the subsequent four years savings are about 10% to
15%. In addition, the executives of an organization are
responsible for compliance -- be it Sarbanes-Oxley, regulatory
or software license.
Many of my clients have me provide a presentation to senior
management and the board of directors to elevate awareness and
to help obtain executive buy-in. Awareness elevation can be done
internally, although many have said that having a third party
deliver the message helps significantly. Executives should know
(but may need to be reminded) that the actions of employees are
the legal responsibility of company directors. Once executive
buy-in has been achieved, your focus should move to middle
management and then to end users. It is essential that everyone
in the company respect the need for information technology asset
management.
Experts agree that it is not uncommon to see multiple,
individually funded, virtually identical projects going on
within a company. I've seen this in several instances. While the
projects may have seemingly dissimilar goals such as a
compliance program, security initiative or preparation for a PC
refresh, the majority of the efforts really do overlap.
In addition, although most companies think of asset management
as an IT initiative, it really does involve virtually everyone
in the company and should include departments other than IT.
This directly refers back to the problem with corporate silos
or, as I like to say, the left hand not knowing what the right
hand is doing. A good communications effort will undoubtedly
uncover this type of corporate disconnect.
Information technology is strategically important to the
organization, regardless of the size of the company. Is there
another area in the business that escapes a strong return on
investment analysis? I doubt it! But to be able to measure the
ROI, a strong asset management program must be in place.
Understanding software licenses is no small feat. Consider the
fact that most organizations have several hundred unique
commercial applications on their infrastructure. This could
mean, at any given time, that there are hundreds of contracts in
effect. To take just one publisher as an example, it has been
reported that Oracle has made 397 pages of changes to its
licensing rules and regulations over the past 12 months. Now
multiply that by the number of publishers represented on your
systems and you can clearly see that just keeping up with
changes is a daunting task for anyone!
Remember that contracts can include not only software licenses
but also maintenance agreements, upgrade programs, leases,
services and more. The job of negotiating and managing contracts
should not be left to the untrained. The person or persons
managing contracts should have the ability to read contract
terms and conditions, to understand those terms and conditions
and to apply that understanding to IT requirements.
If your organization doesn't have internal resources to address
the nuances of license agreements, then consider outsourcing
this role to experts. There are a number of companies available
to handle the analysis, negotiation and management of software
license contracts. Outsourcing this task could very likely pay
for itself in savings gained through skillful negotiations and
management by experts.
At the very least, contracts should be centrally managed and
reviewed by experienced staff or legal counsel. In addition,
every contract should be examined to determine what entitlements
and restrictions exist. Those responsible for the installation,
maintenance and retirement of software should be made aware of
the contract elements so that the terms of the agreement are
strictly followed. And contracts must be managed throughout the
life of the agreement; often upgrades are free or less expensive
if taken within specified timeframes.
As far as corporate silos, gee, they exist everywhere! The best
advice that I can give you is to get top-level support for your
SAM or IT asset management initiative. Include on your SAM team
members from various areas within the business, including those
outside your own silo! I've often found that winning over the
biggest troublemakers (or project saboteurs) as early in the
project as possible can be the best tactic for overcoming these
obstacles.
Consider the fact that just about everyone in the organization
can gain something from a good asset management program. Find
out what is needed by other business groups, departments, etc.
You may find not only staffing but budget dollars available to
apply to your project. If, for example, security is looking for
a tool for some specific purpose, it may be that there is a
comprehensive tool that addresses both the needs of the security
team as well as those for asset management. Perhaps the service
or help desk is in need of information or controls; is there an
asset management tool that can serve both needs? Often the
finance and/or procurement groups are in need of a company-wide
method of tracking expenses, contracts, physical assets, etc.
Another avenue is to ask yourself (or management) these
questions: "What is the company doing to prepare for a disaster?
How will the disaster recovery team know what assets exist
without a proper asset management program? What would happen if
disaster struck today? Where would this company be without our
IT assets?" Believe it or not, many companies have yet to plan
an adequate disaster recovery or business continuity program.
You just may be able to sell your idea on the premise that it
will significantly enable any disaster plan or recovery effort.
Remember that IT asset management (ITAM) should be viewed as the
physical, contractual and financial management of technology
assets. ITAM allows us to optimize assets to best meet the needs
of the organization. Make sure that your goals for a SAM or ITAM
program are clear and include performance, risk reduction,
savings, control and accountability.
While I cannot take away the pain of an IT asset management
program, hopefully you have gleaned some helpful hints from my
advice. Further, may I recommend aspirin and antacid on a
regular basis; you will get through it despite the pain!