Since I will starting a new, permanent position soon, I will be placing ITAM Secrets into hibernation for a while.
Thanks everyone who read things here, you'll still see me on LinkedIn, commenting on your posts there, but not going to be time to devote to this anymore.
Thanks for coming!
Wednesday, March 28, 2018
Sunday, March 18, 2018
ITAM Policies - They Matter
In a recent discussion with an IT Asset Management professional, the question of policies came up, and I was asked, what did I do to establish policies and how did we go about doing that.
It's a good question and one you should be considering for your IT asset management (ITAM) program. Policy Management is one of the foundational key process areas (KPA) of an ITAM program so it deserves special consideration. It is an area the busy ITAM can be tempted lay aside as something to be considered later. Maybe you have some good policies already and have used them and they seem adequate, but are you constantly staying ahead? Are you keeping them fresh?
I admit in our case, we did not do a couple of things that I consider best practices that would have helped our cause tremendously. We never consciously pushed Policy Management in our program, although we did have some essential policies, they were not primarily driven by Asset Management, and they did not have the imprimatur of the CIO. In hindsight, those were mistakes.
If your IT organization does not have a formal policy management and/or policy process as part of governance, you're behind the curve. I consider these foundations of a solid IT organization. Coming from a resource and money challenged world, I understand these can seem luxury items. Ultimately, your organization will discover they are necessities, not luxuries, and you'll pay the price. I can say from experience, if you do not bring asset management to the forefront of your IT organization's and CIO's thinking, your ITAM program will never be considered strategic, and you'll always play second fiddle to others. You're minimizing your role in the organization, you're doing it voluntarily, and you risk the program being relegated to second citizen status, or disestablished. I've been there. In my defense, if your business is severely financially challenged, you may not be able to forestall this anyway, but, give yourself and your team a fighting chance. Apologies for the digression, I'll save this entire subject for another blog post.
Returning to Policy Management...
If you're just starting an ITAM program, you need to give policies some thought. If you have CIO level backing starting out, this is a good time to establish that C-level involvement, via policy. As I said, you will want that going forward. As your program matures, more and more of the policy level decisions and policies will be delegated to you and your team, but you want the people impacted by policies to always know that these are C-level policies and they will be treated as such. That means they will be enforced and updated. Get C-level signature on your policies. Have your CIO at least read them and agree with them. Make sure the CIO understands you intend to enforce policies uniformly (more on that later). Make sure they have the stomach to live up to these policies.
If your ITAM program is established, or semi-established, and you lack policies, you will need to lobby for C-level approval and signature on them. If you have an IT Governance organization, you will want and need to work with them to get your policies approved at the highest levels necessary. I highly recommend you do this. It is equally important for the C-level sponsor to understand that these policies exist and that ultimately, they are responsible for their education, enforcement, and management. Can I say that again? I can. Make sure your C-level understands they are responsible for these and you intend to enforce them. No matter who the offender may be.
A good essay on this is from the ITAM Review - "Why do IT Policies Fail," (The ITAM Review, Aug 6, 2010) - an important point in this article is that people look up to leadership, "Too often, managers also break the IT policies very publicly. Similar to parenting, executives and managers need to be on the same page by saying and doing the same thing." Be aware of this, and either enforce policies uniformly, or change them to become uniform. A policy that is routinely ignored is ineffective, useless, and sends a signal that all policies are to be ignored. Better to change the policy (for example, a policy mandating use of corporate standard laptops), than to undermine all you do because, say, a certain group of individuals are allowed to deviate from standards. When your Sales reps find out, for instance, that the VP of Sales has a Macbook Pro that is denied to them because they need to use the standard Windows laptop, it will not only make a fool of you (and others) it will create cynicism and anger amongst the workforce. Again, a future blog post.
It's a good question and one you should be considering for your IT asset management (ITAM) program. Policy Management is one of the foundational key process areas (KPA) of an ITAM program so it deserves special consideration. It is an area the busy ITAM can be tempted lay aside as something to be considered later. Maybe you have some good policies already and have used them and they seem adequate, but are you constantly staying ahead? Are you keeping them fresh?
I admit in our case, we did not do a couple of things that I consider best practices that would have helped our cause tremendously. We never consciously pushed Policy Management in our program, although we did have some essential policies, they were not primarily driven by Asset Management, and they did not have the imprimatur of the CIO. In hindsight, those were mistakes.
If your IT organization does not have a formal policy management and/or policy process as part of governance, you're behind the curve. I consider these foundations of a solid IT organization. Coming from a resource and money challenged world, I understand these can seem luxury items. Ultimately, your organization will discover they are necessities, not luxuries, and you'll pay the price. I can say from experience, if you do not bring asset management to the forefront of your IT organization's and CIO's thinking, your ITAM program will never be considered strategic, and you'll always play second fiddle to others. You're minimizing your role in the organization, you're doing it voluntarily, and you risk the program being relegated to second citizen status, or disestablished. I've been there. In my defense, if your business is severely financially challenged, you may not be able to forestall this anyway, but, give yourself and your team a fighting chance. Apologies for the digression, I'll save this entire subject for another blog post.
Returning to Policy Management...
If you're just starting an ITAM program, you need to give policies some thought. If you have CIO level backing starting out, this is a good time to establish that C-level involvement, via policy. As I said, you will want that going forward. As your program matures, more and more of the policy level decisions and policies will be delegated to you and your team, but you want the people impacted by policies to always know that these are C-level policies and they will be treated as such. That means they will be enforced and updated. Get C-level signature on your policies. Have your CIO at least read them and agree with them. Make sure the CIO understands you intend to enforce policies uniformly (more on that later). Make sure they have the stomach to live up to these policies.
If your ITAM program is established, or semi-established, and you lack policies, you will need to lobby for C-level approval and signature on them. If you have an IT Governance organization, you will want and need to work with them to get your policies approved at the highest levels necessary. I highly recommend you do this. It is equally important for the C-level sponsor to understand that these policies exist and that ultimately, they are responsible for their education, enforcement, and management. Can I say that again? I can. Make sure your C-level understands they are responsible for these and you intend to enforce them. No matter who the offender may be.
A good essay on this is from the ITAM Review - "Why do IT Policies Fail," (The ITAM Review, Aug 6, 2010) - an important point in this article is that people look up to leadership, "Too often, managers also break the IT policies very publicly. Similar to parenting, executives and managers need to be on the same page by saying and doing the same thing." Be aware of this, and either enforce policies uniformly, or change them to become uniform. A policy that is routinely ignored is ineffective, useless, and sends a signal that all policies are to be ignored. Better to change the policy (for example, a policy mandating use of corporate standard laptops), than to undermine all you do because, say, a certain group of individuals are allowed to deviate from standards. When your Sales reps find out, for instance, that the VP of Sales has a Macbook Pro that is denied to them because they need to use the standard Windows laptop, it will not only make a fool of you (and others) it will create cynicism and anger amongst the workforce. Again, a future blog post.
What policies do I need?
The CITAM manual does a nice job laying out the policies that you may want, and some that you really must have. When I was asked this question, I honestly had not given this a lot of thought, so I was a bit flat footed, but immediately, these came to mind:
- Acceptable use policy
- Procurement policy
- Lost/stolen assets policy
Acceptable use dictates how software is used in your organization, this typically may delve into using in accordance with the agreed-to licensing restrictions (i.e. the EULA), while procurement is intended to set a policy that determines who can buy assets, and how they are purchased. Lost/stolen assets deals with the responsibilities of end users when assets are lost or stolen. In my experience, the first two were handled annually as part of the employee code of conduct training that employees acknowledged every year, but admittedly, the amount of training the employees got on these was essentially a one liner in the training, so not the kind of meat you might prefer. These kind of training items are more likely an attempt to get a signature on a variety of topics that get lumped into these annual events, so, you may want to be more proactive in getting these policies communicated.
You'll also note that even in just these three policies, there are more stakeholders than ITAM. For acceptable use, you are going to have Service Management and Application Managers heavily involved, and likely your Procurement teams. A procurement policy may (in our case it was) be owned by Procurement. It may be extremely detailed depending on the complexity of your Finance organization and how spending is approved. A lost/stolen assets policy is going to cut across multiple groups - you SM folks again, your help desk personnel, InfoSec, and perhaps even into Finance.
The point is policy can't be crafted in a vacuum, you are going to have multiple stakeholders, but since ITAM's are policy "experts" I highly encourage you to break out your manuals, develop templates, and give your compatriots the benefit of your knowledge and draft policies for them to review.
Other policies...
IAITAM recommends a variety of policies, but remember these are recommendations, your mileage may vary, so I'll just highlight a few that I think are important enough to be at the top of your list:
- Scope/Authority for Management of IT Assets - this is one I wish I had made NUMBER ONE on my list. With C-level signature on this, giving ITAM this responsibility, it is all you need to have when dealing with recalcitrant co-workers.
- Vendor Communications - dealing with how the business deals with vendors
- Response to Audit Requests - you should have an overarching Audit Plan, but a policy statement about how employees deal with Audit Requests would be highly beneficial.
There are many more recommended by IAITAM and other experts will even have more. Your specific policies will be something you need to consider, but start an outline and identify the policies, the stakeholders and put this high on your to-do list.
Action Items
- Develop templates or use existing ones
- Push to have a Policy Manual in your IT Department
- Publish them on your intranet, and have an ongoing communication plan. Normal users can likely survive with the annual refresher training described above, but you'll want to go into more depth with certain users (for example, some of these policies will impact IT personnel directly - if you have lunch and learns sessions, or dedicated IT Training time, consider using that). Keep these events relatively short to encourage participation.
- Have a plan for revisions to policies, include the revision cycle as part of the policy itself
- Have the appropriate people sign off on policies.
Your feedback...
What policies do you have? What do you find essential in your ITAM program? What advice do you have for other ITAM's out there struggling with Policy Management?
Friday, March 9, 2018
IT Asset Disposal - A Journey
If you attend ITAM events, you have undoubtably noticed that the booths are filled with companies in the Asset Disposal line of business.
Take a moment to peruse the Basel Action Network's website, and consider whether you want your company to be associated with some of the egregious actions of unscrupulous e-waste recyclers. Laws in most countries you do business with consider electronic waste as hazardous material that requires special handling. If avoiding this kind of publicity isn't enough to get your management serious about IT Asset Disposal, then consider that an IT Asset Disposal program, properly managed, and partnered with the right vendor (for you), provides a way to get something back (usually some money) for your old assets.
We used a single ITAD vendor for many years, and had good success with them. However, this vendor only picked up used hardware, took it to their warehouse, weighed it, and we got a percentage of the "value" by weight, after their expenses. In this scenario, our service management provider wiped all the PC hard drives and provided certification of their wiping via a periodic report. Nothing went to disposal without that.
Your data destruction requirements may differ. If you're in certain industries, for example like health care, or financial services, you may have more stringent requirements that require you to physically destroy hard drives. Make sure your InfoSec teams are involved in this portion of the decision, as they will typically set these requirements.
We were relatively happy with this relationship, until one day we were approached by another (in this case local) vendor who would actually sell our old assets and give us a percentage of the sale. How revolutionary! All we had to do was give them a list of the assets by make/model, they'd provide a quote, then we'd arrange a pick up. Our ITSM vendor was still performing final disk wipes and providing certification at this point.
This was a much more modern approach, but, we still had to parse the stuff that went straight to destruction to vendor 1, and the stuff to be "consigned" to Vendor 2. We had to update our asset management systems when we received the final disposition reports from our vendors. So, some work for us still.
Vendor 1 was always reliable, but didn't provide very high level services, while Vendor 2 turned out to be not so reliable at bringing us our checks. That proved a constant thorn in our side, an annoyance, and we felt we weren't getting the maximum value for our assets. While they were handling secondary market sales, we just didn't see much in additional services they could provide.
We managed a separate donation program ourselves. We did this internally, and on request usually from someone within the company. If you've ever tried this, you know this is a huge task if you get very many requests, and we did receive quite a few, so this created a backlog.
We also often got asked by our end users, "Can I buy my PC when I get upgraded (or leave the company)?" We always wanted to say yes to these folks, because we could have managed them in the context of our donation program, but for many years, our Legal department forbade this. We never truly understood the rationale (do your companies' forbid this? If so, what rationale do they provide) but we had a change in management in our Legal department, and after pursuing it again, they approved the creation of an Employee Purchase Program.
Now we had some new requirements. We wanted a vendor who could handle the entire disposal process, relieving our field techs of the wiping task (allowing us to remove it from the contract and remove costs there), who could handle a donation and employee purchase program, relieving my team of that task, who could provide detailed reporting (to the component level), and who could get us checks on time.
After some luck and searching, we were fortunate enough to find a vendor who could meet all our needs. I am happy to say that in the intervening time (just a couple of years), several other ITAD vendors have matured to be able to provide these same services. Should you have similar requirements, the good news is you'll have plenty of choices.
If you provide company mobile phones, they are valuable as well. Especially iPhones, and any Mac for that matter. We used to joke that as asset managers, we wished the company would standardize on Macs because we could get so much for them on resale. iPads are extremely valuable on resale. With iPads, you will find high demand for these as donations. Schools, especially, use iPads, and with budgets extremely tight, they provide an excellent opportunity to give back to your community.
In fact, an active donation program can and should be a part of your corporate giving program. If your company has specific giving goals, ensure that the teams who manage that are aware of, endorse, and have data from the donation of used assets. I didn't begin an employee purchase or donation program because of any personally altruistic desires - one was out of demand (the EPP) and the other was simply because people asked. They both make sense and they are simply the right thing to do. The fact that they're also socially, and environmentally responsible, is a bonus. These may be primary reasons for some. As they say, your mileage may vary.
Do not be put off if you use your assets until you think they are absolutely worn out. You would be surprised the value that remains in your assets. In our case, we were sending 6+ year old HP laptops to resale, and they were still getting prices I was shocked to see. What I observed, and I expect some who monitor these markets can confirm, is that your hardware assets have an absolute bottom that they reach and stay there for some time.
Take a moment to peruse the Basel Action Network's website, and consider whether you want your company to be associated with some of the egregious actions of unscrupulous e-waste recyclers. Laws in most countries you do business with consider electronic waste as hazardous material that requires special handling. If avoiding this kind of publicity isn't enough to get your management serious about IT Asset Disposal, then consider that an IT Asset Disposal program, properly managed, and partnered with the right vendor (for you), provides a way to get something back (usually some money) for your old assets.
Our Journey
Our story is probably not unlike many others.We used a single ITAD vendor for many years, and had good success with them. However, this vendor only picked up used hardware, took it to their warehouse, weighed it, and we got a percentage of the "value" by weight, after their expenses. In this scenario, our service management provider wiped all the PC hard drives and provided certification of their wiping via a periodic report. Nothing went to disposal without that.
Your data destruction requirements may differ. If you're in certain industries, for example like health care, or financial services, you may have more stringent requirements that require you to physically destroy hard drives. Make sure your InfoSec teams are involved in this portion of the decision, as they will typically set these requirements.
We were relatively happy with this relationship, until one day we were approached by another (in this case local) vendor who would actually sell our old assets and give us a percentage of the sale. How revolutionary! All we had to do was give them a list of the assets by make/model, they'd provide a quote, then we'd arrange a pick up. Our ITSM vendor was still performing final disk wipes and providing certification at this point.
This was a much more modern approach, but, we still had to parse the stuff that went straight to destruction to vendor 1, and the stuff to be "consigned" to Vendor 2. We had to update our asset management systems when we received the final disposition reports from our vendors. So, some work for us still.
Vendor 1 was always reliable, but didn't provide very high level services, while Vendor 2 turned out to be not so reliable at bringing us our checks. That proved a constant thorn in our side, an annoyance, and we felt we weren't getting the maximum value for our assets. While they were handling secondary market sales, we just didn't see much in additional services they could provide.
We managed a separate donation program ourselves. We did this internally, and on request usually from someone within the company. If you've ever tried this, you know this is a huge task if you get very many requests, and we did receive quite a few, so this created a backlog.
We also often got asked by our end users, "Can I buy my PC when I get upgraded (or leave the company)?" We always wanted to say yes to these folks, because we could have managed them in the context of our donation program, but for many years, our Legal department forbade this. We never truly understood the rationale (do your companies' forbid this? If so, what rationale do they provide) but we had a change in management in our Legal department, and after pursuing it again, they approved the creation of an Employee Purchase Program.
Now we had some new requirements. We wanted a vendor who could handle the entire disposal process, relieving our field techs of the wiping task (allowing us to remove it from the contract and remove costs there), who could handle a donation and employee purchase program, relieving my team of that task, who could provide detailed reporting (to the component level), and who could get us checks on time.
After some luck and searching, we were fortunate enough to find a vendor who could meet all our needs. I am happy to say that in the intervening time (just a couple of years), several other ITAD vendors have matured to be able to provide these same services. Should you have similar requirements, the good news is you'll have plenty of choices.
Take charge of ITAD
In many organizations, your service management teams will own asset disposal. They may be doing a great job, but odds are that they're solely focused on the disposal requirements and meeting only the security requirements set out by your security teams. If this is the case, it is incumbent upon asset managers to ask questions and get involved in the entire life cycle management of assets. In the case of data center assets and network hardware, you're looking at signifiant amounts of dollars in value that remain in those assets. The market for them is even greater than for end-user assets. Have a plan for them.If you provide company mobile phones, they are valuable as well. Especially iPhones, and any Mac for that matter. We used to joke that as asset managers, we wished the company would standardize on Macs because we could get so much for them on resale. iPads are extremely valuable on resale. With iPads, you will find high demand for these as donations. Schools, especially, use iPads, and with budgets extremely tight, they provide an excellent opportunity to give back to your community.
In fact, an active donation program can and should be a part of your corporate giving program. If your company has specific giving goals, ensure that the teams who manage that are aware of, endorse, and have data from the donation of used assets. I didn't begin an employee purchase or donation program because of any personally altruistic desires - one was out of demand (the EPP) and the other was simply because people asked. They both make sense and they are simply the right thing to do. The fact that they're also socially, and environmentally responsible, is a bonus. These may be primary reasons for some. As they say, your mileage may vary.
Do not be put off if you use your assets until you think they are absolutely worn out. You would be surprised the value that remains in your assets. In our case, we were sending 6+ year old HP laptops to resale, and they were still getting prices I was shocked to see. What I observed, and I expect some who monitor these markets can confirm, is that your hardware assets have an absolute bottom that they reach and stay there for some time.
My bottom line notes:
- Work with your InfoSec and Legal teams to ensure you document and detail the disposal requirements to protect corporate data, and comply with any existing laws. Most vendors you'd be considering can meet these requirements, so this is table stakes kind of stuff. It's also the most important aspect.
- Plan for end-of-life when you initially purchase assets. If you are leasing, you have a different set of things to do at end-of-life, and that's a discussion for another post, but if you purchase your assets, you have some things to consider. Note that there are ITAD vendors who can assist you with returns of leased assets. If you are knew to leasing, I highly advise you to have a serious discussion with the teams who are most interested in leasing assets and ensure they understand the total costs associated with leasing. Often, leasing is a means to get hardware bought with operational money (vice capital dollars), but everyone needs to understand that at end-of-lease, there are large, often unplanned, and completely lacking in value to the business, steps that must be taken to return leased assets, and the costs on return can be quite high. You must model this as part of the entire lease decision. Again, another future post will go into some detail on this.
- Even after you've settled on data destruction requirements, you may want to consider making it a requirement that your ITAD vendor be e-stewards certified. This is a way to provide confidence that your assets aren't seen on "60 Minutes" in a Chinese waste city (subscription required).
- Do you want an employee purchase program? How will you manage it? Who will host it? What discount do employees receive? What are the security requirements for employee-offered equipment? Note that many employees will want to buy their own asset when it's replaced. Will you allow this? How will you manage the data destruction requirements on these devices?
- Do you have physical destruction requirements? If so, and you want to resell hardware, how does this impact your profit on resale? Same questions apply for donations and EPP.
- Donations - do you want to allow these? How do you manage such a program? Who will you allow donations to? You'll want to go through this with your Legal team to put rules in place about what kinds of organizations you'll donate to. And you'll need some guidelines for approvals on donations.
Wednesday, February 28, 2018
A brief chat about culture...
I fancy myself a bit of an expert on the culture of organizations.
I led or participated in over 50 Submarine Culture Workshops as a Navy reservist. The program was adapted from NavyAviation Culture Workshops, something aviators had been doing since the early 1990's, and also is used by the Navy's Surface community. These events are an intense two days with six two hour sessions conducted with a 15-20 person subset of each level of the crew, going from lowest levels to the highest (deparment head) with in briefs and outbriefs with the Commanding Officer (CO) and his leadership team.
The goal is to provide the CO with actionable insights into the culture of his ship. My experience is we had great success and submarine COs found our output often validating, sometimes eye opening, but always useful.
In Corporate America, do we truly spend time understanding the culture of our organizations? Is this something we try to cultivate? Is the modern corporation just too big to develop a meaningful culture? A submarine has a crew of maybe 150 people, but can we develop a single culture in an organization of 5,000, 10,000, 300,000 people?
Having worked in companies of these sizes, I have observed that yes, they all had particular corporate cultures. Those developed over many years, and became part of the DNA of the company. Of course, as company size increases, sub-cultures spring up and take root. They tend to contain elements of the core culture, but develop their own tentacles and peculiarities. Mergers and acquisitions create changes and conflict and sometimes they mesh, and sometimes they don't. Culture clashes can be the biggest impediment to a successful merger. Corporate re-organizations often don't seem to take enough stock of the clash of cultures from the changes. And people wonder why they fail.
Is your management aware of the culture of your organization? What do they do to cultivate a particular culture? Is this something that is even on their radar?
Since my audience is Asset Managers, and IT beyond that - does your management understand the culture of your organization or department? Is it something they think about when hiring people, when analyzing problems? When reviewing projects?
Your culture can be a make or break proposition.
I have observed that the highest performing submarines generally had cultures that we would describe as positive and people-centered. Leadership teams who take an active interest in their people and who truly listen and communicate back to their crews, simply succeed. It is possible for hard driving leaders to achieve results, but often it comes at the expense of a culture that borders on toxic, and that may be held together simply by the will of a layer of management lower who shields others from that toxicity. These examples don't stand the test of time. Burnout occurs or accidents happen. People move on to other careers (in these cases, they leave the service). It's a dangerous strategy to pursue.
What's this have to do with IT Asset Management?
I've railed that tools are not the be-all, end-all for asset management. I consider leadership commitment to be another essential element for ITAM success. At the highest level of your organization. You require a culture that respects and understands the benefits that professional ITAM brings. You require leadership's trust in you, and you need to trust them.
The good news is that culture can change. But culture changes require an understanding of where you are now, and the leadership commitment to change and move to a better place.
Do you understand and can you describe the culture of your organization?
Can your management?
Is your culture the kind where ITAM thrives, or is it one where ITAM is either barely acknowledged, or pigeonholed or forgotten entirely?
Does your company have a Chief Culture Officer? Is this person effective?
Best to be honest about addressing this. If you're in a situation where your culture is holding your team back, you need to have a discussion with your management and get it fixed (or, God forbid, move on). Odds are it is not just the ITAM team being impacted. One of the things I most heard when conducting workshops was "It was nice learning that other shipmates felt the same way I did."
When we're all working in our own little corners of the organization, we don't talk enough to each other to understand that we may have serious issues of communications, trust, etc that impact us all. Culture workshops bring people together to expose these issues, and I recommend it. But, you can achieve the same by talking to people.
If you're fortunate enough to be in an organization with a culture that breeds success, good for you. Remember what that looks like, and how it happens, because if you find yourself elsewhere, your experience may be required to change the next place.
I led or participated in over 50 Submarine Culture Workshops as a Navy reservist. The program was adapted from NavyAviation Culture Workshops, something aviators had been doing since the early 1990's, and also is used by the Navy's Surface community. These events are an intense two days with six two hour sessions conducted with a 15-20 person subset of each level of the crew, going from lowest levels to the highest (deparment head) with in briefs and outbriefs with the Commanding Officer (CO) and his leadership team.
The goal is to provide the CO with actionable insights into the culture of his ship. My experience is we had great success and submarine COs found our output often validating, sometimes eye opening, but always useful.
In Corporate America, do we truly spend time understanding the culture of our organizations? Is this something we try to cultivate? Is the modern corporation just too big to develop a meaningful culture? A submarine has a crew of maybe 150 people, but can we develop a single culture in an organization of 5,000, 10,000, 300,000 people?
Having worked in companies of these sizes, I have observed that yes, they all had particular corporate cultures. Those developed over many years, and became part of the DNA of the company. Of course, as company size increases, sub-cultures spring up and take root. They tend to contain elements of the core culture, but develop their own tentacles and peculiarities. Mergers and acquisitions create changes and conflict and sometimes they mesh, and sometimes they don't. Culture clashes can be the biggest impediment to a successful merger. Corporate re-organizations often don't seem to take enough stock of the clash of cultures from the changes. And people wonder why they fail.
Is your management aware of the culture of your organization? What do they do to cultivate a particular culture? Is this something that is even on their radar?
Since my audience is Asset Managers, and IT beyond that - does your management understand the culture of your organization or department? Is it something they think about when hiring people, when analyzing problems? When reviewing projects?
Your culture can be a make or break proposition.
I have observed that the highest performing submarines generally had cultures that we would describe as positive and people-centered. Leadership teams who take an active interest in their people and who truly listen and communicate back to their crews, simply succeed. It is possible for hard driving leaders to achieve results, but often it comes at the expense of a culture that borders on toxic, and that may be held together simply by the will of a layer of management lower who shields others from that toxicity. These examples don't stand the test of time. Burnout occurs or accidents happen. People move on to other careers (in these cases, they leave the service). It's a dangerous strategy to pursue.
What's this have to do with IT Asset Management?
I've railed that tools are not the be-all, end-all for asset management. I consider leadership commitment to be another essential element for ITAM success. At the highest level of your organization. You require a culture that respects and understands the benefits that professional ITAM brings. You require leadership's trust in you, and you need to trust them.
The good news is that culture can change. But culture changes require an understanding of where you are now, and the leadership commitment to change and move to a better place.
Do you understand and can you describe the culture of your organization?
Can your management?
Is your culture the kind where ITAM thrives, or is it one where ITAM is either barely acknowledged, or pigeonholed or forgotten entirely?
Does your company have a Chief Culture Officer? Is this person effective?
Best to be honest about addressing this. If you're in a situation where your culture is holding your team back, you need to have a discussion with your management and get it fixed (or, God forbid, move on). Odds are it is not just the ITAM team being impacted. One of the things I most heard when conducting workshops was "It was nice learning that other shipmates felt the same way I did."
When we're all working in our own little corners of the organization, we don't talk enough to each other to understand that we may have serious issues of communications, trust, etc that impact us all. Culture workshops bring people together to expose these issues, and I recommend it. But, you can achieve the same by talking to people.
If you're fortunate enough to be in an organization with a culture that breeds success, good for you. Remember what that looks like, and how it happens, because if you find yourself elsewhere, your experience may be required to change the next place.
Asset vs. Configuration Management
I stumbled across this 2013 presentation published at BrightTalk.com by Pink Elephant's George Spalding on the differences and relationships between configuration management and asset management.
When we migrated to Universal Discovery for asset discovery, we made sure we took the Universal Configuration Management Database (UCMDB) course first, which introduced us stupid asset managers to configuration items. And while to those of us who managed assets, this seemed an infuriating way to learn, it was invaluable to have that background, especially today, when asset and configuration management databases are likely to be shared (and in the spirit of keeping data in ONE place, should be).
I really can't improve on this presentation. It was a timely reminder of lessons learned some time ago, and I didn't have to sit through that 5 day UCMDB course again!
If you're interested in the subject, this is a great primer.
When we migrated to Universal Discovery for asset discovery, we made sure we took the Universal Configuration Management Database (UCMDB) course first, which introduced us stupid asset managers to configuration items. And while to those of us who managed assets, this seemed an infuriating way to learn, it was invaluable to have that background, especially today, when asset and configuration management databases are likely to be shared (and in the spirit of keeping data in ONE place, should be).
I really can't improve on this presentation. It was a timely reminder of lessons learned some time ago, and I didn't have to sit through that 5 day UCMDB course again!
If you're interested in the subject, this is a great primer.
Friday, February 16, 2018
Don't Keep Your Successes Secret
I called this blog "ITAM Secrets" not because there are actually any secrets to success in IT Asset Management (there are not), but because we, as a community, seem to keep ourselves and what we do, secret.
This week, I met a gentleman in Telecom Expense Management. This is a function much like what we do in Asset Management, focused on cost reduction. We talked a long time about the industry and asset management since we're both in a field where the savings are obvious, but...
We know that management often doesn't really appreciate the function of asset management, or they take it for granted, or they assume that all their Service/Product managers are taking care of things. The same thing seems true on the Telecom side. I know from experience, before my architecture team started going through telecom bills line by line, we were just paying them, as though our telecom vendor was perfect and pure as the driven snow. They were, but we weren't smart enough to check up that things we no longer needed, were broken down and billing stopped.
I am guilty of failing to evangelize enough internally about what asset managers do, and the value we bring to the business. Here's a secret I'll share -
As part of the Communication and Education KPA (remember your IATAM training), we need to understand "The success of an ITAM program strongly depends on how well the organization’s employees are educated and how well the program’s goals are communicated." [emphasis mine]
What I failed to understand adequately was that the program's goals need to be communicated, and communicated, and communicated again. You can't overemphasize the value you're bringing to the business. For example, here's stuff our team did, sometimes in partnership with others, but I can honestly say, that in our case, if Asset Management had not driven these things, I am confident they would not have happened:
This week, I met a gentleman in Telecom Expense Management. This is a function much like what we do in Asset Management, focused on cost reduction. We talked a long time about the industry and asset management since we're both in a field where the savings are obvious, but...
We know that management often doesn't really appreciate the function of asset management, or they take it for granted, or they assume that all their Service/Product managers are taking care of things. The same thing seems true on the Telecom side. I know from experience, before my architecture team started going through telecom bills line by line, we were just paying them, as though our telecom vendor was perfect and pure as the driven snow. They were, but we weren't smart enough to check up that things we no longer needed, were broken down and billing stopped.
I am guilty of failing to evangelize enough internally about what asset managers do, and the value we bring to the business. Here's a secret I'll share -
DO NOT MAKE THIS MISTAKE IN YOUR PROGRAM!
As part of the Communication and Education KPA (remember your IATAM training), we need to understand "The success of an ITAM program strongly depends on how well the organization’s employees are educated and how well the program’s goals are communicated." [emphasis mine]
What I failed to understand adequately was that the program's goals need to be communicated, and communicated, and communicated again. You can't overemphasize the value you're bringing to the business. For example, here's stuff our team did, sometimes in partnership with others, but I can honestly say, that in our case, if Asset Management had not driven these things, I am confident they would not have happened:
- Saved over $1.5M annually by proactively managing maintenance renewals and cloud contracts
- Saved over $2M annually by managing end of lease terms on hardware, and extending the life of hardware, for example...
- Extended over 2000 desktop PCs by spending $100 on SSD upgrades, vice spending $800/machine on replacements. Furthermore, benchmark testing showed the machines were just as fast under Windows 10, as the new would have been.
- Sought alternatives to purchasing Apple iPads from traditional resellers or Apple, saving over $200/machine
- Reharvested software licenses, saving half a million dollars in new software costs
- Proactively managed user accounts for web based services (of course, initially purchased outside IT) and reduced the number of needed licenses to save hundreds of thousands of dollars.
- Provided our employees with the opportunity to purchase end-of-business-life PC's, laptops, and tablets via partnership with our ITAD vendor.
- Partnered with that vendor and employees to donate hundreds of machines, and hundreds of thousands of dollars worth of equipment to charities.
- Responded to audit inquiries and participated in vendor audits. While we weren't a big target of software vendors for audits, I can proudly say, during my tenure as an IT Asset Manager, we never paid ONE CENT to a vendor as a result of an audit finding.
That, to me, is an impressive list, and it's just off the top of my head. If you were given the opportunity to think about it and research it, you could likely come up with a plethora of impressive things you're accomplishing in asset management. If your program is just getting started, you have so much low hanging fruit, you could likely save huge percentages for the IT budget.
As your program matures, the numbers will get less impressive, but as you expand your reach and your influence, you'll be able to impact projects when they begin. Partnering with standards setting teams and architects to ensure the best technical solutions are matched with the best asset management solutions to ensure year over year costs are minimized.
Just don't keep this stuff a secret. You have a compelling story to tell, so make Communication and Education an important part of that story. Those of you within IT organizations, you are going to be one of the rare groups who does not cost the organization money. You save it. You will have tangible results. Where development teams struggle to show what they have done has impacted bottom line numbers, you can point to actual, real, quantifiable savings, and say, "But for us, that doesn't happen."
I'm curious, those of you who do this well, please share with our community what you're doing, and how ITAM stays in the forefront of not just your CIO, but the business as a whole.
Saturday, February 10, 2018
Process. Process. Process. ITAM is all about it.
Because this blog is borne of my job search, I believe we, as professional IT Asset Managers, need to focus some attention on process versus tools.
As a job seeker, I find the focus on tools a bit infuriating. Unless you're looking for someone to administer the tools, or to shepherd you through an upgrade or migration, the particular tool in use is not something I'd consider terribly important to someone's capabilities as an Asset Manager (AM). As a differentiator in two otherwise identical candidates, sure, but if your HR screen is eliminating people because their background is with Asset Manager, or Aspera, and you use Flexera, you are probably eliminating candidates who should be given due consideration - to your detriment.
The tools have become more user and report friendly, and provide great value to organizations, as they don't need huge support staffs, nor detailed knowledge of the data to get good information from them.
I consider this is a double-edged sword, because when an audit hits, you are going to crave AM's who deeply understand your data - their ability to talk the language of software asset management, and their intimate knowledge of a particular vendor's licensing, as well as understanding of your own effective license position, will make any audit go much smoother. You should always thrive to know more about your ELP than any vendor possibly could, and be able to defend it. If you're relying on a tool in time of crisis for this, you've already lost.
Also, in order to reharvest software and to negotiate at renewal time, it will be highly beneficial if your Software Asset Manager (SAM) understands the user community, the potential user communities, and the vendor options available. Just knowing what's installed and what's owned is table stakes.
Most modern tools provide the capability to discover assets (or use your existing configuration management systems, like SCCM, to do it), to rationalize them, and to normalize the software to the version and edition (they better!), and most provide you with utilization information. These things are vital to the asset manager to help with decision making. Again, these are table stakes. If your tool can't do these, it's not an effective tool. If you don't know whether it can, you need different asset managers.
Tools that further integrate with service management systems will provide greater value and ease the life of the asset manager and the technicians on whom we rely. My advice when choosing tools is DO NOT FORGET THIS! Having tight integration between service and asset management tools will pay great dividends as you move forward.
Without robust processes, understood by your asset (and service) management staff, you will fail, no matter how awesome the tool is. If I had a nickel for every time I heard some IT Manager say, "We have asset management, we bought x-awesome tool to do that," I'd have, literally a nickel, because I've only heard that once, but, I imagine there are many more people who I haven't talked to about it, and shockingly, I'd expect some who hold the title CIO, who think that way.
You can have whatever tool you paid $2M for and $250k/year in maintenance, but if your ITAM staff is comprised of people whose main function is not asset management, you have shelf-ware that probably hurts your business by providing a false sense of security that you're "doing" asset management.
People make the processes work.
The right people, trained in the processes of asset management, working in concert with the correct stakeholders (among them - service managers, product managers, procurement and finance staff, legal staff) mean a heck of a lot more to the success of your ITAM program than any tool ever will.
When you, managers and HR folks out there, are looking for ITAM staff, drop your focus on specific tools (with the exception I noted for the people who have to administer and configure them) and focus on the individuals and how well they understand processes, and how well they understand that no tool is a savior, how well do they understand that vendors consistently change their licensing models to maximize profits for the vendor, not to make things easier for you. Here's one thing to remember, if there are multiple interpretations to a license agreement, the vendor is going to choose the interpretation that makes them the most money. If you believe anything else, you also believe in (spoiler alert!) Santa Clause and the Easter Bunny.
Do the people you're considering joining your ITAM team know asset management, or do they know how to pull reports from the tool they were trained on?
For asset managers, are you focused on tools, or processes? Are you always learning? Are you curious about changes in the industry? If not, you should be.
I contend that IT Asset Management is not rocket science. It's hard work. It's about relationships and staying on top of what is going on in your business. Sometimes, it means inserting yourself in places people don't expect to find Asset Managers. But you need to do this. Asset Management can bring unbelievable value to your business, and it will bring even more when your ITAM staff is fully engaged, treated as am integral part of your organization, and respected for the work they do.
Now go get on it.
Some words about tools...
These days, you see a lot of Flexera and Snow. As the market leaders, that's to be expected. Personally, I come from an HP shop, and only in my last 6 months was exposed to Flexera. So, I've seen that tool, used it a bit as an end user, but can't really pass personal judgement on it, except my first impression was - did HP engineers leave and design the kind of interface and reporting Asset Manager should have had from the beginning of the web client?As a job seeker, I find the focus on tools a bit infuriating. Unless you're looking for someone to administer the tools, or to shepherd you through an upgrade or migration, the particular tool in use is not something I'd consider terribly important to someone's capabilities as an Asset Manager (AM). As a differentiator in two otherwise identical candidates, sure, but if your HR screen is eliminating people because their background is with Asset Manager, or Aspera, and you use Flexera, you are probably eliminating candidates who should be given due consideration - to your detriment.
The tools have become more user and report friendly, and provide great value to organizations, as they don't need huge support staffs, nor detailed knowledge of the data to get good information from them.
I consider this is a double-edged sword, because when an audit hits, you are going to crave AM's who deeply understand your data - their ability to talk the language of software asset management, and their intimate knowledge of a particular vendor's licensing, as well as understanding of your own effective license position, will make any audit go much smoother. You should always thrive to know more about your ELP than any vendor possibly could, and be able to defend it. If you're relying on a tool in time of crisis for this, you've already lost.
Also, in order to reharvest software and to negotiate at renewal time, it will be highly beneficial if your Software Asset Manager (SAM) understands the user community, the potential user communities, and the vendor options available. Just knowing what's installed and what's owned is table stakes.
Most modern tools provide the capability to discover assets (or use your existing configuration management systems, like SCCM, to do it), to rationalize them, and to normalize the software to the version and edition (they better!), and most provide you with utilization information. These things are vital to the asset manager to help with decision making. Again, these are table stakes. If your tool can't do these, it's not an effective tool. If you don't know whether it can, you need different asset managers.
Tools that further integrate with service management systems will provide greater value and ease the life of the asset manager and the technicians on whom we rely. My advice when choosing tools is DO NOT FORGET THIS! Having tight integration between service and asset management tools will pay great dividends as you move forward.
Some words about process...
First and foremost, though, you have to understand process and you have to embrace that ITAM is mostly about process. When you go through CSAM, CHAMP, or CITAM training with the International Association of IT Asset Managers (IAITAM), you don't train on tools. You train on process. ISO 19770-1 doesn't discuss tools, it discusses processes.Without robust processes, understood by your asset (and service) management staff, you will fail, no matter how awesome the tool is. If I had a nickel for every time I heard some IT Manager say, "We have asset management, we bought x-awesome tool to do that," I'd have, literally a nickel, because I've only heard that once, but, I imagine there are many more people who I haven't talked to about it, and shockingly, I'd expect some who hold the title CIO, who think that way.
You can have whatever tool you paid $2M for and $250k/year in maintenance, but if your ITAM staff is comprised of people whose main function is not asset management, you have shelf-ware that probably hurts your business by providing a false sense of security that you're "doing" asset management.
People make the processes work.
The right people, trained in the processes of asset management, working in concert with the correct stakeholders (among them - service managers, product managers, procurement and finance staff, legal staff) mean a heck of a lot more to the success of your ITAM program than any tool ever will.
When you, managers and HR folks out there, are looking for ITAM staff, drop your focus on specific tools (with the exception I noted for the people who have to administer and configure them) and focus on the individuals and how well they understand processes, and how well they understand that no tool is a savior, how well do they understand that vendors consistently change their licensing models to maximize profits for the vendor, not to make things easier for you. Here's one thing to remember, if there are multiple interpretations to a license agreement, the vendor is going to choose the interpretation that makes them the most money. If you believe anything else, you also believe in (spoiler alert!) Santa Clause and the Easter Bunny.
Do the people you're considering joining your ITAM team know asset management, or do they know how to pull reports from the tool they were trained on?
For asset managers, are you focused on tools, or processes? Are you always learning? Are you curious about changes in the industry? If not, you should be.
I contend that IT Asset Management is not rocket science. It's hard work. It's about relationships and staying on top of what is going on in your business. Sometimes, it means inserting yourself in places people don't expect to find Asset Managers. But you need to do this. Asset Management can bring unbelievable value to your business, and it will bring even more when your ITAM staff is fully engaged, treated as am integral part of your organization, and respected for the work they do.
Now go get on it.
Subscribe to:
Posts (Atom)