The central mission behind IT asset management (ITAM) might be described as "the reduction of the chaos created by continually evolving technology." Twenty years ago, the demand for technology exploded, swamping existing organizational structures and forcing a new asset-centric approach to prevent exploding costs and risks. Since then, progress in asset management has certainly been made, from the management of distributed environments to the data center itself. This progress is primarily the result of developing business-style structural elements (policies, processes, measurements) and supportive automation that turns the spreadsheet into an old friend rather than the main source of asset knowledge.
But time hasn't solved all of our problems or slowed the pace of technology change. IT asset managers consider their work to be constantly in progress as the scope of assets that are managed swells and new technical opportunities change priorities. What will be the continuing impact of technology on ITAM, and what additional changes should be anticipated in the next five years?
Change 1: No More Brick-and-Mortar Barriers
Can you imagine implementing a policy today that states that only organizationally tagged devices are permitted on the premises? Only a few years ago, policies like that were frequently used as risk reducers. With mobile technology and cloud computing in the workplace, any structural rules that relied on closing the door are already useless. However, asset management has yet to completely incorporate the “no walls” paradigm.
Time hasn't solved all of our problems or slowed the pace of technology change.
In the next five years, the role of IT asset manager will include asset management in environments used—but not owned—by the organization. The processes will most likely have focal points for the selection of cloud services, monitoring during the use of that environment, and then coordination during the termination of the engagement. The closest analogy is the role of the organization’s IT asset manager when the rest of IT has been outsourced.
Competition between cloud providers will continue to hamper the development of standards, which makes the application of ITAM knowledge and structure to these relationships critical. While the current percentage of organizational work in the cloud is small, significant growth is predicted, especially if competition continues to keep prices down. Positive financial results with satisfactory performance will keep this trend from petering out, and that means that both ITAM and ITSM have to prioritize incorporating an "open-door policy" within the organization.
Change 2: Software Contracting and Copyright
Software licenses are as varied as snowflakes. The confusion this creates leads to frequent software audits and reviews where publishers pounce on the mistakes that organizations are making. Of course, rapidly advancing technology has a major role in the confusion, as software publishers strive to capture the value received by the customer and convert it into their contracts. Generally, software contracts can be grouped into two major approaches:
User-based: These software licenses identify which end users are authorized to access and utilize the software regardless of the device being used. ITAM develops processes to actively track this usage to ensure that the number of end users accessing the software at any time matches the contracted number. Challenges arise from maverick behavior within the organization and limited controls over accessing the software.
Device-based: These software licenses are attached to specific devices and pricing is associated with the characteristics of each device. Complexities arise from translating that physical structure into a pricing scheme that captures all possible uses, such as who can access that device. Device-based pricing is common in enterprise and server agreements. This style of license can enable an organization to load multiple copies of a software product onto the device for end users to access. However, this freedom comes at a significant cost—it often requires a separate per user license for everyone who has access to that server.
As organizations move to the cloud, the trend is towards user-based licensing. Cloud-based subscriptions are also increasing in popularity; in this model, the customer has little control over the device where the software actually resides and perhaps little knowledge of how and when that software moves about in the provider’s cloud.
Another reason for the shift to user-based is the proliferation of devices per user as mobile devices are added to the portfolio of organizational assets. Employees expect to be able to work on four or more devices (work PC, home PC, laptop or tablet, mobile or smartphone) for work-related tasks. Licensing and tracking each of those devices is unlikely to be a cost-effective choice. Software publishers are already incorporating multidevice options into their user-based licenses. Even if the business tracking of mobile devices improves, it's unlikely that individual device tracking will dominate in the next five years. The trend towards personally owned devices used for work purposes (BYOD) supports this theory, since personal rights to privacy are a worldwide hot topic. At the very least, the global debate over privacy rights adds a layer of uncertainty and management complexity to this licensing approach.
Software vendors focus on value-based metrics to protect their revenue stream, and as the value branches out of the organization to include more platforms, that perspective will not change. While software vendors have been slow to adjust to new technology in their pricing models, we should anticipate increasing clarity in the next five years so that no revenue opportunities are lost. Pressure from customer outrage at how hard it is to be compliant and the number of audits is already pushing software publishers to invest in functionality to enhance tracking of software use.
Software is typically protected by copyright, and copyright laws across the globe have been a source of controversy. The move to legal language that handles digital materials more appropriately also introduces concerns that the rights of users will suffer due to antipiracy actions. In the next five years, as software access and pricing models shift, software usage will be at the forefront of the controversy. It's quite likely that the issues will not be resolved in the next five years, but the progress towards simpler licensing models may be slowed while the debate continues.
While managing new devices is the primary goal of ITAM, it's important to ask questions about data governance in the cloud.
Change 3: The Cloud and Data Management
Choosing cloud options may introduce the unintended consequence of making it more difficult to develop trusted data. Data management in the cloud is already difficult, especially if the work done in data management prior to cloud adoption was limited in scope or failed to address the issues arising from cloud architectures. With data increasing in volume and arriving from many sources (e.g., mobile devices, including wearables and the Internet of Things [IoT]), it's easy to believe that data management could be compromised in the next five years. While managing new devices is the primary goal of ITAM, it's important to ask questions about the data governance strategy for cloud computing.
Overall, the IoT and wearables will most likely be a source of change over the next five years. Whether it's a smart, connected technology that monitors heating and air conditioning in a server room, or a wearable that ensures constant contact with a valuable end user, the IoT and wearables will change the portfolio of assets. Consumer-facing applications will once again be the first cycle of adoptions, but it's only a short time before these concepts change the work environment. These devices will have software contracts, maintenance agreements, and upgrade/disposal cycles, and ITAM will have to be expanded to handle this challenge.
Change 4: Data Security
Already a problem area, the prevention of hacks and data leaks will escalate over the next five years as organizations move into complex architectures external to the organization. Shadow IT is already destined to become the largest threat to data security as impatience drives independent actions by departments and individuals. Consider our current situation: a business unit contacts IT to establish a new service or software program and is told that it could take months. The reaction is to develop an alternative by contracting with a subscription provider in the cloud. All it takes is the swipe of a corporate credit card for IT to lose track of this asset. The loss of overall visibility into IT expenditures puts executive management back in the “black box” age of inputs and outputs, instead of improving their ability to secure the organization’s data.
As a consequence of data security problems, there will be a continued focus on legislation and governance related to privacy, data loss, and responsibility to stakeholders. The organizational response will land in the laps of ITAM and ITSM professionals, requiring them to recreate the visibility that will empower prevention as well as ensure compliance. ITAM and ITSM will be required to reshape themselves to serve a changed business environment.
ITAM and ITSM professionals are in the best position to take the structural elements that have protected the organization's investment in IT to date and adapt them to the “no walls” paradigm of today's business technology environment.
The role of the IT asset manager and IT service manager in data protection is already increasing. For instance, according to Verizon’s 2014 Data Breach Investigations Report, insider misuse was one of the leading causes of data breaches. Access maintained by former employees, personal hardware or software being utilized on the network, and unintentional misuse are all causes of data breaches. The report states that “the first step in protecting your data is knowing where it is, and who has access to it.” Identifying where that data is stored and who has access to it is the responsibility of ITAM; acting upon that information and creating a more secure network is the responsibility of ITSM.
Change 5: ITAM and ITSM Work to Drive Change
Both ITAM and ITSM utilize knowledge frameworks to develop and implement processes that are efficient and less prone to error. These processes support the achievement of organizational goals through information technology. That role will not change in the next few years, although the scope of the responsibilities will change to encompass external environments as well as the organization’s internal assets and services. In addition to the topics already presented as critical to organizational success in the next five years, consider the cooperative focus of ITAM and ITSM on:
Risk mitigation for the organization: ITAM will focus on laws and governance, in addition to gaining visibility into the use of assets in the cloud. ITSM will focus on eliminating road blocks to infrastructure visibility as well as auditing the services being delivered for security flaws. Both ITAM and ITSM need to work together to reevaluate measurement and reporting capabilities so that risk can be measured and mitigated.
Monitoring and analyzing the effectiveness of each new technology choice: ITAM will focus on the financial and contractual elements, while ITSM will monitor the delivery of services against benchmarks. This impact management assessment will be critical to the decision-making processes for the next steps for IT.
ITAM and ITSM professionals are in the best position to take the structural elements that have protected the organization's investment in IT to date and adapt them to the “no walls” paradigm of today's business technology environment. Nevertheless, the ITAM profession will most likely struggle in the next five years to determine which aspects of the existing structure need to be adapted and which can be left behind.
ITAM has been a positive influence on the use of technology for business, closing the perceived gaps between the technology and the goals of the business. This should sound familiar to the ITSM profession, as the application of the ITSM framework has also had a positive impact on relating the goals of the business to the execution of IT services. To continue building IT success, both groups will need to remain focused on the organization’s goals and be open to adapting through measurement and the investigation of risk, opportunity, and cost.
Jonathon Kirby is a content developer for the International Association of IT Asset Managers. He has worked in the ITAM space for eight years, and his work has been published in PowerSource Magazine, The ITAM Review, and CIO Magazine. Jon has also worked on the IAITAM Best Practice Library. In his spare time, Jon enjoys discussing all things tech and can be contacted at [email protected].
Jenny Schuchert is the content director for the International Association of IT Asset Managers, where she is responsible for development of courseware, best practices, and other professional content. She is the editor of ITAK magazine, a monthly professional journal. A frequent spokesperson and educator, Jenny has more than fifteen years of experience in IT asset management as senior consultant, VP of product services, and VP of marketing at software publishers in the ITAM space. She received her MS in biomedical computing from The Ohio State University, and she is certified in CHAMP, CITAD, CSAM, CMAM, and CITAM.