My colleague Matt Fisher talked in his blog post last week about how the IT world has changed significantly since the birth of Software Asset Management as a term. He made the point that while the issue of terminology is a genuine one, getting bogged down in discussion about it can distract us from getting on with the job of managing software. Importantly, he pointed out the use of the terms ‘ITAM’ (IT Asset Management) and ‘TAM’ (Technology Asset Management) where once it would have been ‘SAM’.
the impact of digital business
Over the past 10-15 years, the focus of IT Asset Management generally has been on software rather than hardware, and for good reason. Software has been where the risks and opportunities have been greatest. The hardware assets that were once considered major capital investments became consumables. The datacenter (which had often been in the “too difficult” pile for both Hardware and Software Asset Management) was sidelined as Cloud and XaaS increased in significance (initially through hype and eventually in reality).
However, digital transformation has changed not only the way business works, and the way IT functions, but also what ITAM needs to deliver to support them. Software has become more flexible and can be delivered and accessed in different ways. End users are no longer dependent upon a single client device; customers can interact with business systems directly; IoT, RPA (Robotic Process Automation), smart machines and AI (Artificial Intelligence) mean that devices or even software may be users too. Vendor license models are constantly evolving to account for (and monetize) these new use cases, and end-user organizations are struggling to understand their implications.
current asset classification no longer works
The challenge for ITAM is understanding what needs to be managed. Regardless of the debate as to whether something is a hardware asset, software asset, IT asset or technology asset, there is a wide variety of digital technology supporting our businesses that we need to ensure is managed through effective governance.
Changes to the way in which technology is delivered mean that traditional asset management taxonomies are no longer fit for purpose. There are still those old-school IT asset managers who argue that cloud services and SaaS do not fall under the remit of ITAM and should therefore be managed elsewhere (some even exclude subscription software). Although these services are neither hardware nor software, they are still digital technology that needs to be managed to deliver business value.
So traditional taxonomies are no longer valid. They constrain and restrict us and prevent ITAM from delivering to current business needs – to their point where we risk becoming irrelevant. New ways of delivering IT and new business models mean we need to change the way that we think about ITAM and IT Assets.
How is our existing classification broken?
The recent update to ISO 19770-1 increased its scope from SAM to ITAM, and in doing so attempted to classify the types of asset that fall within its remit. The complexity and limitations of the diagram (below) clearly demonstrate why the traditional taxonomy for classifying ‘IT’ assets no longer work. While this is a good attempt at building a mechanism for defining what assets fall within ITAM’s remit, it still leaves us with the problem of a fixed taxonomy that risks becoming irrelevant as new technologies are developed.
Permission to reproduce extracts from British Standards is granted by BSI Standards Limited (BSI). No other use of this material is permitted.
While this model is a good attempt to update the classification from simply ‘hardware’ and ‘software’ it raises several questions that are not easy o answer, and illustrates that any attempt to fix a taxonomy is going to be problematic. These problems are not unique to this model, but simply an illustration of the issues that all organizations are encountering and that many IT asset managers are struggling to resolve:
- IT hardware is increasingly difficult to define – once it was server and desktop. Then additional categories (laptop, mobile) were added. Now we have to take account of IoT sensors, operational technology, BYOD and other challenges. The terms ‘platform’ and ‘edge’ as used in the IoT world may offer us more flexibility for a while, but this leads us on to…
- Virtual machines – while these are technically software, they replace hardware, and have hardware-like attributes. They also run on traditional hardware which needs to be managed as such.
- Likewise cloud services may be considered as replacements for hardware, and they do indeed run on hardware. Private cloud will include a requirement to manage the supporting hardware, while public cloud is more problematic, and management requirements will vary depending on the service provided (IaaS, PaaS, BPaaS, SaaS).
- SaaS may be considered an asset service (or possibly a Service Asset in ITIL terms) but many organizations manage it as software under existing SAM capabilities.
- Digital information is often managed by ITAM (particularly where there are subscriptions to be paid for licenses to use the data) but should probably be considered as a data asset and fall under the remit of Information Asset Management. These subscriptions are not software licenses and although the process for approval payment may be shared, the governance is not.
- IT contracts cover more than just technology assets, and are generally managed by procurement, contract or vendor management. While ITAM needs to know where these are and have access to data needed to manage the assets, the responsibility for managing the contract is beyond the remit of any ITAM function. ITAM systems are not generally suitable for use as contract management systems.
- My specific concern with the ISO model is that it calls out the ITAM system and tools themselves as a specific category of assets to be managed (and makes it a large part of the diagram). The data and metadata related to ITAM would normally be considered as data assets, and therefore fall under information asset management, while the technology assets that make up the ITAM solution should be considered as part of their primary asset class and not as something separate.
how do we decide what to manage
While 40% of technology spend is outside the control of IT department and growing, even where regulation attempts to enforce it we cannot define something as an IT asset by virtue of the fact that it is provided or managed by IT. Or even connected to IT systems (some OT(Operational Technology) is still separate but has ‘IT’ software running on it e.g. Windows OS).
In order to establish what technology needs to be managed as an asset we need to go back to first principles and think about WHY we are managing it. I would argue that the answer is not due to the intrinsic value of the asset (hardware, software, service, compound asset), although accountants might like us to consider cost in our deliberations.
The primary BUSINESS reason that we manage technology assets is for the business information that they contain and communicate. In order to decide what to manage we need to understand the value of the information, the value of the business process and the relationship of the technology to this value.
Rather than trying to keep a comprehensive list of what we need to include under ITAM governance (software licenses, software subscriptions, SaaS, desktops, laptops, mobile devices, servers, IaaS, PaaS etc.), IT asset managers should create a framework of criteria that they can use to determine what should be managed (such as business criticality, value, cost, risk). This may vary from one part of the organization to another but having a methodology in place should ensure that what’s important is managed, and what isn’t does take up valuable resources. The criteria should be reviewed regularly to ensure that they still reflect business needs.
Managing assets in this way increases the importance of asset assignment. Assets must be assigned to business systems, processes and costs codes within ITAM systems is to ensure that they are correctly valued and appropriate decisions made about them.
ultimately, we must ask not What we want to manage, but WHY?
Rather than trying to create a perfect taxonomy, and constantly updating it to reflect new types of technology as it emerges, we would do better to create a list of attributes that determine what will be included within the scope of ‘ITAM’ based on business needs. We may not be classifying the same things as assets as other organizations – but we are managing the things that matter to our own organization.