In Part 1 of this blog series we highlighted the need to align ITAM investment with funded business and IT initiatives. In this blog we examine how ITAM supports some of the typical IT projects that organizations may be investing in. While it may be easy to describe the benefits that ITAM will provide, and claim significant financial impacts, when it comes to documenting the business case, these need to be articulated more precisely and have actual numbers assigned to them, with a commitment to deliver those benefits. Working with Finance is essential to creating a credible financial business case.
BUSINESS BENEFITSWhile many business cases go straight into the detail of the financial benefits (generally related to savings against budget), which are based on very specific use cases, it is important to identify how your ITAM investment will support that specific project and articulate the benefits within the context of the project concerned.
- Cybersecurity and Privacy – although cybersecurity initiatives are moving down the CEO and CIO priority list in 2018 (behind business growth, increasing profitability, digital transformation and similar initiatives) there is no doubt that this will continue to be an area of considerable investment. Digital business is resulting in increasing IT investment, and with that increased dependency on technology to deliver goods and services comes the potential for increased exposure to digital risk. New technology implementations place increasing demands on cybersecurity, cyberattacks and data breaches continue to make headlines (Equifax, Reddit, Maersk, Saint-Gobain are just some of those impacted) with significant financial losses and reputational damage, and regulation in this space is increasing (GDPR, Australia’s legislation on data breaches, Securities & Exchange Commission, New York State Dept. of Financial Services). At a fundamental level, organizations cannot manage and secure what they can’t find. Understanding what technology the organization depends on and connects to is key to providing effective security and risk management, with Cybersecurity best practices such as CIS controls and NIST supporting this. No CEO, CIO or CISO wants to be the next one making headlines for a data breach nor for a security incident that impacts on their profits. Over and above any regulatory fines or lost revenue, there are costs to fix the problem, and the reputational damage that impacts on customer relationships and trust.
- Digital transformation – where transformation projects are budgeted for, ITAM’s key contributions are delivered via insights into current usage to support options analysis and cost comparison. These fall primarily into two categories:
- Application Rationalization – where multiple products with similar functionality are in use it is possible to identify them, where they are being used and make decisions on standardization and rationalization. Common categories that can benefit from rationalization include BI tools and PDF generators. It is also useful to identify where different editions of the software may be used (particularly where free or low cost ‘readers’ are available for those who only need to see outputs rather than interact with the software).
- Cloud Migration and Cloud Capacity Management – Existing usage must be understood in order to scope requirements, determine whether cloud is an appropriate solution, which cloud provider offers the most appropriate and cost-effective solution, and to ensure that the contract is fit for purpose. Once in the cloud, utilization must be measured, controlled and optimized. Data can be used to confirm migration targets are being met, identify where solutions are not being used and pursue adoption in those user groups. If utilization continues to be below contracted quantities, then capacity can be trued down. Utilization data can be used to plan workloads within contractual limits where possible and minimize impact of peak capacity. Where workloads are maintained on premises or hosted within a private cloud, data can be used to facilitate cloud-bursting to support capacity management. ITAM data provides IT and procurement organizations with the ability to assess demand to right size contracts and how to deal with fluctuations in demand as well as overall trends.
- Data Monetization – there’s lots of hype around data at the moment. According to some it’s the new gold. Or the new oil. Doug Laney (author of Infonomics) maintains that it is neither – that it has characteristics that make it much more valuable than either of these. Many organizations are now looking at how they manage their data to maximize the value they derive from it. Others are looking at how they can monetize this data. Regardless of the motivation, data is generally an organization’s most valuable resource – and in the digital age, ITAM is key to managing data, as it allows you to identify where your data resides and what software is used to make it meaningful.
- IT/OT Integration – there is an increasing convergence of IT with Operational Technology (OT). Systems that were once mechanical are becoming increasingly digitized with IT or IT-like software being used to control and manage physical assets. OT is increasingly falling within the scope not just of ITAM but of IT as a whole (several recent CIO appointments in asset-intensive organizations have been engineers, not IT professionals). Despite the name, ITAM as a discipline needs to disregard the ‘IT’ and ‘OT’ labels (and siloed culture). It is uniquely positioned to provide support for all digital technology assets and integrate with Enterprise Asset Management (EAM) to provide a holistic view of the asset landscape. ITAM data is critical to OT risk management and security, as many OT systems are running older versions of software or dependent on unsupported (end-of-life) hardware.
- IoT & AI Projects – as with operational technology, IoT projects involve digital technologies that haven’t traditionally been managed by IT (such as sensors, access points etc.) as well as huge numbers of consumer devices that are now accessing business systems. The ITAM discipline lends itself to extending to edge devices in the IoT ecosystem to support key decision-makers and cybersecurity requirements.
- The devices that make up the IoT need to be located, identified and classified in order for decisions to be made about their authentication and access.
- Data flows also need to be mapped for privacy, security and software licensing purposes.
- ITAM’s role in IoT projects is similar to its role in AI projects, where the AI or Robotic Process Automation (RPA), machine learning, deep learning, smart machines or other permutations of artificial intelligence) is made up of a number of different assets and interfaces with multiple technology components some of which may be legacy systems.
- ITAM data provides a cross-silo view of IT and maps the relationships and dependencies between individual assets – whether legacy systems or new investments – to ensure that relationships and dependencies can be mapped and understood.
- Sourcing decisions – ITAM data can be used to support decisions around outsourcing, insourcing and multisourcing for digital technology and digitally enabled processes and services by providing insights into the current state of the technology and the way it is used.
- Good quality data allows for options analysis and a clear articulation of the reason for the sourcing decision.
- The data can be used throughout the life of the contract to monitor performance and facilitate management of the contract and the vendor.