As we’ve shared this research with colleagues, customers and partners, it has evolved based on details of the challenges they are facing. And what has become clear is that not only is the current maturity model no longer fit for purpose, but it is in danger of making ITAM irrelevant by focusing on control and cost while the organisations it is intended to support are focused on growth and innovation. In part one of this blog we looked at what good used to look like. In this post we share our vision of what good looks like now and in the future.
WHY THE UPDATE?
As we mentioned in the previous blog post, most ITAM maturity models are focused primarily on SAM and have been developed by software vendors or SAM vendors based on generic maturity models. The descriptions used by the vendors are rarely SAM specific, although they may include a few token references, but in general could be applied to pretty much any discipline.
It is also clear from my research over the past few years, confirmed and augmented by input from Snow colleagues and customers, that goalposts are moving. Firstly, we are seeing a move to expand from the very narrow focus on SAM (or even just software licence management) to a broader requirement to manage a variety of assets including cloud services (often starting with SaaS but expanding to other cloud offerings) that were previously out of scope of both SAM and ITAM. Device proliferation, both due to consumerization, BYOD and of the explosion in IoT devices means that IT leaders – in particularly those responsible for security and risk management – are now refocusing on the need to manage endpoint hardware effectively.
WHAT GOOD LOOKS LIKE NOW
This isn’t just about now – we’ve built something that we hope will last us a while. Most of our customers (in fact most of the SAM community) will see the top of the curve as aspirational, but the need to be there is increasing. When NIST launched the Building Block for Software Asset Management Continuous Monitoring in 2013 most IT and software asset managers felt it was unrealistic. However, changes in technology – particularly the delivery of cloud services where pay-per-use is finally becoming a reality – mean that this is now a necessity. This model is intended to provide a model that customers can use to work out how to deliver ITAM that meets the business needs of their organization.
FIGURE 2: SNOW’S MATURITY CURVE FOR MANAGING DIGITAL TECHNOLOGY ASSETS
Source: Snow Software July 2018
As with the previous blog post, these are not technical definitions designed to assess ITAM capability against (we’re working on that!), but descriptions of what each stage involves from a practical and pragmatic perspective and what it feels like to be delivering (or attempting to deliver) ITAM at each stage.
ASSET COMPLIANCE & SOFTWARE AUDITS
This is the ‘reactive’ phase where the approach to ITAM is risk-based. In most organisations it is primarily software focused with audits as the key driver (although in some situations security issues may mean hardware is also covered). While the majority of data is held in spreadsheets, and the approach is tactical and vendor-focused the need for ITAM (or SAM, or licence management) is acknowledged. Someone is accountable for ITAM, whether as a full-time role or as a part-time addition to an existing role. Response to audit is on an ad-hoc basis and driven primarily from IT operations and service management with ad-hoc interaction with procurement.
We generally see audit management processes, risk reporting, renewals management process put in place at this stage. If procurement have a contract management database the information is shared with ITAM, and SAM tools are starting to be investigated by the ITAM team as savings start to be generated.
Barriers to progress at this stage tend to be cultural issues around fear of transparency, with resistance by stakeholders to sharing information that may bring their budgets and decisions into question.
ITAM now has governance, sponsorship, accountability, stakeholder engagement, core processes and responsibilities mapped. There are people and tools in place to support the majority of types of technology assets that the organization’s leaders want to manage, although cloud and mobile are still a challenge. There is still a bias towards managing software, but there is a recognition that hardware must be managed for a number of business reasons. IT leaders are investing in integrated SAM tools (note not HAM or ITAM tools despite the increasing importance of hardware) and the ITAM function takes a process-based approach.
Core processes are put in place, and automation of key activities starts to free up skilled resources. Assets are recycled, reharvested and disposed of through managed processes. Compliance and liabilities are effectively managed and opportunities to cut waste (e.g. through reduction of shelfware or cancellation or reduction of support and maintenance) are identified and actioned. Consumption analytics are provided, and financial provision is made for liabilities.
This stage is still much the same as it was previously, although it’s no longer at the top of the curve. The focus here is on managing costs. Building on the foundations of structured ITAM, waste is identified, and actions put in place to cut it; recycling and reharvesting activities are in place; data is shared with procurement to ensure contracts are right-sized and with finance to support budgeting. Insights are provided on current use and to inform demand management, cost prediction, cost analysis, licensing options, application rationalization and technology strategy decisions.
At this stage ITAM moves from taking a cost-based view of technology assets to a value-based approach - how we can do more with the asset rather than the previous view of how to reduce cost. This informs both the decision as to what to include under ITAM governance and the activities that ITAM supports and information it provides. Assets are managed based not on how much they cost, but on the value driven from the business processes they support and the information that they contain and communicate. The assets themselves are optimized to drive more value.
At this point, we see outputs such as remediation reporting, score-carding, dashboards, options analysis and demand forecasting as well as support for technology migrations. ITAM starts to become business-aligned rather than purely IT-focused.
DIGITAL TECHNOLOGY GOVERNANCE
At the top of the ITAM maturity curve, this is a very different capability to where the journey started. This is not an IT-focused discipline, but a core business enabler. A deep understanding of organizational goals and business needs for insights into their technology assets inevitably results in a broader range of assets and attributes falling within ITAM’s remit. In order for these insights to support business decision-making, asset data from both IT and business tools must be integrated with ITAM, to enable the sharing of insights and intelligence in a way that is integrated into business processes. Learning from other disciplines, ITAM changes approach from prevention to enablement, focusing on rapid detection and remediation rather than a level of control that stifles business activity.
We see analytics and reporting, continuous monitoring, support for related activities such as cybersecurity, governance & risk, business-user self-service, and engagement across the C-suite. ITAM is focused on business priorities, supporting growth, innovation and efficiency across the organization, not just within IT.
In previous posts (link) we have talked about the fact that the definitions of the disciplines of ITAM, SAM and HAM no longer seem to work, and that the terminology used within ITAM (link) is in itself restricting our progress. In order for ITAM to remain relevant in an age of digital disruption and transformation, it needs to move away from the boxes it has been constrained within, and embrace the bigger challenge of digital technology governance.
To learn more about the evolution of ITAM Maturity, watch the recording of our recent webinar ‘Building the Business Case for SAM’. As part of our ITAM best practice webinar series, Victoria equips you with step-by-step advice on how to identify and engage critical stakeholders. Listen on-demand now.