Why You Can’t Afford to Neglect ITAM
IT Asset Management (ITAM) is the process that seems to regularly get pushed to the background, because we’re not the Finance department. But who ever said that ITAM was only about costs? And, who ever said that only Finance was responsible for it?
There is a cost component to the drive behind implementing ITAM, but it is far more than that. It is also about inventory management, regulatory compliance, IP protection, security and a variety of other activities and vulnerabilities if not performed.
ITAM governs the lifecycle of a device from inception through to disposal within an organization.
- It is the process that helps to determine which models are bought and from which vendor.
- It utilizes past history of reliability and pricing to make intelligent decisions for the organization on what devices to reorder and which to never order again.
The criteria for each of these decisions comes from the various metrics that are captured throughout the lifecycle of the previous devices. If ITAM is not in place, where would these metrics come from? Would they even exist and if so, how reliable would they be in an ungoverned setting?
Embedded within the ITAM lifecycle is the inventory management component of the process, which seeks to address the efficient reuse of devices when they are no longer needed by someone, but are still fully capable of providing service to someone else. It allows the organization to keep a surplus of devices on hand to more quickly deploy and/or replace a device that may have failed and is causing an outage without the need to engage the procurement process, which may delay the restoration of service.
A core aspect of ITAM is the cost accounting of devices. This is critical to a service-minded organization, because it provides the discrete costs that, when aggregated together for a service, allow the organization to truly understand the total cost of ownership of the products and services delivered.
It is impossible for an organization to efficiently and accurately determine the total costs of services being delivered without some level of the ITAM process being in place. Without ITAM, those seeking to determine service costs must manually search through every invoice over several years and parse out only the devices that they believe to be part of the service being delivered. As you can imagine, this is no easy task and far from likely to provide a completely accurate result.
One of the final stages of the ITAM process is the disposal of devices. In an age where everything is digital and sensitive data is being breached, it stands to reason that equipment that has been handling important organizational data be disposed of accordingly. Network devices might contain sensitive routing information, servers’ old database records and account information, laptops authorization and authentication details.
Every device in the organization has information of value that could be used to breach the organization’s security defenses. These devices could also contain large amounts of sensitive or personal data that, if exposed, would cause massive compliance and regulatory issues for the organization. The proper assessment for sensitivity and complementary disposal is essential and resides with the ITAM process.
Many organizations have set aside the ITAM process because they don’t see it as high on the priority list of things to do, because they don’t do customer chargeback or have other efforts which seem to be more important. But, when you look at these other efforts, you will normally find various subcomponents of the ITAM process being performed by them because they can’t otherwise accomplish their tasks. For example, Configuration Management and the Configuration Management Database (CMDB) cannot operate without a complete and accurate inventory of devices. So, Configuration Management will typically take on the job of doing fundamental inventory or bill of materials (BOM) management. This is only one example, but there are many more where components of ITAM are performed at the discrete team levels and are never shared with others within the organization.
In the absence of a formal ITAM process, the various teams around the company will do what they need to do to get their jobs done, but at a greater total expense to the organization.
In the end by not embracing ITAM
- Asset management will not be as accurate,
- No centralized ITAM solution will be in place to manage asset lifecycle
- The oversight required to minimize any compliance and security risks will be missing.
You can’t afford to neglect ITAM any longer.