Ivanti Blog: Posts by

How ITSM Can Support an Emergency Response Plan

Thu, 26 Mar 2020 20:47:03 Z

As federal, state, and local government agencies scramble to create emergency response processes and procedures, be advised that IT service management (ITSM) can play a critical role in supporting emergency response plans and associated processes.

Government and commercial business emergency response plans define how agencies and commercial organizations respond to catastrophic events in the environment. Currently, emergency response teams are mobilizing so they can respond to everyone who needs help in the near future.

Intake processes will require responders to document information about each patient, including the severity of their symptoms. Patients will then be categorized so that high risk patients are identified, prioritized, and assigned to appropriate response processes.

ITSM Solutions Provide Incident Response

ITSM solutions have incident response features that are typically associated with computer or security related incident response processes. However, some ITSM solutions transcend traditional IT boundaries by providing support to non-IT business objectives.

ITSM solutions can be easily customized to support both IT and non-IT processes associated with current emergency response objectives. Processes can be configured to handle a wide variety of incident types. This allows each incident to be properly categorized and assigned to a relevant response process.

ITSM Can Provide Self-Service Portals

Self-service portals provide users with the tools they need to make requests without involving a human analyst. Self-service capabilities alleviate workloads for analysts that take front line calls. ITSM self-service portals can be setup to provide support for technical issues or to make IT asset requests, however; they can be customized to support non-IT objectives related to response processes.

Self-Service portals could deliver patient intake forms to people who believe they might be sick. Businesses and government agencies that are using ITSM solutions could use self-service portals for employees to provide their health status along with self-quarantine information and updates.

ITSM Self-Service Can Be Accessed on Mobile Devices

ITSM solutions can provide self-service portals through apps installed on smart phones and tablets. Apps can deliver customized forms or questionnaires to its users. Forms and questionnaires can be used to help medical workers, government entities, or businesses organizations identify people that might need to be tested for the virus.

ITSM Can Broadcast Alerts and Set Up Bulletin Boards

ITSM solutions can broadcast alerts with up-to-date information. They can also provide bulletin boards with relevant information through self-service portals.

ITSM Can Automate HR On/Off-boarding Processes

ITSM solutions with automation capabilities could play a vital role for employers, or for mobilized response teams fighting the Coronavirus outbreak. On-boarding processes that require signatures or authorizations can be automated to deliver authorization requests to a mobile device or self-service portal. Temporary or full-time employee on-boarding/off-boarding processes can be automated so that recourses are not consumed with documentation requirements.

ITSM Provides Up-to-Date Knowledge Articles and FAQs

Knowledge and communication are important components for IT incident response. They help organizations provide consistent and relevant information to the end users.

Knowledge databases can also be used to provide up-to-date verified information about the current health crisis. Knowledge articles and FAQs can be offered with search capabilities so that front line telephone analysts are not inundated with calls from people that are seeking general information.

ITSM Solutions Can Facilitate Process Changes Without Disrupting Services

ITSM incident management solutions provide data that is used to report metrics and statistics. This gives administrators information that will help them identify areas for improvement.

Software solutions that can facilitate modifications to processes will be crucial for emergency response teams on the front line. Some ITSM solutions can be modified and tested in a short period of time without impact to the entire solution. This gives administrators the ability to make changes and improvements to backend processes without disrupting services.

ITSM Can Track Inventories with IT Asset Management

Many organizations track IT asset inventories with IT asset management software solutions. When organizations know what they have or don’t have, they are able to make informed acquisition decisions. Some ITSM solutions integrate asset management features into their products. This provides an integrated link between services and asset inventories, asset locations, and asset availability.

Asset management features could be used to support emergency response teams that require equipment to support incoming patients. For example, if a response analyst determines that someone needs to be tested, it will be important for the analyst to know if there are sufficient assets, such as test kits, at the testing facility where the patient will be sent.

Furthermore, asset management provides request capabilities so that when inventories are low, administrators can make asset requests through self-service portals. Automated asset management processes can be configured to fulfill asset requests with minimal human intervention.

ITSM Can Provide Facility Management

ITSM solutions that offer facility management capabilities give organizations the ability to manage facility space and infrastructure. In the war on the Coronavirus, facility management tools could help mobilized response centers with planning, design, construction, lease, occupancy, maintenance, and furniture requirements. These requirements might also include help with catering, cleaning, and hospitality.

ITSM Can Provide Project Management Tools

ITSM solutions with project management capabilities can help organizations manage their project schedules, including milestones, progress, and associated risks. Project management also provides tools and methods for allocating and tracking costs.

Project management features could help emergency response organizations by providing tools that help them initiate, plan, and execute project objectives.

ITSM Cloud Solutions Do Not Require Mobile Data Centers

ITSM solutions offered in the cloud do not require on-premise data centers. Organizations that use cloud solutions can reduce overhead costs associated with hardware and maintenance.

ITSM can provide support for today's health crisis by providing tools that support emergency response objectives. ITSM cloud solutions can deploy incident management, knowledge management, asset management, project management, and facility management features to organizations located anywhere at any time.

Government and non-government response teams that implement cloud solutions will not have to mobilize servers or data centers to meet emergency response requirements. They will simply connect through existing internet infrastructure to service management solutions in the cloud that are customized to support emergency response objectives.

Could Pentagon AI Principles Be a Model for Future Government AI Regulation?

Fri, 13 Mar 2020 23:01:59 Z

On February 24, 2020, the Pentagon outlined five principles to ensure ethical use of Artificial Intelligence (AI) in the Department of Defense (DOD). The new guidelines call for AI use that is:

1. Responsible

DoD personnel will exercise appropriate levels of judgment and care, while remaining responsible for the development, deployment, and use of AI capabilities.

2. Equitable

The Department will take deliberate steps to minimize unintended bias in AI capabilities.

3. Traceable

The Department’s AI capabilities will be developed and deployed such that relevant personnel possess an appropriate understanding of the technology, development processes, and operational methods applicable to AI capabilities, including with transparent and auditable methodologies, data sources, and design procedure and documentation.

4. Reliable

The Department’s AI capabilities will have explicit, well-defined uses, and the safety, security, and effectiveness of such capabilities will be subject to testing and assurance within those defined uses across their entire life-cycles.

5. Governable

The Department will design and engineer AI capabilities to fulfill their intended functions while possessing the ability to detect and avoid unintended consequences, and the ability to disengage or deactivate deployed systems that demonstrate unintended behavior

Could AI principles outlined by the Pentagon be a model for future government AI regulation?

Some might argue that government regulations for AI could negatively impact AI development because intellectual properties would be compromised. Or, if regulations require AI providers to implement additional code, it could delay or impact AI innovation and development.

AI continues to mature and expand causing some people to be concerned about future implications. Some people believe that if AI is not developed responsibly, it could rebel against humans in the future. Is this possible?

Let’s explore the possibilities, then discuss the idea of government regulation.

Imagine a weaponized drone with AI decision-making technology. This type of autonomous weapon system could help the military identify, stalk, and kill an enemy target without any human intervention, providing them with a powerful advantage over their adversary.

Now imagine if that drone were compromised or if it malfunctioned, causing it to target “friendly” targets, such as humans. To regain control, AI developers might need to “hack” back into that drone to correct the problem. However, any attempt to hack into the drone could be viewed, by the drone, as an emanate threat, triggering the drone to attack the hackers.

Although this scenario is extreme and sounds like it comes from a science fiction movie, the reality is that in the future, it will be possible for humans to lose control of autonomous systems. AI is a technology that has the ability to learn, write code, operate a vehicle, make predictions, and make decisions.

AI is also a technology that can produce a result or an outcome that developers did not anticipate. Therefore, we will most likely see government regulations in the future that ensure safety measures are implemented, that encourage non-bias AI development, and that protect privacy.

New Pentagon AI principles could be a model for government lawmakers to use if AI regulations are to be imposed.

We already have consumer privacy protection laws, so why do we need specific regulations for AI to protect consumer privacy?

AI will enhance market research technology providing much more insight into a person than is available today. AI solutions will provide insight into a person’s habits, emotions, moods, and tendencies. It will make accurate predictions about the decisions an individual will probably make in the future.

Market research discovery applications powered by AI technology will give advertisers enormous amounts of consumer information, allowing them to create targeted marketing campaigns to an individual. However, if not regulated, AI with big data discovery capabilities might collect data about individuals that could be considered personal and private.

AI guidelines outlined by the Pentagon require that “DOD personnel will exercise appropriate levels of judgment and care, while remaining responsible for the development, deployment, and use of AI capabilities.”

To protect privacy, government regulations would need to include similar guidelines to ensure “responsible” AI development, ensuring that AI developers exercise appropriate levels of care when writing AI algorithms that are intended to discover personal or private information.

Why would the government be concerned about unintended bias in AI development?

Developers can unintentionally enter bias into AI algorithms based on their technical limitations, culture, gender, race, sexual orientation, expectations, or religious beliefs. Remember, AI has the ability to learn, which means that humans will be able to train AI solutions by supplying the data the systems need. Therefore, it will be important to ensure that the data supplied to AI learning algorithms is not tainted with human biases.

For example, today there are solutions available that perform background checks for potential employees, or to verify if someone can pay back a loan. When powered with AI, these solutions will go much further, providing insight into a person’s daily habits, their beliefs, their priorities, and their life goals. AI powered solutions will be able to predict, with greater accuracy, whether or not a person will be a good employee, or if a person will pay back a loan.

AI powered solutions will analyze the data it collects, then provide recommendations to potential employers or creditors. These solutions will become trusted advisors to their owners much like a “human” trusted advisor, essentially giving decision making powers about candidates to a computer. However, solutions developed with AI technology could inherit unintended bias algorithms from their developers, skewing results to favor a specific race, religion, or sex.

When AI technology is used to provide recommendations about a potential employee, or if someone should be granted a loan, it will be important to have an understanding about how the results were obtained. Stakeholders need to know the data considered for the research, and how that data was “weighted” to get a final result.

To minimize unintended bias in AI, Pentagon guidelines require that AI be “equitable.” This means that DOD will take deliberate steps to minimize unintended bias in AI capabilities. It’s probable that similar guidelines will be defined if government AI regulation is implemented.

Furthermore, AI solutions performing such tasks will need to be “traceable,” which means that these AI solutions will have to be auditable and transparent about the data sources used to reach a conclusion.

How would government regulations ensure safety in AI development?

AI will make great strides in technology used in transportation, such as self-driving cars. It will be important that AI technology used in autonomous vehicles is “reliable.”

To ensure safety, we should anticipate government regulations require AI algorithms be properly tested before they are placed into operation.

Government safety regulations for AI could be similar to Pentagon guidelines.“AI will have explicit, well-defined uses and the safety, security, and effectiveness of such capabilities will be subject to testing and assurance within those defined uses across their entire life-cycle.”

Future government regulations could also require that AI algorithms are designed to give access to third parties or government authorities so that data and code can be dissected and analyzed when an autonomous vehicle is involved in an accident. However, such regulations could infringe on the intellectual properties of AI developers.

How could government regulations be implemented to protect intellectual properties while at the same time, protect consumers?

Regulation could negatively impact AI Development if intellectual properties are not protected. Government law makers need to find a way to protect consumers while protecting the intellectual properties of companies that provide AI technology.

If government regulations require that AI developers implement additional code so that solutions are traceable, it could delay or impact AI innovation and development.

Government regulations that could mitigate the impact to AI innovation and development might look as follows:

For AI technology that does not raise safety concerns, government regulators might consider obtaining information through statistics, trends, and surveys as a way to protect both consumers and AI intellectual properties.
For AI technology that does raise safety concerns, such as self-operating vehicles, government regulations could require the manufacturers provide experts to assist government officials investigating a vehicle that has been involved in an accident. They would be required to help officials access, dissect, and analyze data to determine the cause of that accident.

AI regulations will most likely require that manufacturers provide a “kill” switch for any type of vehicle controlled with AI technology.

In a report titled “Predicts 2019: AI and the Future of Work,” Gartner found that “AI-enabled decision support is the greatest contributor to business value creation, overshadowing AI process automation throughout the entire forecast period of 2015 through 2025, globally.”

Artificial Intelligence (AI) is unlike any technology we have seen in the past. Much like a child, AI technology is maturing and “growing up.” Soon, it will go out on its own to make decisions with minimal guidance, therefore, we will most likely see government AI regulations in the future.

AI principles outlined by the Pentagon would be an excellent model for government AI regulation. These principles would promote responsible AI innovation, protect consumer privacy, ensure fairness with non-bias AI solutions, and ensure consumer safety while protecting AI intellectual properties.

Asset Management On-Boarding and Off-Boarding Users: 3 Keys to an Off-Boarding Process

Wed, 04 Mar 2020 17:48:14 Z

A friend of mine recently shared an experience with me that he had while working as a manager for a software manufacturer. The experience was about an employee he had to terminate. He told me that after meeting with the employee and HR, he completed the paperwork that was required and sent it back to the HR department.

Six months later, he received an email from finance giving him an overview of the expenses for his department. He noticed they were still counting the salary of the employee that he had terminated six months ago.

He reported the error to finance and asked them to correct the problem. Finance responded and explained that the salary they reported was accurate and that the money had been paid to the person he terminated. Furthermore, they reported the person was still receiving a salary every two weeks. An internal investigation was opened and it was determined that even though the employee was terminated along with all benefits and access to company owned data, one single process had not been completed. It was the process that notified the accounting department to terminate the bi-weekly salary payment to the now ex-employee.

Off-boarding users is not only an HR responsibility, it is an IT management responsibility. To do their job, employees often require many tools such as laptops, phones, subscription accounts, software, and access to networks that hold corporate data. When employees leave a company, they are expected to return the equipment supplied by the IT department.

Information Week commented on a study done by Intel: “In the U.S. study, 329 organizations surveyed lost more than 86,000 laptops over the course of a year. A surprising number–13%–were lost in the workplace, and an equal percentage of companies didn’t know where laptops went missing.”

If using a reputable IT Asset Managment system, a company will know exactly what assets a user has in his/her possession.Automated processes can be built to recover those assets; both hardware and software, along with access to corporate data and subscription accounts that were assigned to the employee.

IMPORTANT: Your off-boarding process will only be as good as your on-boarding process.

Having processes in place that map users to the IT assets which users are assigned and re-assigned is critical to an effective off-boarding process. IT assets that are in the possession of users who have not been mapped to those users will increase the potential of lost assets.

Three keys are needed to create an efficient off-boarding process:

Consolidate Processes
Automate Processes
Generate a Device List

1. Consolidate Processes

When creating an off-boarding process, it is important to try to consolidate processes for all tasks that need to take place. The example of the ex-employee that received a paycheck undetected by the company happened because the process to terminate salary payment was not executed by the same process that terminated benefits and network accounts. Consolidating processes would have simplified the execution of employee termination.

2. Automate Processes

When possible, build automation into your processes. Removing access to company networks, data, buildings access cards, and accounts should be automated to ensure no steps are overlooked. Any failures in the process should alert IT management so the problem can be corrected.

Include and automate online accounts and subscriptions to your off-boarding processes.

Many employees are supplied accounts to online cloud solutions such as Salesforce.com or a subscription to a service such as MSDN. A person I worked with recently told me that his Salesforce account was still active. The problem was the account was supplied by a company he had resigned from more than a year prior to him sharing his story with me.

3. Generate a Device List

The third key to an effective off-boarding process is to generate a device list in the off-boarding process that shows the assets that need to be recovered. This list should be generated and supplied to an IT asset manager. When assets are returned, a confirmation interface or email should be sent that will trigger the automated process to update the asset management database.

When a laptop is returned, the management database should update at least two fields; the Lifecycle State and the Owner. For example, the lifecycle state could be changed from ‘Assigned’ to ‘Available.’

A similar process should remove software license mappings to users and their devices.

When the off-boarding process has completed all tasks, a report should be generated documenting the completed tasks.

Summary

On-boarding and off-boarding users is a critical part of ITAM. It is important to have methods in place to map assets to users when they receive them. Just as important is the off-boarding process so the asset can be recovered. As assets are re-assigned within an organization, automated processes should be in place so that the asset is not misplaced or lost. Assets that are lost will not be tracked which means an off-boarding process will not be able to capture or process those assets. Simply said, if you do not know what to recover, you will not know what to ask your users to return to the company, and you could lose the asset permanently.

ITSM vs ITIL: What's the Difference Between ITIL and ITSM?

Mon, 02 Mar 2020 18:01:42 Z

For organizations that are building or expanding their IT Service Management offerings, it is important to understand the difference between ITIL (Information Technology Infrastructure Library) and ITSM (IT Service Management). And because ITIL and ITSM are constantly changing, it is critical to keep up with the latest technology.

The most basic answer is that ITSM is the actual practice, or professional discipline, of managing IT operations as a service, while ITIL is a set of best practices that provide guidance for ITSM—but that just covers the basics. In fact, there's a lot more we can learn about the differences between ITSM and ITIL by looking at the history of IT organizations and how IT has evolved over time.

Many years ago, I worked as an IT support analyst helping companies with a software product that managed their documents on the network. When customers called for help, I used a software program to open an incident that described:

The issue
The caller’s identity
The date and time the incident was opened

The IT department I worked for supported our organization and our customers with all their IT needs. This included helping customers with IT issues, creating knowledge articles, and providing assets to employees so they could do their jobs.

For those supporting IT, you often hear terms such as "ITIL" and "ITSM" when discussing IT Service Management.

So you might be wondering...

What is ITIL and ITSM?

Let's start here...

What is ITIL (IT Infrastructure Library)?

In the 1980s, IT Service Management best practices emerged as most organizations were migrating or planning to migrate to digital technology. The term ITIL was later introduced to refer to these best practices.

Definition of ITIL:

IT Infrastructure Library (ITIL) refers to a group of documents that provide a framework and best practices for building an IT Service Management (ITSM) solution. Organizations supporting an IT infrastructure can increase efficiency while reducing service management costs if they follow recommended ITIL processes.

In addition to best practices, ITIL provides common terminology, such as “Incident,” “Problem,” “Change,” “Configuration Item (CI),””Knowledge,” and “Configuration Management Database (CMDB),” all of which are examples of terms used by those who support IT.

Education that focuses on ITIL best practices is available for people who wish to gain a better understanding of ITIL. Furthermore, ITIL certifications can be valuable to have on a resume and are offered in a variety of areas (see below).

What is ITSM (IT Service Management)?

IT Service Management (ITSM) is sometimes mistaken as a software solution. In reality, ITSM is about process, people, and technology. Software is one component of an ITSM solution.

Definition of ITSM:

IT Service Management is a strategic approach for designing, delivering, managing, and improving the way information technology (IT) is used within an organization. The goal of IT Service Management is to ensure that the right processes, people, and technology are in place so that the organization can meet its business goals.

Components of ITSM Software

ITSM software tools usually come with several components such as:

Database
Business Objects (u, groups, roles, etc.)
Process Engine

These software solutions that support ITSM are typically designed to align with ITIL best practice recommendations.

ITIL & ITSM Certifications

Organizations such as Pink Elephant provide ITIL certification services for ITSM software providers.

Agile
Lean IT
ITIL® & ITSM
And more

Summary

IT support departments that only provide Incident Management are often referred to as a Help Desk or ticketing solution. IT support organizations that follow the majority of ITIL best practices are typically referred to as a Service Desk solution. Although some ITIL recommendations might not be practical for every organization, when building an IT Service Management solution, ITIL best practices are a good place to start.

Be sure to subscribe to news feeds and forums that discuss ITSM technology in order to stay informed about the latest technology updates and trends regarding ITIL and ITSM.

5 Key Benefits an IT Asset Management System Should Provide

Thu, 06 Feb 2020 21:41:51 Z

Asset management is not just about collecting inventory, it’s about how we document, track, and control every IT asset. Below are five key benefits that every IT asset management system should provide.

1. IT asset management should provide a single view into all IT assets owned by an organization

IT asset management dashboards provide complete visibility into every system within an organization. The knowledge that is provided from IT asset reports can be used to make informed decisions about IT strategy and IT asset acquisitions.

2. IT asset management should enhance data protection

When IT administrators can see every device, they are able to see technology gaps that might put their organization at risk. For example, on May 12, 2017, at least 230,000 computers in more than 150 countries were paralyzed by the WannaCry ransomware attack. However, this event was avoidable.

On March 14, 2017, Microsoft released a critical patch that protected IT assets from WannaCry ransomware. However, many of the organizations impacted by the WannaCry ransomware attack were running older-unsupported operating systems like Windows XP and Windows 2003.

IT asset reports could have notified these organizations about vulnerable outdated operating systems or software on their networks. Organizations that do not have reliable asset reports increase their security risks. If IT devices are not tracked, they might not be properly secured.

3. IT asset management should provide software license reports

Tracking and managing software licenses is critical if organizations want to avoid unexpected costs and penalties that come from software audits. IT asset management best practices suggest that organizations define and follow a process for purchasing software so that software licenses can be documented and tracked from the moment they are purchased until they are decommissioned.

However, mapping software installed in the data center to software licenses can be complicated because license models and SKUs are much more complex. Furthermore, they are often modified and changed by the software vendors. An asset management solution should provide integration to external sources so that license models and SKUs are up-to-date.

According to Gartner, “Reconciliation merges normalized data with related information from other, often external, sources. This can include procurement data, vendor SKUs, license and entitlement details, and organizational information.”

"Reconciliation is the act of harmonizing contract, purchase, and entitlement information with normalized inventory data to establish an ELP—the balance of licenses purchased to actual license consumption."

4. IT asset management should provide the lifecycle status of each IT asset

IT asset management systems document the status of an IT asset throughout the asset’s lifecycle. For example, when a laptop is purchased, it would be reflected in the IT asset management system as "purchased." When the asset has been shipped, the lifecycle status would be changed to "shipped." Additional lifecycles would include statuses such as "received," "assigned," "available," or "disposed."

Tracking the lifecycle of an asset allows administrators to be much more efficient when allocating IT assets to employees.

For example, if a laptop is required for a new employee, the IT asset lifecycle report could show if there is a laptop available.

5. IT asset management should facilitate IT asset requests

IT departments typically provide IT services to all non-IT departments within an organization. If requests for software and hardware are fulfilled by IT administrators without IT asset management, the organization will most likely incur additional costs.

For hardware requests, IT asset management systems will help avoid unnecessary purchase requests through asset reports that show available hardware.

For software, administrators can create automated processes that facilitate automated software installation of a software package. This process would include a task to map the associated software license to the customer. Software license tracking will ensure the organization is prepared in case of a software audit.

10 Reasons Why IT Asset Management is Key to Cybersecurity

Thu, 31 Oct 2019 19:01:46 Z

The foundation of an effective cybersecurity strategy is knowledge about the environment. IT asset management (ITAM) enables organizations to know what assets they have and where they are located, ensuring that all assets are tracked so they can be secured properly. Below are 10 reasons to include ITAM in your cybersecurity strategy:

1. Mitigates Risk

Uncertainty about security threats, legal liabilities, and unpredictable events are much worse for IT security administrators when they don’t know where assets are located, how they are managed, and if they are vulnerable. ITAM provides a picture of the IT assets being used in the common operating environment. When IT assets are properly tracked, administrators can lower the security risks that come from unknown, lost, or misconfigured IT assets.

2. Provides Software Asset Cost Control

When organizations know what software they have, they can reclaim unused software and reallocate it and avoid purchasing a new license for the requested software. Managing too many software applications increases the security risks that come from outdated software or software that hasn’t been patched. With proper IT asset management, organizations are better equipped to control software requests and software purchases.

3. Helps Ensure Software is Updated and Patched

Older versions of software, and software that isn’t properly patched can be a security risk for an organization. ITAM tracks assets in production and assets in storage. With accurate and complete inventory data, IT administrators can verify that all IT assets are counted and configured with the appropriate tools that will keep software applications up-to-date.

4. Provides Hardware Asset Control

Unauthorized or unknown IT assets can introduce a security risk to the network. ITAM along with network discovery tools will help IT administrators see all devices that connect to the network. When administrators know what is connecting to the network, they can put checks in place to verify that assets are compliant with security controls and updates.

Assets that don’t check into the network for a period of time can also introduce a security risk. With ITAM, administrators can be notified if an asset doesn’t report into the network, allowing them to investigate missing assets that have been stolen or lost. In addition to unexpected legal costs or fines, missing IT assets with sensitive data could become a public relations nightmare for an organization.

5. Locates IT Assets

ITAM helps IT administrators see where assets are physically located. It shows who is using the asset as well as the associated cost center or department where the asset is used. When IT assets don’t report into the network, or if they don’t respond properly to network security updates, it’s important to know where the asset is located so that technicians can quickly locate the asset to perform a visual inspection.

6. Maps the Purpose of IT Assets so that Appropriate Security Controls are Applied

ITAM enables administrators to document the purpose of an IT asset. ITAM solutions can associate IT assets to projects or to an IT service, providing security administrators the information they need to properly secure each asset. For example, servers purchased for a testing environment could require security controls that are much different than servers purchased to provide web services in a live environment.

7. Maps Software Assets

ITAM will report what software packages are licensed by the organization, in addition to what the software does for the organization. When software titles are mapped to software assets, IT administrators can avoid purchasing redundant software. Reducing the quantity of software applications that IT is required to support will lower security risk.

8. Sets Asset Priority by Categorizing IT Assets

Not all assets are equal in an IT environment. ITAM can categorize IT assets by their operational function. For example, an IT asset categorized as critical to IT service operations could be associated with a configuration item (CI), then managed in a configuration management database with configuration management processes to ensure that any changes, updates, or modifications are approved and scheduled using a change management process.

IT assets that contain sensitive or proprietary information should be categorized accordingly to ensure they are stored in a secure location and, if compromised, assigned to the appropriate incident-response process with the correct level of urgency. When properly categorized, IT assets with sensitive information can be assigned to relevant disposal processes that ensure data is properly removed from a device before it is discarded.

9. Improves Reporting Accuracy for Security Administrators

ITAM can improve the accuracy of reports created by security administrators. Consider using the IT asset management database as a source of truth to verify that each asset has been counted and configured with the appropriate security controls. Assets that go unnoticed might not get the proper security controls, creating a security risk to the network.

10. Tracks Non-traditional IT Components, Such as IoT

Non-traditional IT devices, such as IoT, continue to flood the network. IT administrators need to document all devices, both traditional and non-traditional, so they can assess the security risk accurately.

Although security risks associated with a smart lightbulb may seem minimal, software that controls the smart lightbulb could be compromised easily if not properly secured. ITAM keeps non-traditional IT devices visible to security administrators, ensuring that all devices, such as IoT hardware and its supporting software, are properly secured and kept current with the latest software and security updates.

Best Practices for IT Asset Discovery and Inventory Management

Thu, 05 Sep 2019 20:10:50 Z

Many years ago, I worked for a restaurant in a small beach town. One of my duties was to help the owner of the restaurant take an inventory of everything at the end of each month. I remember asking the owner why inventory was so important. He said; “It’s simple. When I know what I have, I know what I don’t have. When I know what I don’t have, I only buy what I need.”

Taking inventory before spending money is a simple concept; however, cloud solutions, IoT assets, virtual environments, and emerging technologies are presenting new discovery and inventory management challenges for IT departments in many organizations.

IT asset discovery is a defined process to discover and document IT assets that are on the network. Discovery processes require software discovery tools that scan a network and identify devices that are connected. Multiple discovery software tools are often used to meet IT asset management (ITAM) discovery requirements.

Inventory management software solutions include a database and software tools that document IT assets found by discovery tools, bar code scanners, manual uploads, manual entry, or from Business to Business connectors. ITAM best practices suggest that inventory management databases should link IT assets to relevant information such as associated contract or financial information.

When IT asset discovery and inventory management processes are not properly executed, asset data will be unreliable. Therefore, it is critical to have the right tools and processes in place to ensure that every asset is discovered and properly tracked by inventory management tools.

IT Asset Discovery Best Practices

Identify IT Assets That Will Be Discovered

It is important to be successful, so keep it simple in the beginning. Start with laptops, desktops, and software. Allow the ITAM solution to mature over time. Be sure to work with stakeholders throughout the organization to define a strategy for discovering IT assets on the network.

In a report titled How Redefining IT Asset Management Will Enable Business Transformation for the Digital Age, Gartner recommends that, “As ITAM policies shift, IT asset managers should proactively work within the IT strategy planning process to identify what will be acquired, why it will be used, its anticipated useful life, and how it will be secured, monitored and maintained. Identifying the business value of the asset and having the ITAM leader and stakeholders map this to the business outcome is important for proper governance of current assets and those yet to be deployed.”

Identify Discovery Tools

Network discovery software and bar code scanners are tools that help IT asset managers discover and track their IT assets. Don’t be afraid to use multiple discovery tools to meet your IT asset discovery requirements. Some discovery tools are better at discovering datacenter software, while other discovery tools are better at discovering endpoint devices.

Take advantage of network solutions already installed on the network, such as security tools that have discovery capabilities. Don’t let discovery limitations in a single discovery tool dictate your discovery requirements. Define your requirements and then choose the right tools to meet those requirements.

Define a Discovery Process

Define and enforce a discovery process to ensure that all IT assets are properly counted. Document the assets in an inventory management database when assets are purchased, then use bar code scanners of software tools to document lifecycle changes to the asset. With lifecycle management, IT administrators will be able to see what assets have been purchased, shipped, received, and assigned.

Be sure to define a process to discover or document IT assets that are acquired outside of normal procurement processes.

Normalize the Data

Normalize discovered data to ensure accuracy. We often see hardware or software assets change how they report their asset information to inventory databases. For example, a Microsoft application could potentially report its vendor ID as “MS” “Microsoft,” or “Microsoft Inc.” Inconsistent naming conventions make it difficult to build IT asset reports; therefore, it is important to ensure consistency by implementing asset normalization processes. Asset normalization can be accomplished using database scripts or normalization software tools.

Inventory Management Best Practices

Define an IT Asset Lifecycle

Build an inventory management process that documents the lifecycle status of each IT asset. Asset lifecycle information will show IT administrators if an asset is in use, in storage, checked out, available, or retired.

IT asset management best practices suggest that IT assets should be documented from the moment they are purchased until they are retired. When a lifecycle status is added to an asset, IT administrators can create reports showing assets that have been purchased, shipped, and received. Asset managers will be able to identify IT assets that are available for projects and new employees or assets that are being serviced.

Furthermore, tracking the lifecycle of IT assets gives IT asset administrators the ability to see what hardware assets need to be refreshed, or what software licenses need to be renewed, giving them vital information needed for making future IT purchases.

Determine If IT Assets Should Be “Managed” or “Unmanaged”

Determine the risk associated with IT assets and then place them in one of the following two categories: Managed or Unmanaged.

IT assets that contain proprietary data, such as laptops, desktops, servers, and mobile devices should be placed in the managed category. IT assets that support operational requirements that do not contain sensitive data, such as hubs, monitors, and printers (without hard drives) should be placed in the unmanaged category.

Managed devices should be equipped with software agents that “check-in” to the inventory database on a regular basis. Asset managers should setup alerts to notify them if an asset does not “check-in” within a pre-determined period.

While in storage, devices with sensitive data, such as a server containing customer data, should be monitored using bar code scanners or software tools, such as RFID, that will notify security if a device is removed from a predefined location.

According to Gardner, “A fundamental prerequisite to any effective asset management strategy must be the ability to address whether the asset is a flight risk or is at risk of being stolen. A partial asset management process for tracking data center assets may be able to track a server with customer information while it is on the network, but once it is in a storage room, there is a risk associated with the asset being lost or stolen.”

Define an Asset Mapping Strategy

Add meaningful data to your inventory by mapping IT assets to relevant information, such as:

Owners
Contracts
Cost Centers or Departments
Projects
Configuration Management databases
Locations
Compliance Definitions

When IT assets are mapped to relevant information, IT asset administrators will be able to add value to their organization by providing meaningful IT asset reports that contain insights into security risks and overall IT asset operational costs. Today, there are many software tools available that give asset managers the tools required to map IT assets to contracts, purchase orders, shipping information, cost centers, and much more.

Choose software tools that let you add relevant information to your IT assets.

Automate IT Asset Processes

Automating IT asset processes will increase productivity in addition to reducing risk. Mistakes that are typically made by humans can lead to inaccurate data. A good place to introduce automation is with processes that contain repetitive-non-value-added tasks that are typically performed by a human technician. Consider replacing human technicians with automation tools that can perform redundant tasks.

Summary

ITAM solutions require discovery and inventory software tools to properly document IT assets. Define discovery requirements before choosing software tools. Choose inventory management tools that allow you to map IT assets to relevant information. To ensure success with your ITAM solutions, keep it simple in the beginning and then allow your solution to mature. Track assets by defining an asset lifecycle and be sure to consider automating redundant tasks to avoid mistakes made by human technicians.

Four Reasons Government Agencies Need IT Asset Management

Tue, 02 Jul 2019 17:10:44 Z

I remember spending an entire day at the department of motor vehicles, or spending hours on the phone waiting to talk with a government tax representative. However, in recent years government agencies have made big steps in their digital transformation initiatives by investing in technology that eliminates long wait times while improving the customer experience.

Because government agencies have improved and expanded self-service offerings, people can now resolve issues, renew licenses and permits, or find answers to their questions online without any human intervention from a government representative.

While investing in technology solutions to improve government efficiency, government agencies have been inundated with hardware and software IT assets. For many agencies, managing the influx of IT assets has been attempted by using spreadsheets or inadequate inventory tracking solutions.

As a result, agencies have done a poor job, overall, tracking and managing the IT assets and software licenses that support their technology solutions. Government agencies need to implement proper IT asset management solutions along with ITAM best practices for the following reasons:

1. Security Compliance

To ensure IT assets are secured, cyber security teams implement various security controls to prevent unauthorized access. This includes identifying vulnerabilities and ensuring patches are applied to applications and operating systems.

However, the most sophisticated security software on the market is of no use when IT assets on the network go undetected.

In recent years, poor IT asset management practices have been blamed entirely, or in part, for many security breaches in government agencies. On December 19, 2018, NASA, a US federal government agency that spends approximately 1.4 billion USD per year on IT, revealed that employee data had been compromised in an internal memo.

An investigation revealed that “the Security Operations Center (SOC) has fallen short of its original intent to serve as NASA’s cybersecurity nerve center. Due in part to the Agency’s failure to develop an effective IT governance structure…”

The report specifically refers to poor asset management stating that:

“With no knowledge of specific applications, operating systems, or other device information, the SOC is severely limited in its ability to assist the Missions or to correlate event data across institutional and Mission network boundaries when an information security incident occurs.

Security breaches like this have not gone unnoticed by government law makers. In September 2011, the National Institute of Standards and Technology (NIST) released a special publication, 800-137, titled Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations.

In the executive summary NIST claims that “Information security is a dynamic process that must be effectively and proactively managed for an organization to identify and respond to new vulnerabilities, evolving threats, and an organization’s constantly changing enterprise architecture and operational environment.”

The NIST 800-137 policies and standards were recently referenced by the Department of Defense (DoD) Enterprise Software Initiative (ESI) during a presentation. DoD ESI claimed “the implementation and effective use of asset management technologies can assist organizations in automating the implementation, assessment, and continuous monitoring of several NIST SP security controls”

In the future, we will see IT asset management become a critical component to all government cyber security strategies.

2. Inventory Control

Budget allocations assigned to government agencies each year limit how much an agency can spend on IT projects. Towards the end of the government fiscal year, we often see government decision makers scramble to fund projects and acquisitions in order to maintain their budget allocation for the upcoming year.

When inventory is not controlled and managed, the integrity of the data is at risk.

With accurate inventory reports, IT decision makers can see what IT assets are in place and what IT assets are being used, allowing them to make better IT acquisition decisions. With accurate inventory data, decision makers will be equipped to make better financial decisions, such as re-allocating funds from underutilized software licenses, to unfunded IT projects.

3. Software License Control

Inaccurate software license information often leads to over purchasing or under purchasing software licenses. Without enough software licenses, agencies can incur unexpected fines and costs due to software license violations. If too many software licenses are purchased, federal IT administrators are at risk for being accused of mismanaging federal funds.

The U.S. federal government processes more than 42,000 transactions each year for software costing more than 6 billion USD. On June 2, 2016, the US President issued a memorandum titled: “Category Management Policy 16-1: Improving the Acquisition and Management of Common Information Technology: Software Licensing”

The memorandum claims: “A recent report by the Government Accountability Office (GAO) indicates that agencies buy and manage software licenses in a decentralized manner, struggle to create accurate inventories, often purchase unneeded capabilities, and generally do not facilitate better purchasing by sharing pricing or terms and conditions across the Government.”

As a result, the memorandum introduced a new policy stating that: “Agencies shall develop automated, repeatable processes to aggregate software license and maintenance requirements and associated funding, as appropriate, for commercial and COTS software acquisitions. Agency CIOs, in coordination with CAOs and CFOs, must use their authority under FITARA to align all components with a centralized acquisition strategy that defines common software license and maintenance requirements across the agency.”

In July 2016, the MEGABYTE Act was signed into law. It requires executive agency CIOs to establish software license inventories by using automated discovery tools that can track and maintain licenses, in addition to reporting the usage of those licenses.

Without proper license management, government agencies either expose themselves to software audits resulting in unnecessary costs, or they purchase too many software licenses, depriving other vital projects of much needed funds. Ultimately, mismanaging funds delays the Federal Agency’s digital transformation initiatives while wasting the taxpayer’s money.

4. Digital Transformation Initiatives

Technology solutions in government agencies have typically existed in silos; however, digital transformation initiatives require services and information to be available or delivered any time to any platform or any device.

For far too long, agencies delivered their information in programmatic silos, missing opportunities for coordination or collaborative partnerships.

In May 2012, the U.S. federal government launched their “Digital Government Strategy” to ensure government agencies are in line with current technology, to improve the quality of government services, and to improve their customer service.

Agencies that provide significant services to the public or to external organizations are required to identify key customer services, then they are to survey their customers about those services. Using the data collected from surveys, agencies are to establish service standards and measurable benchmarks. To improve customer services, agencies are urged to expand and streamline their self-service offerings.

Without IT asset management, digital transformation objectives will not be possible because digital transformation initiatives require resources and processes to procure and manage devices, applications, and data.

UEM vs. ITAM – What’s the Difference?

Tue, 22 Jan 2019 18:59:14 Z

In 1996, Washington, DC and its surrounding communities were hit with a tremendous snow storm causing businesses to shut down across the entire region. Today, advances in technology allow people to work from almost anywhere, eliminating “snow day” shutdowns for most office workers.

Mobility solutions, cloud solutions, and light weight laptops have given employees access to the tools they need to do their jobs from almost any location. However, today’s technology advancements are straining IT departments as they try to support various IT solutions across multiple platforms.

Demands on IT administrators will not slow down this year as most organizations are driving their digital transformation strategy to keep up with competitors and customer demands. To achieve digital transformation, organizations are implementing Unified Endpoint Management (UEM) solutions along with IT Asset Management (ITAM) solutions. Although both strategies are focused on IT assets, their objectives are not the same. What’s the difference?

Unified Endpoint Management (UEM)

To support IT assets, IT administrators have to maintain and configure devices to use VPN services, email services, and connectivity services such as Wi-Fi. However, maintaining devices requires administrators to enforce access policies, install updates, control applications, deploy and manage legacy applications, enforce encryption, manage printers, and to perform audits.

The challenge faced by administrators is to perform these tasks across a diverse environment with multiple platforms and operating systems. The objective of UEM is to simplify the process of managing a diverse set of IT assets through a single interface.

According to Gartner, “UEM refers to a new class of tools that can act as a single management interface for mobile, PC, and other devices.”

UEM solutions are vital for IT departments trying to manage the influx of IT assets coming on to the network. Without a UEM solution, IT administrators would have to learn and understand multiple tools in order to complete a single task. For this reason, many organizations are turning to UEM solutions as a way to deploy, manage, and a secure their IT assets across multiple platforms.

Gartner claims that “I&O leaders should expect and plan to replace enterprise mobility management and client management tools with UEM to support modern OS’s.”

To achieve endpoint management from a single console, UEM solutions typically require four key components:

Discovery

Because IT assets need to be discovered and documented into the UEM solution, discovery tools are essential. UEM discovery tools work across multiple platforms and operating systems.

Security

UEM solutions need to secure the IT assets they manage. To secure IT assets, UEM solutions ensure that applications are kept up to date, that proper security controls are installed, and that policies are applied.

Integration

Integration is a key component for UEM solutions. This gives administrators the ability to see and manage all IT assets from a single console, thus eliminating endpoint silos. Without integration, administrators would be required to learn and use multiple management interfaces to manage IT assets across platforms.

Automation

When UEM solutions are integrated with other solutions on the network, automation can drastically reduce overhead by automating tasks that are typically performed by a human. For example, when a new employee comes on to the network, a UEM automated task could be triggered by a Human Resource (HR) application to automatically deliver software packages required for the new employee.

It is important to note that Process Automation is a key component of digital transformation. Ashish Deshpande writes about this on Forbes.com: "Ultimately, people — not technology — drive change. When your people aren’t wasting time on non-core activities or manual workarounds, they can do more of what’s important."

IT Asset Management (ITAM)

An IT asset refers to both hardware and software used to support an organization’s business objectives. IT Asset Management (ITAM) provides standards, processes, policies, and measurements for the purpose of increasing IT asset control and compliance in addition to reducing risk and costs. Ultimately, ITAM provides organizations with accurate inventory reports.

With accurate inventory reports, organizations are able to make informed IT purchase decisions. The challenge with managing IT assets is that IT assets are often updated, moved, and refreshed, which makes it difficult to maintain up to date asset information.

Inaccurate IT asset reports expose organizations to unnecessary IT purchases, software audits, and security breaches. ITAM best practices include processes that map IT assets to their contractual and financial information which enables organizations to track the overall cost associated with each IT asset.

With ITAM, IT assets are tracked from purchase to disposal which is referred to as IT asset lifecycle management. Lifecycle management ensures that when hardware is refreshed, software licenses are properly harvested from decommissioned devices, so they can be redeployed to new devices.

According to Gartner, “IT asset management (ITAM) provides an accurate account of technology asset lifecycle costs and risks to maximize the business value of technology strategy, architecture, funding, contractual and sourcing decisions.”

To achieve asset management objectives, ITAM solutions require three key components:

Discovery

IT assets need to be documented into the ITAM database when they are acquired and when they change. Without efficient discovery services, IT assets can go unnoticed or get lost, which increases an organization’s security risk

Integration

Integration gives administrators the ability to see and manage all IT assets from a single solution. Without integration, asset administrators would have to use additional tools, such as spreadsheets to obtain and maintain accurate inventory information.

Automation

Automation reduces human error. Mistakes can lead to inaccurate inventory information which increases risk and costs associated with IT assets. ITAM solutions often use automation tools for asset requests.

With regards to digital transformation, Deshpande recommends the following: “You don't have to automate every process at once. Start with something that's fairly common, involves multiple stakeholders and is performed reasonably often, like a purchase order”

Summary

UEM and ITAM are important to any organization heavily dependent on technology to achieve business objectives. UEM simplifies endpoint management with a single interface while ITAM reduces IT asset costs by keeping decision-makers informed. Furthermore, both UEM and ITAM are critical for those organizations trying to achieve digital transformation.

What is the Future of the IT Service Management (ITSM) Analyst?

Tue, 22 Jan 2019 17:53:04 Z

Many years ago, when I worked as a help desk frontline analyst, I remember a small device that connected to our phone system. It displayed how many people were on hold waiting for help, in addition to how long they were waiting on hold. Sometimes, when we were busy, I noticed that some folks were on hold for up to an hour.

Over the years, frontline support demands have increased while associated budgets have decreased. Unfortunately, it appears that these trends will continue in the foreseeable future. As a result, organizations are turning to technology as a way to meet the increased service management demands with limited resources. In 2019, we will see a renewed interest in chatbot technology with an expansion of self-service offerings.

As self-service portals and chatbots powered by Artificial Intelligence (AI) mature, we will see the frontline human ITSM analysts, as we know them today, fade away. Chatbots and intelligent process automation will help ITSM organizations meet increased demands fueled by the rapid expansion of self-service offerings, thus allowing the human analyst to focus on major incidents (one-to-many), problem management, and change management.

With Agile, Unified IT, DevOps, and Digital Transformation on the radar of most organizations, we will see ITSM solutions evolve by integrating into other technology solutions on the network, thus eliminating technical silos we have been accustomed to in the past.

Network issues will be handled by integrated service management processes that will trigger complex sub-processes to automatically detect, then resolve network issues before they are observed by a human analyst.

Requests for IT services will be handled by chatbots and self-service portals which then use integrated automated processes to fulfill the request, eliminating the involvement of a human technician.

Eventually, all service management processes will be satisfied from start to finish by intelligent automated systems that will not require human intervention. As a result, the role of the IT analyst will have to change.

Skills That Will Be Required by the Future ITSM Analyst

Service management employers are beginning to seek out talent with a new set of skills in preparation for modernizing their ITSM solutions. These skills include knowledge of technologies such as AI, Unified IT, Agile, and DevOpps. ITSM Analysts and administrators that do not acquire these skills will be considered old-fashioned, and as a result, they might be viewed as impeding the progress of their organization’s ITSM objectives.

In a Gartner Trend Insight report titled Applying Artificial Intelligence to Drive Business Transformation, Whit Andrews states:

"To marry AI with advanced analytics will require new data and analytics best practices. Human expertise and skills will be a major limiting factor for AI ambitions. IT leaders should address the human capital needs for AI at the outset."

Future ITSM analysts will be responsible for managing automated processes instead of performing the processes manually. Analysts with a deep understanding of their customers’ business and business objectives will continue to be valued by their organizations. Analysts and administrators that do not acquire these skills will be replaced.

Modernizing an ITSM solution with chatbots, AI, and integrated automated processes will not be easy. Most organizations will rely on their ITSM analysts and administrators to provide direction and advice to fine-tune the solution and enhance the customer experience.

Summary

Eventually, ITSM solutions will have the ability to make decisions. However, for the near future, decision-making responsibilities will not be handed over to AI without a human analyst involved in the process. ITSM analysts and administrators that are able to manage processes and new technologies, such as AI, will be critical for service management teams to be successful.

As organizations venture into unknown territory by implementing new ITSM technology while disrupting traditional service management methods, it will be vital for ITSM Analysts to earn the trust of stakeholders. With service management processes spanning the entire organization, it will be important that analysts have good relationships with non-IT stakeholders in addition to IT stakeholders.

Five Technologies That Artificial Intelligence (AI) Will Impact in the Data Center

Thu, 29 Mar 2018 21:53:34 Z

A data center is typically found in any organization that provides IT services to a business or government organization, IT services to consumers such as retail shopping, online media, and financial services, or IT services to internal employees.

Artificial Intelligence (AI) has become a popular technology buzzword over the past year. However, what does that mean for those IT administrators running a data center? Administrators should expect to see AI used to make the data center more secure while increasing performance and minimizing or eliminating problems that disrupt data center processes.

At Gartner’s annual conference for IT infrastructure operations professionals in Las Vegas, Gartner Research Vice President Milind Govekar claims: "By 2020, 30 percent of data centers that fail to apply AI and machine learning effectively in support of enterprise business will cease to be operationally and economically viable."

Over the next two years, data center administrators will see AI impact or disrupt the following data center technologies:

1. Data Center Automation

AI will provide agility to automated processes in the data center. Administrative tasks typically performed by a technician will be replaced by automation. This will increase performance, reduce downtime, and reduce mistakes. Automation powered with AI will provide administrators with trending analytics and predictive analytics that will improve existing automated process in just seconds.

Furthermore, AI processes will be able to make changes to existing processes in real-time. For example, based on learned information, an AI process could predict that a device does not perform well at a specific time of day or after a certain event occurs. In response, AI adjusts its process in real-time to bypass that device during that period or after the incriminating event. When the device returns to its normal posture, AI might adjust the process to include the device once again.

2. Capacity Management

Data centers today are demanding agility, which means that changes need to be made in real-time in the live environment without performing traditional testing procedures that IT has been accustomed to in the past. AI automation will be able to identify where changes need to be made, make changes, and correct errors that could be caused by a change, quickly with little to no disruption to the live environment.

For example, a data center that offers retail products to consumers by providing an online catalog service would be able to allocate resources, such as disk space and additional processors during peak performance hours, with no human intervention. Additionally, AI will be able perform these tasks when faced with performance spikes that might not have been predicted in advance.

3. Asset Management – Software and Hardware

Software licenses for products used in the data center can be complex, and might not support unforeseen events, such as unpredicted increased capacity requirements. Changes made in the data center will affect software license agreements and could result in unforeseen license costs.

AI will be able to learn from trending information, then provide predictive analytics to the business. For example, AI will be able to provide recommendations to the business to acquire additional software licenses next year, or it might recommend that the business purchase additional hardware in six months. These predictions will be obtained from learned knowledge and historic performance trends obtained through AI technology.

4. Security

AI will provide IT security solutions with the ability to quickly identify risks and mitigate those risks. When a breach occurs, AI will be able to quarantine infected devices while rerouting processes in a live environment without any impact to the end users. The bottom line, AI will have decision making power typically owned by a human administrator. Responses to problems will be dealt with in real-time and very quickly when data center security solutions are powered with AI

5. Service Management

AI will support data center solutions by keeping them up-to-date, and compliant with government regulations and standards. When issues are encountered with the solution, AI will be able troubleshoot the issue, identify the problem, and provide administrators a quick answer for resolving the problem.

Troubleshooting issues in the data center are typically performed by a human analyst that uses software tools to assist in the process. We will see AI take over this role in the very near future. Soon, it will become much more reliable than a human analyst. It will also perform its role much faster. It will learn and have access to learned knowledge instantly each time it encounters a problem.

13 Requirements to Include When Selecting a Data Center Discovery Scanner

Tue, 16 Jan 2018 00:05:21 Z

Throughout my career, I have travelled extensively to meet with customers. In preparation for a trip, I pack a bag with my personal belongings and laptop. Unfortunately, throughout the years, I have managed to forget something more often than I should. In most cases when I forget an item, I have to purchase a replacement item, which is an unnecessary cost.

To reduce the risk of forgetting something before I travel, I decided to create a checklist of items I should pack when traveling. First, I determine my requirements, which includes business attire, such as suit, tie, and matching shoes. Then, I create a checklist that I use each time I pack my bag. Checklists assure that all requirements are met. For me, that means that I do not leave until my checklist has been verified against the items in my bag.

Checklists are often used by IT organizations when they are looking to implement a software and/or a service solution. These checklists are often referred to as a Request for Proposal (RFP) or a Request for Information (RFI). They are typically provided to vendors who are trying to earn the organization’s business. Checklists are simply requirements; however, if a list of requirements is not complete, the desired solution will not be completed as expected.

Managing and optimizing software licenses in the data center can be difficult due to complicated licensing models used by many software vendors. Because software licenses are not properly managed by many organizations, they can incur unexpected costs and fines because of non-compliance to their license contracts. As a result, many organizations are now looking to implement a software asset management (SAM) solution as well as with software license optimization capabilities.

A key component of SAM and software license optimization is discovery services. Discovery is a discipline in itself, and is not limited to just scanning servers and software. Discovery means finding all the required data sources, including all contracts, schedules, and entitlements to effectively calculate your license position.

*Be sure to spend time researching your discovery requirements before you start evaluating products.

Before choosing an IT asset discovery solution, it is important to define your discovery requirements so that you can create a checklist; much like creating a checklist when planning a trip. I have met with organizations that have purchased a software solution, only to realize later that the solution did not meet all their requirements. As a result, additional software or services were required to fill the gaps.

Understand How Software Licenses are Calculated Before Determining Discovery Requirements

License metrics give organizations clarity about the liability of each application; however, calculating license metrics can be complicated. License metrics are typically calculated using one of the following type of licenses:

Install-Based
Processor-Based - includes Cores and Processor Value Units (PVU’s)
User-Based
Resource-Based – a count of the resources.

These license variations will require your discovery services to do more than just scan for software and servers. To collect the inventory information required to determine your license position, you might need to discover how many users are using an application, or the number of resources consumed.

Below are 13 requirements that should be considered when listing your discovery requirements.

Data Center Discovery Requirements

1. Scanner must discover the following Operating Systems:

a. Windows

b. Linux, all versions IE, HPUX, Red Hat, Centos etc.

c. AIX to cover all IBM devices

d. Solaris for Oracle

2. Scanner must identify:

a. The unique ID of the server

b. Type of server

i. Physical

ii. Virtual

iii. Cloud

*This is imperative for discovering how the servers are linked to each other for Dependency Mapping.

3. Scanner must identify the server processor:

a. Model

b. Version

4. Scanner must identify ‘Cores’ associated with the processor

*Required to identify the ‘Core Factors’ used by Microsoft, IBM, Oracle, and several other vendors to calculate licenses.

5. Scanner must identify the number of available ‘Sockets’

6. Scanner must identify the number of available ‘Threads’

7. Scanner must identify links between servers residing in a cluster

*Many organizations are using virtual environments. Vendors typically have specific models for the virtual environment. Most organizations use Hypervisors on Windows and Linux servers. Getting this wrong could create a massive financial risk to the business. Be sure to understand your clustering architecture and the licenses you are entitled to use.

8. Scanner must identify and differentiate different types of partitions for IBM AIX servers

*IBM AIX servers divide their own servers for virtualization using their own naming convention called ‘Partitioning.’ Changes made to partitions can affect IBM licensing models

a. Scanner must discover Fixed partitions

b. Scanner must discover Logical partitions

*Fixed or Logical partitions can have shared or dedicated pools which can have capped or uncapped virtual processors that are assigned to the partitions. Calculating the entitled capacity and the maximum capacity of each partition needs to be performed to understand how the partition is utilized.

9. Scanner must discover Logs on servers

10. Scanner must identify software applications installed and running on every server:

a. Scanner must identify Physical servers

b. Scanner must identify Virtual servers

c. Scanner must identify Cloud servers

11. Scanner must identify how applications are linked to other applications

12. Scanner must identify how applications are linked to services running on the server

13. Scanner must identify how applications are linked to databases

*How the applications are linked will have an impact on how the applications are licensed. For example, a database might not need a license if it is connected to an application which already includes a license.

Three Components Required for a Complete IT Asset Management Solution (Part 4 of 4): Lifecycle Management

Mon, 23 Oct 2017 22:18:26 Z

When a person is accused of a crime, evidence is required to back up the accusation. To protect the person being accused, physical evidence obtained must be protected from anyone who might want to tamper with it in order to change the outcome of a trial. In a court of law, government officials are required to show a Chain of Custody for any physical evidence that will be entered into the trial.

Chain of custody (CoC), in legal contexts, refers to the chronological documentation or paper trail, showing the paper trail, custody, control, transfer, analysis, and disposition of physical or electronic evidence.

To meet the standards required to prove “chain of custody,” documentation is required to show how the evidence was collected, stored, and transferred. Documentation needs to include a person who is accountable for the evidence, the location of the evidence, and dates to establish a timeline.

Asset Lifecycle Management

Asset lifecycle management is similar to a chain of custody. Assets need to be documented when they are acquired, and tracked until they are disposed. Documentation includes a person that is accountable, along with locations and dates that establish a timeline from acquisition to disposal.

The objective for tracking IT assets has traditionally been associated with controlling costs; however, many organizations are starting to realize that asset lifecycle management is critical to their security objectives. Lost or misplaced assets that contain proprietary data, such as employee or customer information, puts organizations at risk from a security perspective.

Process

To meet the requirements demanded by IT asset lifecycle management, a business process has to be established to define how IT assets are acquired, transferred, and disposed. Creating a process for IT asset management (ITAM) can be challenging because ITAM processes are not just for those in the IT department, they are processes that touch every part of the organization.

Most successful ITAM programs are invasive to the organization, involving everyone at some level, such as end users (educating on compliance), budget managers (redeployment as a choice), IT service departments (providing information on warranties), and finance (invoice reconciliation, updates for fixed asset inventories).

ITAM processes will also differ depending on the type of asset. For example, the lifecycle of a laptop process would be much different than the lifecycle of a software asset process.

When an ITAM process is established, it is important to enforce the process. I remember working with a hospital that was building an IT asset lifecycle process. The challenge they encountered with their process was a political obstacle. Several departments within the hospital had their own IT budget which allowed them to purchase their own IT assets.

The process that had been established by the hospital did not have a way to account for assets acquired by internal departments outside of the IT department. To overcome this obstacle, a single portal was established for purchasing IT assets which allowed asset managers to document and process every asset that was purchased, regardless of the department making the purchase.

The Importance of Process Automation

Another challenge IT asset managers encounter is human error. When a process is not followed due to human error, assets can be misplaced or lost. Automating ITAM processes will reduce or eliminate human error. For organizations looking for an asset management solution, it is important to choose a solution that provides or integrates with automation tools.

Asset Lifecycle Status

An asset lifecycle process is much like a train track with several stops along the way. Each stop is given a name much like an actual train station stop. As assets pass through each stop, they are documented in the asset management database, giving administrators the ability to see historic information for each asset.

An asset lifecycle stop in an IT asset management process represents the “status” of the asset. For example, when an IT asset is purchased, it would immediately be entered into the organization’s asset lifecycle process. Once entered into the process, the asset will be assigned a “status” that shows it has been “ordered.” When the asset is received by the organization, the process would move it from “ordered” to “received.” This change can be done using a form, or a bar code scanner.

When lifecycle processes are followed, IT administrators are able to see the current status of each asset; showing where every asset is according to the lifecycle status defined within the process.

If an asset manager needs to know how many laptops are currently available, a report could be created showing how many laptops are currently available, or how many are on order. Also, a lifecycle status report will show administrators how many laptops are currently assigned to their employees.

Software asset lifecycle processes will be different to hardware, but the concept of tracking the “status” of a software IT asset is the same as it is for hardware.

For example, when using a software asset lifecycle processes, IT asset managers will be able to see when software was purchased and when software expires according to the software contract. Furthermore, asset managers will be able to facilitate on-boarding and off-boarding of their employees by automatically assigning and un-assigning license entitlements as employees come and go. Finally, asset managers will be able to determine if licenses are available when fulfilling software asset requests.

Summary

IT Asset Lifecycle Management gives asset managers the ability to see IT assets as well as their current status. Tracking the status of an asset is achieved through a process that tracks the asset from when it is purchased, placed into operation, placed into repair, until placed into disposal.

To ensure success when applying lifecycle processes to IT assets, it is important to use automation tools to avoid error that is often made during manual processes.

Be sure your IT asset management solution is able to work with devices, such as bar code scanners, which enable asset managers to easily move assets from one status to another in the asset lifecycle process.

Most important, be sure that proper discovery techniques are used to ensure every asset is discovered, followed by asset mapping to build asset intelligence. Without proper discovery and intelligence, an asset lifecycle process will not produce accurate and meaningful results.

Other posts in this series:

AI In ITSM: The 3 Areas That Will Be Disrupted The Most

Tue, 10 Oct 2017 21:27:55 Z

What is Artificial Intelligence (AI)?

AI is technology that has the ability to learn, and as a result, provide responses that were not programed or predicted by its creators.

"Alexa! Where are my keys?"

I am looking forward to a day when I do not have to ask anyone to help me find my keys. I am convinced that in the very near future, I will have that technology in my home. I am often teased by my wife and children about losing things around the house. “Someone must have broken into the house and stolen your keys” is a phrase I have heard too many times. Ha! Ha! Very funny!

I dream of the day when Alexa notices that I am forgetting something, like my wallet, then alerts me before I leave the house. How could that be possible? By making Alexa intelligent.

In a Gartner report titled Hype Cycle for the Internet of Things, 2016 , Gartner claims that,

“Business and IT leaders are stepping up to a broad range of opportunities enabled by smart machines, including autonomous vehicles, smart vision systems, virtual customer assistants, smart (personal) agents and natural-language processing.

Gartner believes that this new general-purpose technology is just beginning a 75-year technology cycle that will have far-reaching implications for every industry.”

Artificial Intelligence (AI) will dramatically improve technology in our homes and even more so in the workplace. As AI infiltrates our corporate and government networks, IT Service Management (ITSM) organizations will be burdened with the responsibility to keep these systems up and running.

According to Gartner, “Employing AI offers enterprises the opportunity to give customers an improved experience at every point of interaction, but without human governance, the opportunity will be squandered.”

Initially, without humans to govern systems powered with AI technology, AI will not be successful. As we look even further into the future, advancements in AI technology will probably negate the need for human governance, but that is another topic for another day.

New Research Report: AITSM: How AI is redefining IT service desk automation

We should expect 3 key areas to be impacted by AI in ITSM ITSM offerings:

Point of Entry (Incident/Request Creation)
Automated Backend Processes
Knowledge Management

Before discussing these three areas..

Let’s explore how AI will impact some of the technology we use today.

AI in the Home

Introducing AI to existing technology such as Amazon’s “Alexa,” will provide it with the ability to learn. If Alexa can learn my unique habits or patterns that I follow before leaving the house, Alexa would be able to alert me if I was going to forget something I typically take with me.

Until recently, technology struggled when there existed an infinite number of possible outcomes for a given situation. AI will enable technology, such as Alexa, to read and interpret patterns, not just mathematical equations with a predicted outcome as most computer technology does today.

If Alexa is to help me find my keys, she (it) will have to be aware of her surroundings. Alexa will need to “see” the entire house. This type of technology is available today with 360 camera technology.

For Alexa to have the capability to alert me if am going to forget something, she will have to be able to read and understand patterns, or in other words, she will need to know that when I leave my house, I always take my wallet, keys, cell phone, and reading glasses. However, there are still many complexities associated with this scenario before a pattern can be established.

For example, Alexa would have to be smart enough to know the difference between me leaving the house to drive somewhere versus me leaving the house to work in the yard. I am sure that over time, there are enough consistencies in my process for leaving the house that Alexa powered with AI, would see certain consistencies and therefore identify a pattern.

Once Alexa establishes my pattern, Alexa would then be able to make predictions, which means she would be able to notify me that I am going to forget my wallet as I am getting ready to leave.

Chatbots

The word hello can easily be understood and translated by technology using pattern translation technology. It is simple math a=b. Although everyone has a unique tone or accent when saying “hello,” today’s technology can translate the dictionary meaning of “hello” and give an appropriate response using pattern translation technology.

Sometimes when I say hello, I am sad, and sometimes I am happy. However sometimes I am just tired. When I say hello to a person, that person may detect I am sad and say “what’s wrong?” However pattern translation technology is not equipped to handle an emotion associated with the pattern.

Chatbots powered by AI

If you whisper “hello” to Alexa, or if you have loud music playing in the background when you say “hello,” Alexa still has the ability recognize the pattern of the word and respond accordingly. But what if you want the technology to translate “hello” into a feeling?

In the future, we will see chatbots evolve with AI technology. There will come a day when chatbots will be able to understand what we mean, not just what we say. The challenge for programmers with technology available today is that it is very mathematical. A mathematical equation for translating someone’s words into feelings is not possible because there are too many variables and possible outcomes.

Pattern recognition technology, not to be confused with pattern translation, opens the door for AI to be able to “learn” and interpret an individual’s feelings, thus allowing for such a complex translation. Pattern recognition will be a key component for AI technology to succeed.

With IoT and smart machines flooding into the network, a big challenge for ITSM administrators is a lack of resources. The problem is that analysts are still personally involved with too many requests and incidents (one-to-one). For better or worse, we have to face the fact that in the future, human intervention for ANY request or incident (one to one) will not be sustainable. Therefore, we will see many organizations turn to chatbots with AI capabilities as a means to handle front line IT support calls.

ITSM solutions will experience disruptive changes as a result of AI technologies in the following three areas:

AI in IT Service Management

1. Point of Entry (Incident/Request Creation)

AI will ensure information is accurately interpreted before it is entered into an IT Service Management solution.

In a report titled Predicts 2017: Artificial Intelligence, Gartner claims that “Chatbots driven by artificial intelligence (AI) will play important roles in interactions with consumers, within the enterprise, and in business-to-business situations.”

Automated ITSM processes are designed to work when the information provided is accurate. I remember working with an organization that provided a self-service portal for requests and incidents. The online form that the end-users were required to fill out asked if they were making a request or if they are asking for help, which then determined the backend process that would be applied.

Unfortunately, many requests turned out to be incidents, and many incidents turned out to be requests. As a result, the end-user experience was negatively affected as requests and incidents were often delayed or lost.

Until these types of challenges are resolved, IT service management organizations will continue to be reluctant to remove human front line analysts. This is because they fear they might spend more time and money correcting errors caused by miscommunication from an inefficient system than they would spend on supporting the end user directly.

Adding AI technology to chatbots will enable automated ITSM solutions with the capability to interpret incidents and requests accurately. As the technology matures, we will see it improve and personalize the end-user experience in addition to improving the efficiency of the service management solution.

2. Automated Backend Processes

IT service management consists of backend processes that are designed to manage any request or issue entered into the system. Traditionally, requests and issues are entered into the system by an analyst or an end-user through a self-service portal. However, ITSM solutions that are integrated with other systems on the network will be able to detect and automatically open a request or incident without any human intervention.

For example, imagine an ITSM solution is integrated with a facilities management solution that manages IoT devices, such as smart light bulbs. By communicating to the facilities management solution, the ITSM solution would be able to detect that a lightbulb is not working, then automatically open a service ticket, or open an asset request to replace the lightbulb without any human intervention.

Gartner states that “The next big shift is convergence of technology products and services to create next-generation service offerings that will include AI platforms. More specifically, Gartner defines these next generation service offerings as "intelligent automation" services that use one or more AI technologies (such as a cognitive-computing technology platform) as the basis of an offering's core value proposition.”

The power of AI in ITSM will manifest itself through integration with other technologies on the network. For example, integrating an ITSM solution with a solution that provides IT Operations Analytics (ITOA) would enable your ITSM solution to be notified of potential network issues.

Based on patterns, an ITSM solution powered with AI technology will be able to learn as it updates its knowledge database, ultimately improving how it reacts to any issue. In other words, AI will be equipped to remember past experiences so that it can learn from them.

If ITSM is integrated with every system installed on the network, then it will have the ability to see much larger patterns, making it more efficient. For example, imagine the ITSM system that is integrated with an ITOA solution, is also integrated with an IT security solution. If the ITOA solution detected an increased amount of browser crashes occurring on the end-user devices throughout the day, it would report that data back to the ITSM solutions as a potential problem.

The ITSM solution would be able to investigate that issue and cross reference the data with the IT security solution to find any patterns that might explain the anomaly. When the ITSM solutions logs the “problem” it would be able to provide insight, predictions about how the problem will progress, and recommendations about how to fix it.

As we move further into the future, the ITSM solution will be able to automatically correct the issues by working with the other IT solutions it integrates with on the network. No human intervention will be required.

3. Knowledge Management

ITSM solution powered by AI could then look to knowledge databases for answers. If they are not there, they will have the ability to go to trusted knowledge sites in the cloud. ITSM solutions powered with AI will be able to solve problems based on infinite amounts of data, and they will document these findings in knowledge databases that will also be used to support humans, both end-users and analysts.

Knowledge management solutions powered with AI technology will learn by applying “deep learning” techniques.

Deep learning architectures ... have been applied to fields including computer vision, speech recognition, natural language processing, audio recognition, social network filtering, machine translation, and bioinformatics where they produced results comparable to and in some cases superior to human experts.

Knowledge solutions powered with AI technology will change the way end-users ask for help. They will give accurate answers to almost any question very quickly. We live in a world where “instant gratification” has become the norm. We expect the right answer right now.

For me, when I lose my keys at home, I would much rather ask an intelligent Alexa device for help over asking my wife or kids. Why? First, I believe that Alexa powered with AI technology would be faster, providing me with instant gratification. Second, Alexa would not be annoyed with me.

Alexa will not care that I lose my keys several times a week, or that the keys I am looking for are right in front of me, she would just help me.

ITSM knowledge solutions in the future will not only provide answers to our IT questions, these solutions will be able to provide training and tips and tricks for end-users and analysts.

Eventually, much of the knowledge provided by an ITSM solution will be knowledge that was learned by the ITSM knowledge solution, versus documents that were created by human analysts, which are often outdated or not relevant to the current issue. However, until AI is perfected over the next few decades, human input will be vital for ITSM knowledge solutions.

Now, you might be wondering..

The Future of the ITSM Analyst

In the future, human ITSM analysts will be replaced with self-service portals and chatbots powered by AI. Human ITSM analysts will shift their focus to major incidents (one-to-many), problem management, and change management. Over time, human involvement for any ITIL process will continue to decrease. Expect to see IT analysts of the future become much more focused on business objectives instead of IT objectives.

On April 6, 2017, an article was posted on Phys.org titled “Workplace diversity will soon include artificial intelligence,” In that article, Rebekah Hayden writes about Michael Harré (PhD '09), who is an AI enthusiast and lecturer in Complex Systems at the University of Sydney.

There is no doubt automation will change the workforce; and not just for repetitive tasks. AIs are already being used in law and medicine, not only to read and assess documents but to make recommendations, while advances in robotics are allowing doctors to perform surgeries remotely. Soon simple surgeries may even be performed by AI. Despite the pervasive fear that technology will innovate whole careers out of existence, Harré claims believe that people who are flexible and open to learning will continue to be in demand.

Summary

Although ITSM solutions are rapidly evolving, service management will never go away as long as IT exists. However, by implementing AI technology, IT service management will experience a disruptive change that will change the way humans are involved with the service management process. It is also important to note that these disruptive changes will affect all service management operations, not just IT service management.

Eventually, memory and learning capabilities in AI technology will not have a limit to how much they can remember and learn, which is what alarms many “futurists” who claim AI could one day become “self-aware.” However, for simple people like myself, I just look forward to an Alexa that is powered by AI. I don’t want to forget anything before I leave the house anymore, and I need a little help finding my keys every once and a while.

Three Components Required for a Complete IT Asset Management Solution (Part 3 of 4): Asset Intelligence

Wed, 27 Sep 2017 23:21:45 Z

Early in the 1970’s, laws were introduced and adopted to fight organized crime. The RICO Act is well known for bringing down many “crime” organizations. One purpose of the RICO Act was to target individuals who were ordering someone else to commit a crime. With the RICO Act in place, law enforcement agents began to focus on the organization, not just individual suspects.

Intelligence focused on the relationships and connections of people who were suspected to be part of the crime organization. Diagrams and charts were created to give law enforcement a clear view of how the organization was structured. Ultimately, this intelligence was used as evidence to show the role of each suspect in the organization and as a result, many crime bosses were convicted for crimes they had ordered someone else to perform on their behalf.

IT Asset Intelligence

IT Asset Intelligence does not focus on the IT asset. Instead, it focuses on the IT asset’s relationships with other IT assets, IT services, licenses, employees, departments, and business objectives. By focusing on asset relationships, IT administrators gain intelligence which allows them to create diagrams and charts that show a clear view of each asset’s origin, role, and function within the organization.

For example, when applying asset intelligence to a laptop, an IT administrator can quickly identify when it was purchased, why it was purchased, who purchased it, who is using it, who was using it, how it has performed, what software is installed on it, when it needs to be updated, and when it should be returned or replaced. For software, IT asset intelligence establishes an effective license position (ELP) which can help an organization stay compliant with their software license agreements.

IT asset intelligence is achieved through IT asset normalization and IT asset mapping.

IT Asset Normalization

To ensure that the IT asset database is consistent and accurate, it is important to have a normalization process in place.

In a gated Gartner report titled “Market Guide for Software Asset Management Tools,” Gartner defines normalization as follows:

“Normalization is the act of consolidating multiple discovered inventory datasets and other data to resolve duplicated or conflicting information. The primary benefit is an accurate, organized, and categorized inventory across different datasets.”

For example, the first column in this diagram shows raw data as reported from a discovery agent.

Notice that in some entries, Adobe is reported as “Adobe Inc.”, while in other entries, it is reported as “Adobe”.

Vendors are known for creating these inconsistencies across different versions and releases of their products and as a result, IT asset reports might not be accurate. To ensure consistency and accuracy in the database, it is important to have a normalization process in place that will detect and correct inconsistencies.

When choosing an IT asset management solution, be sure the solution offers normalization capabilities.

IT Asset Mapping

Asset management tools need to be able to map asset information from one table to another. The concept is quite simple when you consider mapping a laptop to the person who is assigned the laptop. However, mapping assets is not always as simple as A=B. When mapping IT assets, it is important to be able to use logic.

For example:

If A = B, Then A = F

If A = C, Then A = G

Take, for example, IT asset location; many IT asset administrators want to know where their laptops are physically located, but they do not always have access to that information or the laptop users are often changing their location. However, asset managers probably have information that could help them find the location of the asset.

In this example, IP addresses are discovered along with the laptops, then documented in the asset management database.

If the asset manager knows that IP addresses are associated with a location, such as a building, logic could be applied to map laptops to the building where the laptops are located.

As a result, laptops can be assigned a location in the asset management database, which then enables asset managers to create reports that show the location of each laptop.

Mapping Software to Software Licenses

IT asset mapping becomes much more complicated when mapping software to software licenses. For example, discovered software, such as Microsoft Word could be associated with a license entitlement for Word, or a license entitlement for the Microsoft Office Suite.

Complexity increases when mapping software licenses to software hosted in the data center because licensing models and SKUs for software in the data center are typically complex and are often changed. For this reason, asset management solutions need to be able to map to external sources that contain up-to-date license reconciliation models. Gartner refers to this process as “Reconciliation of External Information.”

“Reconciliation merges normalized data with related information from other, often external, sources. This can include procurement data, vendor SKUs, license and entitlement details, and organizational information.”

“Reconciliation is the act of harmonizing contract, purchase, and entitlement information with normalized inventory data to establish an ELP — the balance of licenses purchased to actual license consumption.”

Mapping to SaaS

When mapping discovery data to software licenses associated with a cloud (SaaS) solution, it is important that discovery tools are able to monitor and document user activities as well as user access to relevant cloud services to establish an ELP. Applications such as Microsoft Office 365 and Salesforce do not leave a footprint on the end-user devices because these software solutions are hosted in the cloud and accessed through the local browser. No software is installed on the end-user’s device.

Summary

IT asset intelligence data is created by normalizing, then mapping IT assets to relevant information. Asset intelligence establishes the relationships that an asset has with other assets, services, contracts, ELP, departments, cost centers, vendors, warranties, utilization, environment, location, and related business objectives. Asset intelligence is a critical component for a complete IT asset management solution.

Other posts in this series:

Three Components Required for a Complete IT Asset Management Solution (Part 2 of 4): Discovery

Mon, 18 Sep 2017 20:12:02 Z

Several years ago, I worked with a large organization that wanted to re-evaluate their cell phone policies. They wanted to see if they could re-allocate some of their cell phone budget to another project. To accomplish this, they created four objectives.

Identify who has a cell phone
Who uses their cell phone
Collect cell phones from those people who don’t use them
Re-negotiate the cell phone contract with the service provider by reducing the amount of cell phone accounts

To meet their objectives, we deployed IT asset discovery tools to collect the data from three separate sources: internal spreadsheets, the organization’s Active Directory database, and the cell phone provider’s account database.

The spreadsheets contained a list of people who had a cell phone, the type of cell phone, and the associated phone number.
Active Directory contained each person’s title, location, and the department where they worked.
The cell phone provider’s database contained account numbers and phone numbers as well as the phone that was assigned to each number.

After the discovery was completed, the organization was surprised to learn the following information:

1. Most people who had a cell phone had more than one phone assigned to them.

Why did this happen?

This was because their refresh cycle policies did not have an efficient process to confirm that older phones were returned back to the organization. Many old phones were finally recovered from the employees’ desk drawers.
The spreadsheet entries only allowed one phone and one number per entry; however, most people were listed several times with one phone per entry, but the same phone number was displayed in each of those entries.
A B2B connection/integration was not established with the service provider, which could have flagged the duplicate entries.

2. Several people were no longer with the organization; however, their cell phone accounts were still active. In fact, one person had been using his phone for six years after leaving the organization. Why? We wanted to know so we called his number. He said, “because it still works.”

Why did this happen?

The organization is very large, and spreadsheets containing people authorized to have a cell phone were not integrated with Active Directory account information nor the HR database, which would have informed those managing the cell phones that a person’s account had been disabled.

When discovery is implemented in such a way that it can document IT asset information from different perspectives and data sources, IT asset managers can cross reference that information to ensure it is up-to-date and accurate. Furthermore, it will facilitate asset managers with the capability to add intelligence to the asset management database, which will be discussed in more detail in the next installment of this series.

Discovery

Collecting IT Asset information is the first component of a complete IT asset management solution. Discovery is how an organization can document IT assets that are on the network. Before a discovery process is implemented, it is important to have a strategy in place for collecting, storing, and monitoring IT Assets. I recommend the following three steps when planning your discovery strategy:

1. Define IT assets that need to be discovered

Define IT Assets that will be managed and added to the IT asset management database. Start by identifying assets that are typically assigned to the end-user such as PCs, laptops, mobile devices, and software. When modeling the asset management database, it is important to understand that assets assigned to end-users are at greater risk for being lost, stolen or misplaced. Network devices such as routers, switches, and printers will need to be documented, but will probably not require “monitoring” from the asset management database.

2. Identify IT assets that need to be monitored

Discovery is not the same for every IT asset. Some assets need to be re-discovered or updated every day (i.e., monitored) while others might only need to be updated after a change process (i.e., unmonitored.)

Monitored assets will generally be the devices controlled by the end-user like a laptop or PC. These assets are usually at most risk for security attacks. Monitored devices generally need a service or client that runs on the device. A monitored device needs to be able to report changes quickly and automatically.

Servers and their associated applications should also be considered for monitoring; however, many organizations do not like adding agents to critical servers. At a minimum, IT asset managers need to have the ability to perform discovery in the datacenter for software. Be advised that agentless discovery solutions are available for the datacenter.

Remember, software is an asset and needs to be monitored for changes. If software is not monitored, the organization will be at risk with regards to their software licenses. Furthermore, documenting software assets can provide important information to the security team with regards to older, outdated software and operating systems that might be vulnerable to cyber-attacks.

Unmonitored assets would typically be devices that support the network infrastructure such as network printers, routers, and switches. When these devices are changed, they should be changed using a “change process.” Make sure that change management processes include a task that will update the asset management database after the change has been completed to ensure IT asset information is up-to-date.

3. Choose asset discovery tools that meet the requirements

Discovery tools use several different strategies to collect asset information. Be sure to consider discovery tools that can document information provided by network directories or third party databases.

Also, discovery tools that support a variety of discovery methods, such as ping sweeps or discovery through network management protocols like SNMP will help ensure that every asset touching the network is documented. Finally, discovery tools should be able to access data from XML files, Excel files, delimited-ascii files barcode scanners, and in some cases RFID scanners.

Discovery Services for the Data Center

Accurate discovery is critical for managing and calculating software license positions in the data center. To build effective license positions, discovery tools need to discover across multiple vendors such as IBM, Oracle, and Microsoft.

Data center discovery features should have the ability to collect hardware and software records from any data center environment, including but not limited to:

Windows
UNIX
Linux
HPUX,
AIX
Solaris
All Hypervisors and servers in the cloud

Be sure to choose data center discovery tools that include the following:

Ability to accurately interpret Hypervisor processor and core usage in all environments
Ability to map servers from Cluster – Host – Hypervisor to create a full relationship view of the estate
Ability to map dependencies of servers and services across all software

In the next installment of this series, I will discuss the importance of adding intelligence to your IT assets.

Other posts in this series:

Three Components Required for a Complete IT Asset Management Solution (Part 1 of 4): Six Common Objectives

Mon, 11 Sep 2017 17:55:52 Z

If you were to build a fence around your house to keep out the wild animals, it would not make sense to leave a portion of that fence incomplete. In fact, any gap in your fence would invalidate the purpose of the entire fence. A partial fence would not make sense, much like a partial IT security solution would not make sense. Without a complete security solution, you really don’t have “security” at all. When it comes to IT asset management, many organizations continue to operate with a partial solution.

IT Asset Management does not have the same meaning for everyone

I have come to learn from my years of experience working in technology that IT administrators often interpret terminology differently. For example, the word “security” can be interpreted several ways. For some administrators, the word security means virus protection and encryption, for other administrators, it’s about firewalls, secure authentication, and physically securing the assets behind a locked door. The reality is that all of these interpretations are correct and need to be applied when building a complete security solution.

Much like security, IT asset management has different meanings for different IT administrators. For some administrators, asset discovery is asset management. For others, asset lifecycle tracking using bar code scanners is asset management. So, what is a complete asset management solution?

Understand your asset management objectives before you define your asset management requirements.

Although every organization will have unique requirements for their asset management project, there are some common challenges that every organization faces when managing IT assets. To understand the components required to build a complete IT asset management solution, let’s begin by analyzing the most common IT asset management objectives shared by most organizations.

Common IT Asset Management Objectives

1. Control IT asset inventory

Although it is important to collect IT asset inventory information, it is just as important to control asset inventory so that software and hardware assets are not added to the network without the knowledge of IT asset managers. Without controls in place, IT asset reports might not reflect everything on the network. This can be an expensive mistake if software is not in sync with software license entitlements. Furthermore, IT assets that go unnoticed introduce a security risk to the organization.

2. Control IT asset costs

By controlling asset inventory, asset managers are able to control costs by avoiding unnecessary hardware and software acquisitions. When asset managers see all their assets, they are able to map the asset to the features it provides. Many organizations purchase IT assets not knowing that their requirements can be met by existing software and hardware assets that have already been acquired.

IT inventory management helps organizations manage their systems more effectively and saves time and money by avoiding unnecessary asset purchases and promoting the harvesting of existing resources.

3. IT asset budget planning

IT asset managers might not be directly involved in the organization’s budget planning meetings, but in reality, they provide critical information required for building an efficient budget.

Dr. Barbara Rembiesa, President & CEO of IAITAM addressed IT asset managers stating that "Regardless of your specific role in budgeting, we are responsible for how IT Asset Management is viewed by the CIO, the CFO, and all of the other executives leading teams that use IT services."

It is important for asset managers to provide accurate asset information through business value dashboards to the organizations’ executives. This information is required to create a budget that can properly support IT requirements needed to support business objectives.

Dr. Rembiesa went on to explain that “Unless presented with information about the value delivered as well as the costs of executing the management of assets, executives are left to draw their conclusions without sufficient information.”

4. Software Asset Management (SAM)

I have not met an organization that does not want to track the software licenses they own, so this objective is something every organization is looking to do; however, without the proper tools, many organization struggle with keeping the software information up-to-date.

Gartner defines SAM as “a process for making software acquisition and disposal decisions. It includes strategies that identify and eliminate unused or infrequently used software, consolidating software licenses or moving toward new licensing models”

It is important to know how many licenses you have and how many licenses are used. Without this information, it is not possible to make intelligent decisions regarding software acquisitions and software renewals. Also, without a SAM solution, an organization could be at risk for unexpected costs if they are audited by the software vendor.

5. Lifecycle Management

It is important to know what assets you have, where they are, how they’re used, and how they perform, so that better decisions can be made during any lifecycle stage. For example, IT administrators should be able to see how many PCs were ordered, how many of those PCs arrived at the loading dock, how many PCs are available, and how many PCs are up for a refresh. This is accomplished through a lifecycle management process.

6. Security

Asset management on its own is not a security solution; however, it does play an important role in an organizations overall security strategy.

Many organizations have recently been hit with ransomware attacks such as WannaCry. On March 14, 2017, Microsoft released a critical patch that protected IT assets from WannaCry ransomware; however, on May 12, 2017, at least 230,000 computers in more than 150 countries were paralyzed by the ransomware. Why? Many organizations that were hit with the ransomware were running unsupported operating systems like Windows XP and Windows 2003, which Microsoft no longer supports.

Asset management reports can help security teams identify older outdated software and hardware that puts an organization at risk. This information is critical when fighting against ransomware attacks such as WannaCry, which targeted outdated operating systems that are still running on many networks today.

Components Required to Satisfy Common Asset Management Objectives

There are three key components that every IT asset management solution should have in order to meet these common asset management objectives:

1. Discovery

Ensures It assets are discovered and documented
Provides insight to security managers showing them older, outdated systems and applications. This is important when determining risk to the organization

2. Asset Intelligence

Normalizes IT asset data for accuracy which is needed for software asset management and IT asset reports
Maps IT assets to other IT assets, to people/owners/cost centers, and to supporting resources such as contracts, warranties, and software vendors

3. Asset Lifecycle Management

Provides automation to help enforce company procedures in addition to automating business processes.
On-boarding and off-boarding users
Inventory control and cost control – also important from a security perspective
Provides notifications to asset managers about upcoming warranty expirations, software renewals, and changes made to IT assets

In the next installment of this series, I will explore the first component of a complete IT asset management solution: Discovery

Other posts in this series:

WannaCry? How IT Asset Management Will Help You Avoid Ransomware Attacks

Fri, 19 May 2017 17:59:25 Z

Prior to installing a home security system, a discovery process must take place to evaluate all vulnerabilities around the property. No matter how good a home security system is, it is worthless if you do not secure every window and door.

When securing IT assets, a discovery process must be performed to find and identify all IT assets that need to be secured. However, IT assets are often lost because they are changed, updated, relocated, or refreshed. For this reason, IT asset management is critical to your security solution.

1. Do you wanna cry?

On March 14, 2017, Microsoft released a critical patch that protected machines from this type of attack. On Friday, May 12, 2017, at least 230,000 computers in more than 150 countries were paralyzed when Wannacry went into action.

What happened? Organizations that were running unsupported operating systems like Windows XP and Windows 2003 were at risk because Microsoft was no longer releasing updates for those operating systems. To stop the crying and protect organizations that are still running older versions of Windows, Microsoft compassionately released a patch for the older, outdated operating systems.

2. Do you wanna know what’s wrong?

Unfortunately, many organizations were hit because they were not current with their patch updates. For those that did not make patching a priority, they now know to reevaluate their priorities. However, many organizations continue to fly blind when it comes to tracking their IT assets.

Throughout history, generals and commanders at war have spent countless hours and days evaluating maps to understand the battlefield. They use this knowledge to gain an advantage against their enemies. Maps provide a view of the landscape along with all its obstacles. When at war, it is vital not to be surprised by the enemy. Without a map, generals and commanders would be fighting as if they were blind.

IT asset reports are much like a map, they provide a vision of the battlefield. When IT can see everything, they are able to see obstacles that are putting the organization at risk. In other words, they are able to see all assets that could be vulnerable to a ransomware attack such as older, outdated operating systems and applications.

For those organizations that do not have reliable asset reports, be advised that you are fighting a battle without a reliable map.

3. Do you wanna fix it?

It is important to understand that security starts with discovery.

To apply security policies to IT assets, security solutions must see the asset. Many organizations pay little attention to the importance of discovery services and the discovery database. They view it as a necessity to their security solution instead of a critical component.

I propose that IT asset management is the most critical part of any security solution. Discovery services need to be 99.99% reliable when it comes to discovering and documenting IT assets. Anything less is too much risk.

If you left one window unlocked in your home, it would not matter that the rest of the windows and doors were locked. Everything must be discovered for complete security. Be sure to choose reliable discovery solutions if you want to ensure your network is secure. An undiscovered device is like an unlocked window.

A reliable asset management database will not only provide your security solution with all the IT assets that need to be compliant, it has the ability to provide data to other systems that require asset information such as your IT service management solution or procurement database.

4. Do you wanna be happy?

Organizations that do not have asset management alongside their security solutions might be surprised by something they did not see. I would not be able to sleep in my house knowing that a door was left unlocked. However, when I know that all doors and windows are secure, I sleep much better.

If you want to reduce the stress that WannaCry has caused IT managers around the world, get a map. In other words, be sure to have a complete and accurate view of every IT asset on your network. Be sure to have policies in place to track updates and changes to IT assets.

If you don’t start managing your assets using ITAM principles, you might do a lot of crying when a message appears on your screen informing you that your data is being held hostage unless you pay the ransom. Don’t be surprised by an IT asset that you did not see.

Confessions of a Software Auditor (Pt. 2 of 2)

Thu, 30 Mar 2017 15:15:25 Z

The storm continued to rage outside when I met with the software auditor again. After I reviewed my notes from the previous meeting, I looked up to see him staring at me, but he wasn’t really looking at me, he was somewhere else, lost in his own mind.

I was surprised when he broke the silence. “Do you believe that software auditors are experts for every software product they audit?” he asked me while he stared out the window.

I responded, “I would assume they have to be experts.” He then looked me directly in the eyes and said, “I remember completing an audit for Adobe, then delivering a bill to a customer for $2.8 million.” “Wow!” I said in disbelief. “But they never paid that bill,” he said, “because they hired an expert who uncovered an error I had made, which allowed for local unbundling of Creative suite.” He explained, “Executable data I used for the audit erroneously identified huge liabilities for standalone software such as Photoshop and Illustrator.”

He told me that the software license expert hired by that organization spent two days optimizing the compliance position of the organization through manual suite wrapping, and as a result the final bill was reduced to $70,000.

“It is a huge mistake to take on software auditors without the proper expertise” he said. “It would be like representing yourself in a court of law after being accused of a crime” he explained.

It was clear to me that no organization should accept or pay a software audit bill until they have their own experts review and evaluate the results. Throughout the evening, I learned so much. For example:

Did you know many software companies do not have license keys deliberately, so it’s easy to copy and proliferate, which becomes a sales opportunity for the software vendor?

Did you know most software vendors have incomplete records of software resold or distributed through their reseller channels?

Did you know if a third party wants to audit your use of a vendor’s products, the third party may not always have the contractual right to do so?

Did you know some major software companies have licensing “policies” that cannot be contractually enforced?

“Are mistakes often made by software auditors?” I asked.

He scratched his chin, then said “It’s only a mistake if someone identifies a mistake.” He then told me that he had performed hundreds of audits, and in his eyes they were all accurate. “But as you can see,” he said, “I have made mistakes.”

He then said something that stuck in my mind for a long time after our meeting. He said “I am only aware of the mistakes that were pointed out to me by software license experts, but most organizations just take my word for it, so I am not quite sure if I have made similar errors in other audits.”

The auditor told me that when he was starting out, he billed an organization for $1.5 million after he performed an audit for Microsoft that was, in retrospect, sub-optimal. He said he neglected to take into account legacy licences that could have been applied creatively to cover individual instances of server software. In addition, he presented the shortfall to the organization as a processor licence requirement, when in fact the existence of CALs meant that an optimum position could be reached with minimal spend on server licences.

Lucky for that organization, they had their own licence expert to assist them, and as a result the auditor’s bill was reduced from $1.5 million to $10,000.

Regarding Microsoft, I learned the following:

Did you know changes in licensing for major products such as, SQL Server and Windows Server mean that an accurate picture of your hardware estate is essential to ensure compliance when migrating to the latest version? Customers with Software Assurance maintenance that don’t have an up-to-date breakdown of their estate could be liable for additional license charges

Did you know the same products may have different licensing rules depending on the agreements with which they were originally purchased? Geographic restrictions, differences in available downgrade rights and license transfer rights might affect compliance for companies with a large global footprint.

Did you know Microsoft does not track their customers’ licensing positions and their VLSC portal is available as a record of initial purchase but is not considered by them to be an asset management tool? Customers are expected to keep a record of their own licenses, including Retail and OEM purchases, license transfers through acquisition and divestiture and non-standard agreement terms for review in a potential audit.

Regarding Salesforce, I learned the following:

Did you know it is not possible to mix Editions of Salesforce subscriptions, meaning that a great deal of functionality is unused (due to companies overestimating requirements)? However, lower Editions of force.com licenses can be mixed with higher Editions of Sales Cloud and Service Cloud, creating optimization opportunities.

Some discovery tools are able to monitor activity for cloud solutions through URL tracking, enabling companies to better understand their actual feature usage.

Regarding Attachmate, the auditor asked if I knew the following:

Did you know that Attachmate products have undergone a number of name changes, often causing confusion over a customer’s right to use software?? Attachmate’s “Authorized Alternatives” policy allows customers to retain legacy software through complex ‘downgrade’ rights.

Did you know agreements often contain a mix of concurrent and non-concurrent licenses, meaning that ring-fencing concurrent devices/users is critical to managing compliance accurately?

When my meeting with the auditor concluded he stood up, put on his coat, and disappeared into the storm. I was never to see him again but I am sure to this day, he is out there hunting for organizations that are not investing properly in software optimization solutions.

My Conclusion

A Software Optimization Solution will help organizations that do not fully understand the install base of all their commercially licensed products. Furthermore, it helps organizations that do not have a way of determining and optimizing usage of the software products they license.

What is the benefit to organizations with the right software license management tools along with the proper expertise? It gives organizations the ability to have a complete view of all software across the whole organization and the ability to reduce their licensing costs while empowering them for better vendor negotiations. This type of information will help organizations reduce the number of legacy licensing models while providing them knowledge for better planning when it comes to their future upgrades and new technology acquisitions.

Most important, organizations should never accept the results from a software audit without hiring or retaining their own experts to verify any results provided to them by the software auditor.

Be sure to check out Part 1 in this series: Confessions of a Software Auditor (Pt. 1 of 2)