How to Use the New ITIL 4 Guidance to Get Your Asset Management Under Control
IT Asset Management (ITAM) is the practice that helps your organization manage, control, and protect its IT assets and the IT services that use them. Done well, ITAM will help your organization increase value, support decision making, control costs, and effectively manage risks. To help, this blog considers the new ITIL 4 ITAM guidance and how to use it to improve your ITAM practices.
This blog by @Joe_the_IT_Guy considers the new ITIL 4 ITAM guidance and how to use it to improve your #ITAM practices. #ITIL4 Share on XUpdating your ITAM scope
ITAM isn’t just about hardware or software, and the new ITIL 4 guidance reflects this. When setting the scope for your organization’s ITAM capabilities, you’ll need to consider networking, cloud-based services, and client devices in addition to corporate hardware and software. For example:
- Network infrastructure – routers, hubs, and switches
- Cloud services – Software As A Service (SaaS) offerings such as Office 365 or G-Suite, Platform As A Service (PaaS) offerings such as Microsoft Azure, and Infrastructure As A Service (IaaS) offerings such as Amazon Web Services or Google Compute Engine
- Client devices – employee personal devices that can access company systems and information.
Building and maintaining your asset register
The asset register is a vital step in keeping track of IT assets, and the ITIL 4 ITAM guidance acknowledges there are multiple ways of capturing this information. For example, by using network discovery software, physical asset audits, or capturing asset information during routine IT support tasks.
Here @Joe_the_IT_Guy shares some ideas on how to build and maintain an accurate IT asset register. #ITAM Share on XHere are some ideas on how to build and maintain an accurate IT asset register:
- Build ITAM needs into existing working practices. For example, supplier specialists updating the ITAM tool with contract renewal dates or the change enablement practice building ITAM questions into the change approval process.
- Recognize that ITAM only works well when teams collaborate and work together. For example, by working with other ITSM practices such as the service desk, configuration management, financial management, release management, and supplier management to agree on asset naming conventions and data capture protocols to prevent having conflicting or outdated information.
- Use existing data sources and lean into automation. Your ITAM application may have a discovery tool to report what software is installed in your environment. Your remote support tool may report on IT assets that are connected to the network. The procurement team will have details on which IT services have been purchased. Use the ITIL 4 principle of “start where you are” (or, in this case, use what you already have) to identify what assets make up your IT environment.
- Use standardization to keep the asset data as accurate as possible. For example, by agreeing on reconciliation keys, naming conventions, and data synchronization practices.
- Another ITIL principle that relates particularly well to ITAM is “focus on value.” When running an ITAM practice, it can be tempting to try to capture information for all your assets at once, and if you use a discovery tool, it’ll provide you with an extensive list of assets. Discovery tools are hugely beneficial in identifying and collecting information about IT components, but if you attempt to manage everything at once, you risk your practice becoming bloated and unwieldy. Instead of trying to manage “all the things,” focus on your most important assets – the building blocks that make up your most mission-critical services. You can always go back and increase your scope as your practice matures.
Running your ITAM practice as a live, ongoing practice
Too many ITAM practices fail to deliver value because people treat them as a “one and done” deal. The reality is that ITAM is a living, breathing practice, and it needs to be treated as such to keep asset information up to date and licensing practices under control.
Here are some ideas to get you started here:
- Schedule regular reports so that you can reconcile assets with their owners.
- When designing approval workflows for service requests, include the ITAM system so that requests can be raised, approved, and reconciled against live asset information.
- Work with the service desk and support teams to build ITAM tasks into routine support activities. For example, having service desk technicians check license or asset tag information when logging incidents and service requests.
Managing cloud-based assets
One of the ways ITAM can demonstrate business value is by effectively managing cloud-based services. For example, by having a workflow for managing virtual assets so they can be tracked and managed. It’s essential to make appropriate provisions for cloud or SaaS-based licensing structures to prevent “cloud sprawl” or accidentally becoming under-licensed. It’s easily done; a colleague could download the same app across multiple devices – for example, their work phone, personal phone, and a tablet – and, suddenly, one person has taken up three licenses. So, please check the rules when moving to cloud-based suppliers.
When adding cloud-based assets to your ITAM tool, the type of information you’ll need to capture will be more service-oriented rather than the traditional name, serial number, and date of the last service.
Some potential details to capture in your ITAM tool include:
- How the service is accessed, for example via a web browser or app
- How the data is stored
- How the cloud service provider will keep the data secure
- How maintenance and change activity will be managed
- How costs will be monitored
- How licenses will be managed
Client assets and support for BYOD
One of the most valuable parts of the updated ITIL 4 guidance is the support of client assets or “bring your own device” (BYOD) approaches. With employee use of personal devices at work, there comes the risk of what happens to company data if something happens to the device. Thankfully, the need for good data practices and cyber resilience is well-publicized, and many organizations are managing their knowledge and data as an IT asset.
Some things to consider when extending your ITAM practice to cover client assets include:
- Engaging with the end-user community to agree on an acceptable usage policy that is agreed upon by all
- Having processes and safeguards in place to manage company data on mobile devices
- Using mobile device management (MDM) tools to manage devices with company information on them
- Ensuring there’s the ability to wipe devices remotely if a device is lost or stolen
That’s my take on using the new ITIL 4 guidance for ITAM. What would you add? Please let me know in the comments.