David Foxen has years of experience in IT Asset Management and a track record of saving companies millions of pounds through implementing and maturing successful ITAM functions. He is a founder of SAM Beast consultancy agency. He shares his passion for ITAM via live LinkedIn and Youtube stream. We talked about SaaS, IT Security, and why ITAM should look more towards the future.
As you mention on LinkedIn you love ITAM. While no one argues about the importance of ITAM few people get really excited about it. What do you love about ITAM?
For me ITAM is the best thing on the planet. I’ve never done anything else in my career but I love it because I truly believe in the value it can bring to the organizations and all the stakeholders. Think about infosec for instance. ITAM helps there immensely by identifying legacy hardware and software that is reaching the end of life. We can help with procurement and budgeting. There are so many areas we can help with. Then you have other things coming in now such as FinOps. We can use ITAM in relation to FinOps to save money. You can do gap analysis and report and you can quickly see that you are saving money. ITAM is definitely not boring! It is awesome!
What is the biggest Value ITAM brings to the organization?
Traditionally it has been financial optimization and legal compliance but with the recent events, ITAM brings a lot more continuity and stability. Remember how things looked when the COVID pandemic hit: Everyone grabbed whatever hardware was available and started working from home. And now everyone is like where is everything? In this environment, ITAM brings control and visibility all through the lifecycle. That is key now. ITAM is now supporting business and playing a much more proactive role.
Perhaps the biggest ITAM revolution in recent memory came with the dominance of SaaS. One of its perks is making it easier for end-users to purchase the software. On the flip side, this might quickly get out of control for IT. What are the biggest challenges in managing SaaS?
Back in the day, you could end up with a huge estate and hardly any licenses. SaaS helps you keep your IT estate legally compliant. You still need to look for account sharing but being legally compliant got easier with SaaS. From a compliance perspective, it also helps that the vendors have their portal. If you don't have the ITAM tool you can at least check the portal. You have no excuse now to not optimize your SaaS spending.
On the flip side, the cloud environment is tricky to manage. Hence the rise of FinOps. You still need to be aware of configuration even with cloud to make sure you save costs and optimize it properly. Cloud-first organizations are now looking at how to purchase software through cloud platforms. The procurement of software is thus rapidly changing. ITAM needs to be savvy and understand the changes.
Another thing to think about is shadow IT. If you start investigating all the company expenses, suddenly you experience a wow moment when you realize there is a lot out there you don’t have a handle on. One way to get more control is to introduce a process when all users requesting new software go through your ITAM team. Don’t act like software police but explain to them why you are doing this and how it helps the whole company.
Part of your work is consulting companies on the matter of ITAM software. When should an organization start considering investing in an ITAM tool? What is the threshold when a company can’t do away with a spreadsheet anymore?
Well, Excel is still the most used ITAM technology in the world. Even if you have a fantastic ITAM tool you will still use Excel for some parts. There are some triggers that start the move from a spreadsheet, the usual one being external or internal audit. I’ve seen companies using spreadsheets with 10 000 lines. However, there is no specific threshold really. It Is more about how seriously does the team takes ITAM. Usually, at a certain point, they start realizing that there is concrete ROI to implementing the ITAM tool. Because - as is the case in other fields - the money talks and ROI is the best argument you can make for implementing the ITAM tool.
Where does the ITAM ROI come from?
First, there are hard savings you get through software and hardware reharvesting or SaaS reharvesting. Then there is a significant amount of time you free up when you no longer have to work in spreadsheets. And third, you improve the lives of your stakeholders. You see everyone is a customer of ITAM. If you have a laptop you are a customer of ITAM. Hence the importance of always having your end-users and other stakeholders in mind.
ITAM is a huge discipline. It might be a bit overwhelming for companies just starting with it. When introducing ITAM to the company where should I start? What are my first quick wins?
Typically, I do gap analysis and maturity assessment. I have a look into controls and the processes. But if you are searching for a quick just look at your Microsoft365 usage. Get a report from HR, get a report from Microsoft365 usage. And through this simple analysis, you will see that you have a significant gap in the costs. This way you will prove value quickly.
Another important thing when starting is to engage with all stakeholders. Get the calls arranged. Introduce what you would like to do with ITAM. What benefits ITAM can bring to their lives and their part of the organization. Build those relationships. You can’t put a price on that.
Also, do quick talks with end-users. Show them the value: We save this amount of money and have a new process for this. Etc.
IT Security is one of the most discussed topics today. How can ITAM contribute to IT Security?
Lots of organizations are throwing money on security while ITAM is sitting there having just a spreadsheet. Infosec is one of the biggest stakeholders for ITAM and there are a lot of synergies. In regards to software, ITAM approves software to use and provides infosec with info about what is actually being used in the company. We can also pinpoint legacy software.
Also, there is an opportunity to get infosec involved in net new software coming into the organization. If someone requests a new piece of software you are not familiar with, have infosec to review it.
As for hardware you can report them unsupported hardware reaching the end of life. You also want to cooperate with them on the process for hardware reaching the end of life: Destroying it in a way that leaves no forensic evidence behind, making sure data are removed before you send it off site. On the flip side, infosec can help us too. For instance, they can help us identify shadow IT.
You made it quite clear that you find great satisfaction in ITAM. Where do you see ITAM going forward?
ITAM traditionally looks backward. What I would like to see ITAM doing more is looking forwards. Instead of looking backward and blaming people for bad audit results It should be proactive and understand what is up and coming in the organizations. We are moving to the cloud? How can we help with that? How can we reduce the costs? I can see that a server is only being used a couple of minutes per day. Knowing that we can make sure it only consumes the appropriate amount of cloud capacity and save money. We can see the price increases. Let’s price lock the application. We can be proactive with renewals. Etc.
We can’t change the past and fix it but we can fix the future. In other to do that you need to speak to your stakeholders and figure out how you can help. We really need to shift the mentality towards the future.