One of our editorial focuses for September is building the business case for ITAM. How do ITAM teams extend their reach within their organizations, build trust, and win the support (and budget) of the board?

Expanding on their presentation at Wisdom EMEA 2022, Brandon Smeets from Canon and Johan West from The ITAM-Unit delve into this very issue. Given how long the article is we have decided to publish it in two parts. Look out for part 2 dropping next week.

“All of the above!” – How to build the business case for ITAM

Introduction

Starting out as a discipline centered mostly around properly counting licenses and worrying about compliance, Software Asset Management (or dare we say IT Asset Management, or ITAM) has evolved lightyears beyond its original scope. Today, ITAM aims to facilitate other disciplines within the organization (both inside and outside traditional IT boundaries), potentially becoming the true ‘one stop shop’ of real-time information to base (critical) business decisions on. But that is easier said than done.

In the past you could build the business case for ITAM fairly easily around the sole purpose of license management and IT asset management, with a focus on cost savings, cost avoidance, risk mitigation, and visibility on where IT assets are physically located. But was it really a business case or just a short-term assignment fed by low hanging fruit alone? Nowadays the scope of ITAM has become much broader due to the rapid development of cloud initiatives (including its subscription models) and the increasing importance of IT sustainability and security. This forces ITAM practitioners to upgrade their approach from being a cost saver to representing a value-adding discipline within the organization. Many opportunities lie ahead, but where to start and how to build the business case for these extras? In the past years, we’ve seen that a successful business case for expanding ITAM is built on four fundamental pillars that each play an important role in building the ITAM program beyond license compliance. Let’s address them one by one.

1.    Audit Defense & Compliance

The first pillar is built on the Dutch phrase ‘meten = weten’, which stands for to measure is to know. Most organizations have thousands of end-users and related IT hardware, both physically as well as virtually. This requires IT asset managers to know what is where (and who owns what) and more importantly get visibility on software and application existence and usage. Doing this proactively optimizes the IT asset spend and at the same time provides you with a proper license compliance position. However, many organizations struggle with this as it is not easy for them to achieve the required visibility. Without the right number of resources and proper tooling there are simply too many vendors, systems, or end-users to track.

This is also recognized by the software vendors, to which they respond with audits, ‘friendly’ license reviews, license optimization initiatives, etcetera. Of course, all with the sole purpose of helping you as a customer and bringing world peace. Yeah, right.. More to the point, such audits and reviews are just initiatives to drive more business and sell their most expensive products which you actually do not require. Or at least, that is what we’ve experienced in the field. Furthermore, these audits cost hundreds (or sometimes even thousands) of hours from internal resources that will be unable to contribute to the organizations or your ITAM Program goals. Basically, it is a waste of time (resources) and therefore, a proper audit defense strategy is key. By developing a standard approach and aligning it with senior management you can work towards a situation where audits are something of the past, allowing you to invest your valuable time in real value-adding initiatives.

2.    SaaS Governance

Various studies have shown that organizations are adding new SaaS offerings to the enterprise every week and only a limited part is directly managed by IT. Acquisitions are easily made via a company credit card and the software is easily available and accessible for end-users. You can simply buy the software and be up and running within minutes instead of waiting for IT to fulfil your service request. Although this presents huge business benefits, it also increases the risk of shadow IT and thus also raises big security matters. We spend millions of euros on SaaS initiatives, but why not on managing these millions and related applications, or in other words on SaaS governance. This not only can actively save costs, but more importantly, can help reduce the potential security risk that comes with unmanaged SaaS applications.

In order to make the business case to address this problem, it is recommendable to look at various non-IT related departments and determine the use of SaaS applications. Ask your colleagues how they acquired the product(s) and on whose budget the consumption should be. Is it only for your department or can others make use of it as well? Is it GDPR compliant? How secure is the data and application? Maybe you easily detect shadow IT or recognize some interesting cases where budget disappears as easily as the snow on glaciers in the summer. Gathering such examples can help you formulate the pillar of SaaS governance, whose importance is growing as fast as it is being acquired by organizations.

In part two (now published here), Brandon and Johan explore ITAM’s role in supporting sustainability, as well as the power of ITAM data to help other parts of the business make more informed data-driven decisions in areas such as cyber security and reducing overall tech spend. Click here for part 2 of “How to Build the business case for ITAM“.