What are some ways you get ahead of software requests from business units that fund their own software initiatives?
This is the first organization I have worked with where BU’s fund their own initiatives. I’ve been asked to make a presentation to the IT Steering Committee about how the ITAM team (of four, two focused 100% on hardware) can get ahead of software requests.
In the past, this has been easy as I managed the new initiatives funding. I don’t have the headcount to offering my team as administrative staff to set up meetings with vendors, and get paperwork through the legal, infosec and procurement teams. How have you aligned your ITAM team more closely with business units and their software initiatives?
2 Likes
If you don’t have within your ITAM program a software catalog with governance around it, then defining those that are trust centric or threat centric is worth considering. The point being it matters less about the funding and more about if the new software being introduced provides benefit without duplication from others already authorized and approved. Simple example, a department wants a drawing program. What if there are already 5 drawing programs deployed, with software agreements that do nearly the same thing? Introducing a 6th one leaves you with less leverage to negotiate down the rates on the other 5. there are more reasons to standardize (assuming the request duplicates those capabilities already authorized and deployed
A process might start as a check to see if the capabilities of the software they desire already exists, a review by security, architecture, etc to ensure it aligns with and offers benefit to the company. I’m over simplifying but hopefully this makes sense in that you’re building a program to govern the companies software assets. Creating this governance also aids your security department to ensure reviews are conducted that the software doesn’t pose threats, and architecture to ensure it doesn’t cause conflict with other programs and so forth. It will take time to build out, putting in controls, policy, etc but worth it in the end.
Happy to dive further into details if you have questions.
2 Likes
Hi mlemelin!
Welcome to the Forum! Your question is actually pretty common from what I see. Small teams like yours are often not in a position to be empowered or staffed to support every initiative in a seamless fashion.
I echo Bryant - there are a few ways to go down this road, and he laid out a few strong topics and I want to posit a few more.
First Policy - the Asset manager doesn’t always need to own every action to obtain, deliver, and manage every bit of software or hardware in the organization. Asset management programs are strongest when they have a distributed architecture – Having a single standard be established for the entire company that all are expected to follow is powerful. Put another way, be the one to set the corporate policy (with input of course) and hold other teams to the standards, but don’t do their work for them. It’s pretty common that these self funders don’t really understand the ball of wax that they might be getting involved in - and the risks and costs for the organization. They made a process for themselves long ago, and momentum keeps it moving. Changing the overall corporate expectations so that the self funders to follow the policy will involve having some executive buy in - and there are both carrot and stick options available. To Bryant’s point - you could partner with Security blacklist and whitelist specific titles / versions to help reduce some of the risk. Or you could find ways to leverage this to consider if you do want to take on the work, how you would necessarily have to get the internal support & team to take it on. This is optional - you don’t need to do every task yourself.
Once you get past policy - we can look at best practices. For instance, it’s pretty likely they’re not actively reclaiming licenses purchased from folks who left (the department, or the company) or from lack of use. Its quite reasonable to conclude that the company is overspending on specific titles/publishers based on this – not to mention the complexities of say versioning – as not all versions are supported and they may or may not also be following relevant upgrade rules.
Another option to discuss is the Finance side. The procurement side of the house may realize that there are savings to be captured by moving these guys away from purchase cards, expense reports, or individual POs and into a designed solution. Volume purchasing discounts are real, and may help add weight to this. If you can determine what some of the leverage points are, you can try to design the rules & policy to follow to protect the business without taking over their entire license request/fulfillment process. Then push them into a system that’s repeatable and has guardrails. That will help reduce risk, and also show others the value of ITAM, and support the good work you’ve already been doing.
As Bryant also said, feel free to respond, or ping me directly if you have deeper questions.
James
2 Likes
Thank you Bryant and James, this has been incredibly helpful.
I am about at the 90-day mark in this new role. A Software Catalog is in progress and we plan to make that easily available outside of SNOW to help guide user requests for software. The catalog will also include non-approved software and the reason for blacklist to ease future requests. While I am struggling at the moment to find the right categories for software, we will include categories and hope that filters the 3000+ applications down to a point where I can find duplication and work on consolidating tool sets. (I’ll have to post on that separately sometime soon).
Procurement has agreed to alert ITAM to any software requests which is progress but by the time the request has reached procurement, they’d already fallen in love with the tool.
While my nature is more librarian who prefers to putter in my databases, I have resolved to become more visible and vocal about software trends and tooling, and made myself available as a resource to some of the high offender teams in terms of the experience and research and I offer them in terms of making software decisions and negotiating terms.
Here’s hoping.
1 Like