NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 CIO BlackBerry News and Tips
 CIO Research and Analysis
 CIO Microsoft
 CIO Insider
 
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

 


Thu, Jun 28, 2007 10:31 EDT

Overcoming Blind Spots that Curb CIO Accountability

Topic: IT Organization Management

Current Rating: 5 Comments: 5

Simple IT Blind Spots Can Derail Even the Most Strategic IT Department

As IT departments evolve into larger, more sophisticated, and more strategically relevant divisions within organizations, expectations of business alignment and accountability for every IT dollar and decision swell within management ranks. However, this breakneck pace of change can cause even the most savvy CIO to lose sight of the very fundamentals of accountability that enable strategic-level success in the first place.

Consider this litmus test: Your CFO requests answers to several questions; can you deliver answers in 30 minutes or less?

• Is all of our software legally licensed? If audited by a software vendor, would we be at risk of prosecution?
• Are employees running applications that represent security threats?
• How many of those expensive CRM licenses purchased last year are actually being used?
• Will a migration to Vista require major new investments in hardware?
• If a business unit were wiped out by a flood, how would we know what hardware or software assets were lost?

If you can’t confidently answer questions of this nature, your organization is at risk either legally or financially. This is where bad things suddenly happen to good IT people – people who have the strategic interests of the enterprise at heart, but lack the comprehensive insight into the network assets and utilization needed to eliminate critical blind spots and avoid catastrophe.

As with driving an automobile, eliminating the blind spots means adjusting the mirrors and looking at things from a different angle to see what is not ordinarily apparent. CIOs must secure resources for IT asset management (ITAM) processes and auto-discovery tools that will provide much-needed visibility—and therefore control—over the inventory and usage of IT assets. With such tools in place, not only can IT departments more effectively avoid nasty surprises, but they can also free up costly overhead associated with routine manual processes and unnecessary fire drills—devoting more time to mission-critical operations and other strategic projects.

Here are some of the blind spots you can overcome and avoid by achieving a deeper understanding of the desktop environment:

1) Corporate software piracy
According to the Business Software Alliance (BSA), more than 20 percent of installed software in the U.S. is non-compliant. The ramifications of corporate software piracy can be enormous: copyright infringement penalties of up to $150,000 per infringed-upon title (not including legal fees), business disruption associated with protracted

You do not have flash or javascript support.
Average (2 votes)
5
 
 
Sat, Jul 7, 2007 3:24 EDT
Posted by: asengupta
Rating: 90

Very useful article, thank you. However, doing remote audits of all applications being run by employees smacks too much of big-brother to me. In our company many people work remotely and some use their personal computers to do office work. How can we balance their expectations of privacy with the necessity of securing the enterprise? I realize that legally we may be able to run such audits, but what is the impact on morale if the employees feel like they are being monitored?

 
Mon, Jul 9, 2007 4:08 EDT
Posted by: GeoffW
Rating:

There are two points to consider here, 1. You should have a company handbook or policy that states that the company / organisation audits computers for software. 2. Communicating with the staff why you are doing something.

If you supply home working staff software for their own computer then you are entitled to provide a service to ensure it is up to date.

The "usage" is virtually immaterial if you read License Agreements it is based on "INSTALLED" software not "USED" software.

 
Sat, Aug 25, 2007 13:57 EDT
Anonymous user
Posted by: Cary King
Rating:

When using company assets employees should have no expectation of privacy. If they are using personal computers to do office work, then the organization is mixing and matching their licensing issues. The risk to the organization of security breaches and software licensing violations is considerable. Each violation can cost the the company lots of money - consult the BSA and RIIA fine structures for yourself - and, you'll still have to "true up" with the software publisher anyway.

Plus, IT asset management data is fundamental to understanding and controlling IT costs so that your IT organization can demonstrate alignment with business services objectives.

IT Asset Management is one of those fundamental "run the business" activities that is poorly done because it's not sexy - yet, according to Gartner, "customers that commit a minimum of 3 percent of their annual operating budgets to ITAM programs and tools can expect a 25 percent reduction in their total cost of ownership."

A high risk of not doing ITAM, and a big payoff for doing it well. The first step is to get some help understanding what the possibilities are. The failure rate can be high for those that don't fully understand the commitment needed to achieve a proactive solution.

 
Thu, Aug 30, 2007 1:30 EDT
Anonymous user
Posted by: Bill K
Rating:

The focus on using the network only to inventory assets ignores the machines that are disconnected. It also ignores the logistical processes of moving IT equipment into a building, to its deployment location, and then back out of the enterprise (for retirement/disposition). Also, there are a lot of stored assets such as spare parts and still-in-box equipment that network discovery tools can't see. Network discovery is a great, low-overhead first step--- with IT environments growing so quickly a CIO probably cannot afford to overlook all the infrastructure and items not on the network.

 
Wed, Dec 5, 2007 14:34 EST
Posted by: Kris Barker
Rating:

Good point - tracking disconnected equipment can be a real headache, and there's no perfect solution. The choices are to perform a manual inventory, use a remote inventory client (an agent run on a disconnected computer from a floppy, CD or other media), use a network client to collect data when machines reconnect to the network, or use RFID/barcode tagging. Of course, these methods each have their own pitfalls... Manual inventories are incredibly time-consuming, error-prone and non-dynamic; remote inventory clients need to be run manually and don’t address the issue of “missing” devices; network clients only work when machines reconnect to the network and therefore don't take into account systems sitting in storage closets or on loading docks; and RFID tagging tracks movement of machines but does not transmit critical software inventory or hardware information for individual PCs (plus, it's expensive and requires manual work to tag the equipment in the first place).

At the end of the day, companies need to develop IT asset management processes by which equipment details and locations are documented and maintained "from cradle to grave". This might include, for example, a "discovery" tool that tracks current inventories of all networked hardware and software, as well as processes that are kicked off when new equipment is purchased, retired, and/or moved, notifying the people that need to track this information. IT asset management tools can help, but they will never supplant robust, carefully-planned documentation processes.

Post new comment

* Subject:
* Username:
* E-mail:
The content of this field is kept private and will not be shown publicly.
Homepage:
* Body:
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <blockquote> <strike> <p> <br>
  • Lines and paragraphs break automatically.
More information about formatting options

* Denotes required field.

Start a Conversation
Click to post

Got something to say? We want to hear it! Click the Post button to get started. GO»

EXPERT ADVICE
See our roster of experts.

Advice & Opinion from more than 113 of IT's most insightful thinkers.

  PARTNERS       WEBCASTS    
 

Windows 7 Webcast Series

There's a lot of buzz about Windows 7 out there. Each month in our webcast series, listen to analysts and customers discuss how Windows 7 and the Windows Optimized Desktop is impacting large companies around the world. Learn how they evaluated Windows 7, including the cost of deployment, deployment strategies, and tangible benefits.

Sponsored by Microsoft  Listen to on-demand Recordings »

 

Service Level Management Best Practices Life Cycle Overview - Improve Service Levels

Best practices for Service Level Management (SLM) is a process for consistently meeting customer requirements and delivering on IT's promises. See the steps required to ensure high-quality SLM.

Sponsored by Compuware  Read this White Paper »

 

Keeping Your Members Safe from Online Scams and Predators

In order to keep fraudsters out, romance sites must deploy effective solutions that look at information independent of what is supplied by users. A device fingerprinting solution such as iovation ReputationManager™ provides unique insight into the computers being used to create multiple accounts and exposes hidden device-account relationships that identity-based fraud solutions often miss.

Sponsored by iovation  Read this White Paper »

Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

Resource Alerts

Get instant email notification when white papers, webcasts, and case studies are added to our library. Don't just be up-to-date—be up to the minute with our new Resource Alerts.

Defend Against Blended Threats: What You Need to Know

Blended Web and email threats are becoming increasingly complex and represent a huge...  View Now »

 

Prescriptive Actions to Reduce Risk

In this Webcast, learn best practices for effective systems management in a heterogeneous environment and keep client systems cost under control.   View Now »

 

Webcast- Vantage 11: Redefining Application Performance Management

Compuware's latest release, Vantage 11, is a major advance in end-to-end application performance management--bringing together proactive issue identification, quantification of business impact and problem resolution into a single solution. Tune in to learn how Vantage 11's top-down approach helps you make better decisions and dramatically lower operations costs.  View Now »

Resource Alerts

Get instant email notification when white papers, webcasts, and case studies are added to our library. Don't just be up-to-date—be up to the minute with our new Resource Alerts.

 
NEWSLETTER

Sign-up for the Blogs & Discussion Newsletter

 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Return on Information: Google Enterprise Search pays you back. Get the facts.

VMware. The source for Business Infrastructure Virtualization.

ShoreTel tells businesses to untangle from competitors' complexity and turn to its brilliantly simple UC solution

See how AT&T can help protect your network.

Streamline IT Costs. Boost Performance with WAN Optimization.

Build your 1st app FREE with Force.com

TDWI checklist helps define data readiness for analytics. Download report.

A Clear View Toward Virtualization

Virtualization Technology as a Business Solution

The rules of infrastructure management just changed.

A Clear View Toward Virtualization

Interactive Q&A helps you discover key ways to maximize IT assets.

Ready to virtualize tier one applications? Check your virtualization maturity.

Think you can't afford a Cisco Switch? Cisco Catalyst Switches are now more affordable.

Five minute business analytics assessment. Immediate results.

The Case for Investing in Business Analytics Technology. Read white paper.

Upgrading to VMware vSphere with vWire

Top 10 Lessons Learned for Corporate 3G Mobile Broadband Deployments

CRM Built for IT: The Executive Guide to Selecting CRM that Meets IT Needs

Return on Information: Google Enterprise Search pays you back

ROI of Application Delivery Controllers

Making Consumer Two-Factor Authentication Simple and Cost-Effective

Mining the Cloud to Ease the Enterprise Compliance Burden

Solve Five Key IT Security Challenges with Cloud-Based Authentication

White Paper: Right-Sizing Your Power Infrastructure

AT&T Synaptic Storage as a Service. Expand on demand

Trend Micro ranked #1 against real-world malware. Read more.

Webinar: Jump-start your in-house e-discovery with Ringtail QuickCull from FTI Technology

Top Five CIO Challenges

Read the RSA report: Security for Business Innovation

64-page prescriptive guide to security, compliance, and IT operations.

Increase UPS efficiency without sacrificing protection.

eZine: A Roadmap to Reducing IT Complexity

Reduce risk, gain agility. See how Progress can help your business.

Virtualization Technology as a Business Solution

eZine: A Roadmap to Reducing IT Complexity

World-class trading technology solutions from NYSE Technologies.

If You're Paying for Telecom, You're Paying Too Much. Contact Asentinel Today.

Trade-In your old printer and save up to $1,000 plus free recycling!

infoBOOM! - The Mid-Sized Company CIO's Exclusive Community

Live Webinar: Applying Business Analytics. Click here to learn more

Removing Barriers To Better Server Virtualization Efficiency

4G Revisited. The Continued Evolution of Wireless Mobility.

What's Next for Enterprise Resource Planning?

Maximizing website Return on Information with high-quality search

Gartner Magic Quadrant, Application Delivery Controllers 2009

Authentication as a Service by Forrester Research

Cloud-Based Authentication for Next-Generation Extranets

Cut Costs & Green Your IT Operations with PC Power Management

White Paper: 4 Customer Service Myths