Overcoming Blind Spots that Curb CIO Accountability

lawsuits and eroded goodwill. In extreme cases, companies have been temporarily shut down for violating their licensing agreements.

ITAM tools enable IT staff to perform automated inventories of all the software (and hardware) installed across the desktop environment and reconcile that data with purchasing information. This allows organizations to conduct periodic internal compliance audits and take corrective action.

2) Harmful applications on the network
While most IT departments devote extensive resources to averting external security threats, few bother to determine the extent to which employees’ use of technology introduces internal risks to data security, productivity or network performance. In fact, studies have shown that over half of security breaches—whether malicious or unintentional—occur inside the corporate firewall. Obvious threats include hacking programs and spyware, but even common P2P or chat applications can pose security or regulatory risks if not used appropriately. Furthermore, organizations commonly install applications containing sensitive data on company servers without regard for who’s able to access them, making this information extremely vulnerable.

ITAM tools can track both the inventory and usage of software assets, allowing IT professionals to identify exactly what’s installed on employees’ desktops and network servers, and what’s actually being used by employees. Staff can then determine what programs are potential threats and either uninstall the software or prevent it from launching. ITAM tools can further augment security measures by revealing which computers lack specific software—for example, critical security updates or antivirus applications.

3) Software overspending
IT departments are constantly challenged to eliminate unnecessary spending, yet it’s surprising how few monitor the actual use of their investments. According to a Morgan Stanley survey, only 12 percent of CIOs believed they had unused CRM licenses; however, an AMR Research poll revealed that most companies with CRM software had implemented fewer than 50 percent of their licenses. Ironically, efforts to obtain volume licensing discounts and remain compliant often result in purchasing far more software than is actually needed—any volume savings are therefore wiped out by unnecessary support and upgrade fees.

By tracking software usage, IT professionals can determine which applications have not been used over specified timeframes. With this information, purchasing agents can negotiate licensing agreements that more closely match end users’ needs—and ultimately save money.

4) Upgrade and migration nightmares
Business strategies often involve distributing new technology to employees. How can IT be

You do not have flash or javascript support.

Average (2 votes)

PARTNERS

WEBCASTS

Windows 7 Webcast Series

There's a lot of buzz about Windows 7 out there. Each month in our webcast series, listen to analysts and customers discuss how Windows 7 and the Windows Optimized Desktop is impacting large companies around the world. Learn how they evaluated Windows 7, including the cost of deployment, deployment strategies, and tangible benefits.

Sponsored by Microsoft Listen to on-demand Recordings »

Service Level Management Best Practices Life Cycle Overview - Improve Service Levels

Best practices for Service Level Management (SLM) is a process for consistently meeting customer requirements and delivering on IT's promises. See the steps required to ensure high-quality SLM.

Sponsored by Compuware Read this White Paper »

Keeping Your Members Safe from Online Scams and Predators

In order to keep fraudsters out, romance sites must deploy effective solutions that look at information independent of what is supplied by users. A device fingerprinting solution such as iovation ReputationManager™ provides unique insight into the computers being used to create multiple accounts and exposes hidden device-account relationships that identity-based fraud solutions often miss.

Sponsored by iovation Read this White Paper »

More Partners »

Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

Sat, Jul 7, 2007 3:24 EDT

Posted by: asengupta
Rating:

Very useful article, thank you. However, doing remote audits of all applications being run by employees smacks too much of big-brother to me. In our company many people work remotely and some use their personal computers to do office work. How can we balance their expectations of privacy with the necessity of securing the enterprise? I realize that legally we may be able to run such audits, but what is the impact on morale if the employees feel like they are being monitored?

Reply to this comment | Post new comment | Report as spam

Mon, Jul 9, 2007 4:08 EDT

Posted by: GeoffW
Rating:

There are two points to consider here, 1. You should have a company handbook or policy that states that the company / organisation audits computers for software. 2. Communicating with the staff why you are doing something.

If you supply home working staff software for their own computer then you are entitled to provide a service to ensure it is up to date.

The "usage" is virtually immaterial if you read License Agreements it is based on "INSTALLED" software not "USED" software.

Sat, Aug 25, 2007 13:57 EDT

Consider the real risk

Posted by: Cary King
Rating:

When using company assets employees should have no expectation of privacy. If they are using personal computers to do office work, then the organization is mixing and matching their licensing issues. The risk to the organization of security breaches and software licensing violations is considerable. Each violation can cost the the company lots of money - consult the BSA and RIIA fine structures for yourself - and, you'll still have to "true up" with the software publisher anyway.

Plus, IT asset management data is fundamental to understanding and controlling IT costs so that your IT organization can demonstrate alignment with business services objectives.

IT Asset Management is one of those fundamental "run the business" activities that is poorly done because it's not sexy - yet, according to Gartner, "customers that commit a minimum of 3 percent of their annual operating budgets to ITAM programs and tools can expect a 25 percent reduction in their total cost of ownership."

A high risk of not doing ITAM, and a big payoff for doing it well. The first step is to get some help understanding what the possibilities are. The failure rate can be high for those that don't fully understand the commitment needed to achieve a proactive solution.

Thu, Aug 30, 2007 1:30 EDT

What about the physical world?

Posted by: Bill K
Rating:

The focus on using the network only to inventory assets ignores the machines that are disconnected. It also ignores the logistical processes of moving IT equipment into a building, to its deployment location, and then back out of the enterprise (for retirement/disposition). Also, there are a lot of stored assets such as spare parts and still-in-box equipment that network discovery tools can't see. Network discovery is a great, low-overhead first step--- with IT environments growing so quickly a CIO probably cannot afford to overlook all the infrastructure and items not on the network.

Wed, Dec 5, 2007 14:34 EST

Re: What about the physical world?

Posted by: Kris Barker
Rating:

Good point - tracking disconnected equipment can be a real headache, and there's no perfect solution. The choices are to perform a manual inventory, use a remote inventory client (an agent run on a disconnected computer from a floppy, CD or other media), use a network client to collect data when machines reconnect to the network, or use RFID/barcode tagging. Of course, these methods each have their own pitfalls... Manual inventories are incredibly time-consuming, error-prone and non-dynamic; remote inventory clients need to be run manually and don’t address the issue of “missing” devices; network clients only work when machines reconnect to the network and therefore don't take into account systems sitting in storage closets or on loading docks; and RFID tagging tracks movement of machines but does not transmit critical software inventory or hardware information for individual PCs (plus, it's expensive and requires manual work to tag the equipment in the first place).

At the end of the day, companies need to develop IT asset management processes by which equipment details and locations are documented and maintained "from cradle to grave". This might include, for example, a "discovery" tool that tracks current inventories of all networked hardware and software, as well as processes that are kicked off when new equipment is purchased, retired, and/or moved, notifying the people that need to track this information. IT asset management tools can help, but they will never supplant robust, carefully-planned documentation processes.

Overcoming Blind Spots that Curb CIO Accountability

Topic: IT Organization Management

Post new comment

Information Wants to Be Free, But at What Cost?

IT Salaries and the Law of Supply and Demand

The Bad Job: Do You Stay or Do You Go ASAP?

Microsoft's Ozzie on Smartphones: It's Not About the Apps

Windows 7 Based on Mac Design: A Gaffe for the Ages

TECHNOLOGY

LEADERSHIP

Must change It.

Ozzie says it is not about applications

Samsung 'bada'

Article is correct but the issue goes further

When Oh When

He is wrong

It is about the app - the right app

It IS about the apps - also

Managing HR during financial

Duped

DUNCAN MCALYNN

The Microsoft Muse

C.G. LYNCH

The Collaboratory

KATHERINE WALSH

Green IT

DAVID ROSENBAUM

Cranky Old Guy

Sign-up for the Blogs & Discussion Newsletter