Last updated on: November 28, 2024
As organizations aspire to turn digital-first and deliver exceptional employee and customer experiences, it is a given that IT spending will continue to increase every year—and in some years, exponentially.
In April 2024, Gartner shared its forecast for the global IT spending in 2024. The estimated IT spending is $5.06 trillion. Yep, you read that right. While this number might be mind-boggling, a significant insight is obtained from breaking down this number to its constituents.
Nearly, $1.7 trillion out of that $5.06 trillion is estimated to be spent on devices and software. ($688 billion on devices, and $1 trillion on software, to be very precise).
So what can help CFOs, CIOs, IT asset managers, and procurement teams ensure a reasonable ROI (at a minimum) for every dollar spent on IT?
Prudence and IT asset management (ITAM).
While the first is a matter of organizational principles and values, ITAM, fortunately, is easier to learn, adopt, deploy, practice, and perfect.
So what is IT asset management?
The conventional definition of ITAM: IT asset management is the systematic practice of identifying, tracking, managing, maintaining, accounting for, and disposing IT assets, both hardware and software, from cradle to grave. It also encompasses the systems, processes, and people who help perform all the above-listed operations.
ITAM is best described as a practice within IT service management (ITSM), which when implemented right gives an accurate set of answers to these questions:
- What IT assets does your organization own?
- Who uses it and where are they?
- How much of it is hardware or software?
- What is being actively used, rarely used, and not used?
- How much do we spend and is there anything that needs to be done?
- Is there any kind of risk attached to these IT assets?
(Organizations will only be able to answer that last question if they have figured out the answers for the previous five.)
A variety of physical and digital assets can be considered an IT asset, including hardware (such as workstations, servers, printers, peripherals, routers, switches, etc.), software (such as databases, operating systems, installed applications, subscription software, IaaS, and PaaS), and virtual infrastructure (such as virtual machines, containers, hypervisors, and so on).
Together, all of these IT assets form your digital IT estate; the foundation on which your enterprise runs its day-to-day operations.
The different types of IT asset management
IT assets can be broadly categorized into three buckets: hardware assets, software assets, and cloud assets.
Based on this fundamental categorization of assets, ITAM can be classified into the following categories:
- Hardware asset management: The discovery, tracking, management, and maintenance of the physical computing devices in your IT environment is typically defined as hardware asset management. Examples include datacenter infrastructure, servers, workstations, printers, network devices, storage devices, and so on.
- Software asset management: The discovery, tracking, and management of all the software that is consumed at your organization is software asset management (SAM). SAM comprises processes such as software discovery, software usage monitoring, software inventory management, and software license management.
- Cloud management: The practice of monitoring and managing cloud computing resources—including SaaS, PaaS, and IaaS—is known as cloud management. This part of ITAM typically tracks the cost and usage of an enterprise's cloud computing footprint on AWS, GCP, and Azure, in addition to the wide array of SaaS applications that may be used.
Why is IT asset management important to your enterprise?
Here are five scenarios to consider for assessing the importance of ITAM.
During an internal asset audit, you are unable to provide a clear answer to the question "What are the IT assets we are managing and where are they located?"
Your organization greenlights the renewal of a contract with an ERP software vendor, but a month later you realize the number of purchased user licenses is 200, while only 100-odd employees need access to the ERP software.
When cycling through the list of workstations and their users to rollout an org-wide patch, you realize that there are 42 employees who no longer work here, and their workstations are missing.
Your prospective clients expect your organization to comply with ISO 27001:2022, but your organization fails to get certified.
Your organization lands on the audit cross-hairs of a popular software vendor. The audit uncovers dozens of unlicensed installations leading to a $550,000 non-compliance fee.
These five situations illustrate the consequences of not implementing ITAM at your organization.
1. You need a single source of "current" truth, not a bunch of spreadsheets with mismatched data
Quite often, IT infrastructure teams rely on a collection of spreadsheets, software, databases, and paperwork to track and manage their IT assets. These data sources, due to their very static nature and a lack of standardized processes, quickly become outdated and may not be reflective of the current state of your IT assets. Financial data that pertains to the purchase, maintenance, and disposal of IT assets is also managed in siloed systems by procurement teams.
IT asset management helps unify these disparate sources of asset information into a singular ITAM database that stays current through rule-based automations and integrations.
2. ITAM helps get the ROI equation right for your organization
In the second scenario, the organization spent a sizable amount of money on 50 user licenses that are never going to be used by employees. This is where ITAM steps in to cut down on wasteful IT expenditure. When your organization tracks hardware and software assets systematically along with their usage, it can cut down on shelfware, unused licenses, and unnecessary hardware assets.
3. Your cybersecurity journey starts with an IT asset management strategy
Remember this axiom: "One can never secure what one does not realize they have."
In the third scenario, those 42 ghost IT assets are 42 potential attack vectors for threat actors to infiltrate into your network and deploy malware such as ransomware. ITAM is foundational to your security posture as the typical corporate perimeter ceased to exist since the pandemic. With employees working remotely, in a hybrid mode, or even traveling across the world, the IT estate is more fluid than ever before.
Adding to this complexity are the numerous zero-day vulnerabilities dotting the software landscape. ITAM helps IT teams identify every single IT asset, verify ownership, review their configuration (including patch compliance), and deploy or retrieve assets during their respective lifecycles.
4. ITAM is non-negotiable when you strive to stay compliant with regulatory mandates or certifications.
Information security is a critical parameter by which clients, governments, and certification authorities evaluate your enterprise. IT standards—such as ISO 27001, CIS Critical Security Controls, PCI DSS, HIPAA, and more—demand, at a minimum, the implementation of a singular and up-to-date IT asset repository.
Read more on the specific regulations and their ITAM implications here.
5. The penalties for non-compliance with software license agreements can be steep.
Organizations need to keep a close eye on their software license compliance posture, as larger software vendors—such as Microsoft, Oracle, SAP, Adobe, etc.—are known to undertake software license audits that may result in penalties if violations are detected.
The unintended consequence of the democratization of IT is the rise of shadow IT. From unlicensed installations to expressly prohibited software, the absence of ITAM can lead to expensive penalties in the best case to the introduction potentially harmful malware in the worst case!
Benefits stemming from a structured ITAM strategy
Apart from these five critical reasons for why you need ITAM, a solid ITAM strategy that's tailored to your enterprise delivers other benefits:
- ITAM helps you to maximize the usage of hardware IT assets during their limited lifespans.
- It helps you reduce wastage in software spending by helping ascertain current needs, forecast projected demand, and reallocate software licenses from ex-employees and retired IT assets.
- Your IT assets stay updated with the latest patches, ensuring a secure IT infrastructure with your IT team retaining precise control.
- ITAM strengthens adjacent ITSM practices such as incident management, service request management, and change management.
- Troubleshooting workstations, servers, routers, and other hardware becomes easier when you have the complete audit log and configuration information of IT assets.
- IT infrastructure teams can ensure high availability of IT services when they have contextual information from the ITAM database that is current.
- IT service delivery turnaround times can be reduced when there is a clear-cut picture of the IT asset inventory and the associated purchases, vendors, and contracts.
The IT asset management process: Let's get your enterprise started on ITAM
If you have reached this part of the guide, it means you have recognized the importance of implementing an ITAM strategy at your organization. IT asset management is not a one-off project that will be done and dusted. Enterprises need to ensure that IT teams treat ITAM as an ongoing IT program that is continuously optimized and perfected.
But where do you begin?
Here's a basic framework of an IT asset management process.
Remember, the ITAM process is different from an IT asset lifecycle. The IT asset lifecycle is the journey of a single IT asset, right from the request for that asset being documented, to procuring it, assigning it to an individual, and all the way to retiring and disposing of it at its end of life.
1. IT asset discovery: Start by identifying what you have
The first step to building your IT asset management strategy is to discover every hardware, software, and cloud asset in your organization. IT asset discovery needs to discern every nook and corner of your digital estate, which is quite expansive even at smaller organizations.
If this step is performed manually, it might result in a drain of your valuable IT talent and productivity, while also being prone to errors and duplication.
ITAM software such as ServiceDesk Plus offer automated IT asset discovery techniques that are also multi-modal in nature.
These solutions offer:
- Agent-based or agentless scanning techniques through which you can discover Windows, Linux, and macOS devices and the associated software.
- Network scanning methods to identify IP-based devices such as printers, routers, and network switches.
- QR and barcode scanning techniques.
- RFID-based identification.
- Importing asset data through integrations with other tools or from spreadsheets.
2. Centralized ITAM database: Build and classify your IT asset inventory
Bring every IT asset identified in the first step into a centralized database with adequate classification. The levels of classification may be broad or granular, depending on the diversity of your IT asset landscape. Some typical classifications are:
Hardware assets > Printers, routers, servers, smartphones, workstations, switches, etc.
Software assets > Managed, freeware, prohibited, shareware, SaaS, unidentified, etc.
IT consumables > Inkjet cartridges, HDMI cables, laptop bags, cooling pads, etc.
IT peripherals > Keyboards, mice, monitors, extenders, etc.
3. IT asset tracking: Ensure your IT asset inventory stays up-to-date
Once you have set up your IT asset inventory, you have your single source of truth to which you can refer to plan IT budgets, allocate assets, and assess compliance levels. However, these activities can be flawless only if your IT asset inventory stays current and contextual.
Here are the different types of IT asset details that you will need to populate and track in your IT inventory.
| Types of asset data | Asset parameters | Capabilities that can help track IT asset parameters |
|---|---|---|
| Physical data | Service tag or serial number; designated location and current location; assigned owner vs. actual owner State of the asset (In working condition, in repair, or end of life) |
Domain, network, and remote scans; barcode and QR code scans; RFID or GPS tags to track movement of assets Access management to identify logged-in users |
| Configuration data |
Processor speed and memory, network adapters, MAC addresses, NIC, hard disk capacity, logical drives, physical drives, installed software, SaaS allocations, versions, licenses and license keys, and installation dates |
|
Financial and contractual data |
|
|
All of these asset parameters need to be updated in real time to ensure a high-integrity database. The downstream benefit of doing IT asset tracking right is that you can effortlessly build out your CMDB by designating specific, key IT assets as configuration items (CIs).
4. IT asset lifecycle management: Visualize and map every asset's journey, from purchase to disposal
Each and every IT asset follows a lifecycle that defines its journey from the moment the need for that asset arises to its end of life. IT asset lifecycle management helps IT asset managers understand which assets are about to reach EOL state, which assets can be repurposed or reallocated from ex-employees, and whether they need to replenish the inventory to meet the asset demands of the organization.
5. Reporting and compliance: Decide on key ITAM KPIs, monitor software license compliance, and continuously improve
While the first four steps help you establish your own ITAM process, it can all unravel quickly if you fail to measure the efficacy of your process. To this end, there are three fronts where IT asset managers need to focus on: security, compliance, and finance.
| Type of KPIs | KPIs and metrics |
|---|---|
Security |
|
Compliance |
|
Finance |
|
The five stages of an end-to-end IT asset lifecycle
A practical IT asset lifecycle management strategy gives IT teams a longer runway to procure IT assets, well ahead of time instead of rushing to meet the asset demands with last-minute replenishment efforts.
While different organizations may have asset lifecycles tailored to their unique processes, here's a common template that organizations can adopt and modify.
1. A request for an IT asset
The first stage of the asset lifecycle is typically when there is a recognized need for that asset in an organization. This need can be a service request from an employee, IT procurement decision to meet the requirements of new employees, or a replacement of assets that reach EOL.
2. Acquisition of an asset
IT teams should follow a predefined procurement policy with which they vet vendors and suppliers and establish supply-chain relationships. The organization then receives a quote from these approved vendors and places a purchase order to procure the asset.
Raise purchase order > Follow predefined PO approval workflow > Initiate payment as per PO terms > Confirm receipt of IT asset(s)
Remember, your enterprise might also lease IT assets from an IT services provider instead of purchasing them outright. Whatever be the mechanism of acquisition, the associated documentation for every asset should be recorded within the IT asset management database.
3. Deployment and assignment
Once the IT asset is received by the enterprise, it should be discovered (or in other words, scanned) and added to the IT asset inventory along with the asset parameters we discussed in the previous sections. It also needs to be configured through device hardening, OS imaging, and software installation to ensure it is ready to be deployed for use.
Scan the IT asset > Populate the hardware and software inventory > Deploy organization profiles and harden the device > Assign and change the asset state
4. Ongoing support and maintenance
An IT asset, be it a workstation or an ERP software license, may undergo multiple changes in ownership during its life span. All of these changes to the state of the IT asset need to be timestamped and maintained as part of its audit history.
Until its eventual EOL or retirement, IT asset managers need to keep close tabs on the asset's performance metrics, total cost of ownership, software license compliance, contract expiry dates, and depreciation calculations. If an IT asset is also a CI, like an app server in a datacenter, then its relationships to other assets and business-critical services need to be tracked in the CMDB.
Track ownership > Monitor performance metrics > Record and troubleshoot incidents > Maintain financials and contracts > Stay ahead of expiry dates
5. End of life and IT asset disposition (ITAD)
An IT asset reaches the end of life state when its useful lifespan is over or when it suffers a failure rendering it unusable. When this state is reached, IT asset managers should carefully plan on the disposal of the asset.
Verify ownership history > Retrieve the IT asset > Back up critical organizational data > Remove PII > Purge and sanitize data storage mediums > Dispose the asset > Update the IT inventory and the CMDB > Reallocate software licenses
Remember that asset disposal entails deciding on whether you will:
- Recycle the asset
- Sell off the asset for its salvage value
- Destroy the asset through third-party firms
Asset disposal should not be an afterthought
While disposing of an IT asset seems fairly simple, there are underlying legal, financial, and environmental considerations.
Financial aspects: IT asset managers should realize that IT assets are tangible elements that are part of their organization's balance sheet. The possibility of extending the life of an asset through refurbishment must be explored before deciding on disposal.
Legal aspects: Data storage mediums within IT assets like workstations and servers may contain both proprietary enterprise data and PII of customers or employees. To ensure adherence to regulations (such as GDPR, HIPAA, etc.) organizations should irrevocably sanitize data storage mediums while taking care to back up enterprise data.
Environmental aspects: IT assets are manufactured using an assortment of materials such as plastics, metals, semiconductors, rubber, and alloys. The destruction of these materials might result in ecological damage if they do not align with sustainable asset disposal practices.
The road to regulatory compliance in IT starts
with ITAM
While businesses go digital with the goal of delivering on experience targets and differentiating themselves from competition, that journey is peppered with cybersecurity challenges like threat actors that actively hunt for vulnerabilities in your IT estate. To combat these challenges, governments and multilateral organizations have enacted numerous data privacy and protection regulations. And the first step to complying with them is an effective IT asset management strategy.
Here are some specific regulatory controls and requirements and their corresponding ITAM implications.
| Regulatory mandates/standards | Controls/Requirements | ITAM implications |
|---|---|---|
PCI DSS 4.0 |
Requirement 12.5.1: An inventory of system components that are in scope for PCI DSS, including a description of function/use, is maintained and kept current. |
|
ISO 27001:2022 |
|
|
CIS Critical Security Controls |
|
|
Seven ITAM best practices that can help IT asset managers succeed
1. Start off with "people" before "processes"
It might seem counterintuitive to place processes secondary to people, especially when ITAM is defined as a practice or a group of processes. But, to even set up a successful ITAM strategy you will need executive buy-in. Your CIO should be convinced that ITAM is not only a desirable practice but an enterprise necessity.
Similarly, your IT team should be involved from the get-go. They need to understand critical ITAM concepts and frameworks, get acclimatized to process changes, and would require extensive training on your chosen ITAM software.
Finally, your employees need to be educated on your asset handling policies, including asset replacement policies, asset handover, and unauthorized software usage.
2. Start small and expand in phases
If you are starting from scratch, an ambitious, large-scale ITAM strategy can end up introducing a lot of disruptions in your enterprise. Start small and pilot an ITAM strategy with a group of low-risk, non-critical IT assets. This approach can help you identify problems in your strategy and opportunities for improvement. Once you have perfected your ITAM process starting with IT asset discovery, expand it in phases. These phases could be based on the type of IT asset, be it servers, workstations, network components, and so on, or could be based on the locations, or even business units.
3. Deploy water-tight asset discovery techniques
Your asset discovery methods need to feel omniscient, since doing so is the first step to building your IT asset inventory. Robust IT asset discovery techniques are helpful in a way spreadsheets can never be; they help you identify assets in your estate that you never realized you had.
But relying on one single asset discovery technique because it is easy to manage is a bad idea. Enterprises typically manage a range of IT assets across different categories: macOS and Windows devices; on-premises software and SaaS subscriptions; application servers and hypervisors; and in-office vs. remote.
To establish deep visibility you would need a hybrid approach with a combination of agent-based and agentless discovery techniques, barcode, QR code and RFID scans, and integrations into endpoint management solutions as well.
4. Chart your ITAM policies and translate them into workflows
When you draft your ITAM policies for new employee onboarding, asset entitlements, replacements, BYOD, lost and stolen assets, and disposal, it is useful to take a lifecycle-based approach. Think of all the different possible journeys that your assets would travel through.
Once you have charted them, build out these lifecycles as workflows in your ITAM tool. Solutions like ServiceDesk Plus offer a visual, drag-and-drop canvas to craft ITAM workflows. The underlying benefit of such visual workflows is the scope for granular automations that minimize toil.
5. Identify opportunities for automation and leverage them
As enterprises scale, IT asset teams will potentially manage thousands of workstations and other IT assets. An ITAM system without any kind of automation would lead to valuable time and effort sunk into just administrative tasks. Here are a few areas in ITAM where automation helps ramp up productivity:
- Automated, periodic asset scans to keep inventories up to date
- Large-scale configuration by rolling out asset profiles
- Alerts to notify about unlicensed software installations
- Expiry alerts for contracts, software license agreements, and EOL
- Changes in software usage patterns
- Detection of changes in login behavior
6. Build out a high-integrity CMDB with ITAM as its foundation
Nearly every CI is tracked as an IT asset in the ITAM inventory. However, not every IT asset is a CI. For example, a server is both an IT asset and a CI, but a portable, bluetooth keyboard is an IT asset and not a CI.
An effective ITAM process can help you deploy a configuration management database (CMDB) without much overhead. When your IT asset discovery and tracking is precise, you can simply designate certain critical assets as CIs and populate your CMDB. You can then map out interdependencies and relationships within CIs visually and use the CMDB as a frame of reference during incident responses and change enablement. The CMDB can be kept current using periodic asset scans and through integrations with ITOM, SIEM, and UEM tools.
7. Align your ITAM with other ITSM practices for maximal value
ITAM, by itself, offers your IT department an avenue to optimize IT spending, mitigate risks, and ensure compliance. But, its true potential is realized when you connect it with other ITSM practices such as incident management, service request management, and change management.
You can accelerate incident responses to outages with better ITAM context. You can deploy a service catalog that offers software packages and hardware to employees, helping eliminate shadow IT. IT infrastructure teams can maximize change success rates through accurate impact analysis from a high-integrity CMDB.
How do I choose
best-in-class IT asset management software?
The top capabilities to look out for in an ITAM solution
Now that you have breezed through the A-Z of IT asset management, how do you choose an IT asset management tool that works best for your organization? This search could be daunting given the current proliferation of ITAM tools in the market. Here's a rubric of sorts that can help you:
- Identify the core ITAM capabilities that are indispensable
- Evaluate multiple ITAM tools against a common framework
1. Ensure that the ITAM tool offers multifarious discovery techniques since your organization is likely to use a diverse set of IT assets such as Linux, Mac, Windows, and other network devices.
| IT asset management process | Core capabilities |
|---|---|
IT asset discovery |
|
2. The ability to craft visual workflows can help you operationalize your IT asset policies and put your ITAM on autopilot while still retaining control.
| IT asset management process | Core capabilities |
|---|---|
IT asset lifecycle management |
|
3. Your prospective ITAM solution should help you track both temporary and permanent ownership of IT assets.
| IT asset management process | Core capabilities |
|---|---|
IT inventory management |
|
4. A native CMDB within your ITAM solution will help you identify intricate relationships, leading to better change planning and faster incident responses.
| IT asset management process | Core capabilities |
|---|---|
CMDB |
|
5. The ITAM solution should offer a real-time compliance dashboard to help you identify unlicensed, under-licensed, and over-licensed software at a single glance.
| IT asset management process | Core capabilities |
|---|---|
Software asset management |
|
6. From answering questions on ROI to identifying the maintenance overheads of assets from a specific vendor, tracking ITAM KPIs is crucial, and your ITAM solution should offer solid reporting capabilities with the flexibility to visualize them the way you want to.
| IT asset management process | Core capabilities |
|---|---|
ITAM reports and dashboards |
|
7. When your IT asset management tool integrates with UEM, EDR, and other ITOM solutions, you will be able to better control and secure servers, mobile phones, laptops, and other employee devices.
| IT asset management process | Core capabilities |
|---|---|
Integrations |
|
Aside from these capabilities in the product, take a measure of ITAM vendors in terms of sustainable pricing and hidden costs, implementation difficulty, quality of product support, and user education practices.
ServiceDesk Plus:
The unified service management platform with ITAM capabilities and a native CMDB
When you purchase an IT asset management tool, remember to focus on not just your current needs but also on the long-term growth and evolution of your IT asset estate.
ServiceDesk Plus, ManageEngine's unified IT and enterprise service management platform, combines ITSM essentials with ITAM and a native CMDB. Recognized as a Challenger in Gartner's last magic quadrant for ITSM platforms, ServiceDesk Plus offers an enterprise-grade platform at a fraction of the cost of other ITSM solutions. Its ITAM capabilities cover the whole nine yards; from multi-modal asset discovery and inventory management to software license management, CMDB, and asset workflow automation.
But, what sets it apart from other tools is its tight alignment of ITAM with other ITSM practices such as incident and problem management, service request management, and change enablement.
If your enterprise wants to take it one step at a time, we offer a standalone ITAM solution as well.
Author's bio
Siddharth G is a product expert and an ITSM evangelist at ManageEngine. He specializes in driving marketing campaigns and customer education programs for ManageEngine's flagship ITSM platform, ServiceDesk Plus. Over the past five years, Siddharth has hosted various masterclass and thought leadership webinars addressing specific ITSM challenges that organizations face and the best practices to overcome them. He has also authored educational guides on IT ticketing systems and service request management.