2022 Tech Trends

Enabling the digital economy

Supporting the CEO for growth

The post-pandemic pace of change

The disruptions to the way we work caused by the pandemic haven’t bounced back to normal.

As part of its research process for the 2022 Tech Trends Report, Info-Tech Research Group conducted an open online survey among its membership and wider community of professionals. The survey was fielded from August 2021 through to September 2021, collecting 475 responses. We asked some of the same questions as last year’s survey so we can compare results as well as new questions to explore new trends.

How much do you expect your organization to change permanently compared to how it was operating before the pandemic?

• 7% – No change. We'll keep doing business as we always have.
• 33% – A bit of change. Some ways of working will shift long term
• 47% – A lot of change. The way we work will be differ in many ways long term. But our business remains...
• 13% – Transformative change. Our fundamental business will be different and we'll be working in new ways.

This year, about half of IT professionals expect a lot of change to the way we work and 13% expect a transformative change with a fundamental shift in their business. Last year, the same percentage expected a lot of change and only 10% expected transformative change.

30% more professionals expect transformative permanent change compared to one year ago.

47% of professionals expect a lot of permanent change; this remains the same as last year. (Info-Tech Tech Trends 2022 Survey)

The pandemic accelerated the speed of digital transformation

With the massive disruption preventing people from gathering, businesses shifted to digital interactions with customers.

Companies also accelerated the pace of creating digital or digitally enhanced products and services.

“The Digital Economy incorporates all economic activity reliant on or significantly enhanced by the use of digital inputs, including digital technologies, digital infrastructure, digital services and data.” (OECD Definition)

IT must enable participation in the digital economy

Consumer spending is tilting more digital.

Consumers have cut back spending on sectors where purchases are mostly made offline. That spending has shifted to digital services and online purchases. New habits formed during the pandemic are likely to stick for many consumers, with a continued shift to online consumption for many sectors.

Purchases on online platforms are projected to rise from 10% today to 33% by 2030.

Estimated online share of consumption

Changing customer expectations pose a risk.

IT practitioners agree that customer expectations are changing. They expect this to be more likely to disrupt their business in the next 12 months than new competition, cybersecurity incidents, or government-enacted policy changes.

Factors likely to disrupt business in next 12 months

This poses a challenge to IT departments below the “expand” level of maturity

CIOs must climb the maturity ladder to help CEOs drive growth.

Most IT departments rated their maturity in the “optimize” or “support” level on Info-Tech’s maturity ladder.

CIOs at the “optimize” level can play a role in digital transformation by improving back-office processes but should aim for a higher mandate.

CIOs achieving at the “expand” level can help directly improve revenues by improving customer-facing products and services, and those at the “transform” level can help fundamentally change the business to create revenue in new ways. CIOs can climb the maturity ladder by enabling new digital capabilities.

Maturity is heading in the wrong direction.

Only half of IT practitioners described their department’s maturity as “transform” compared to last year’s survey, and more than twice the number rated themselves as “struggle.”

48% rate their IT departments as low maturity.

Improve maturity by focusing on key capabilities to compete in the digital economy

Capabilities to unlock digital

Innovation: Identify innovation opportunities and plan how to use technology innovation to create a competitive advantage or achieve improved operational effectiveness and efficiency.

Human Resources Management: Provide a structured approach to ensure optimal planning, evaluation, and development of human resources.

Data Architecture: Manage the business’ data stores, including technology, governance, and people that manage them. Establish guidelines for the effective use of data.

Security Strategy: Define, operate, and monitor a system for information security management. Keep the impact and occurrence of information security incidents within risk appetite levels.

Business Process Controls and Internal Audit: Manage business process controls such as self-assessments and independent assurance reviews to ensure information related to and used by business processes meets security and integrity requirements. (ISACA, 2020)

5 Tech Trends for 2022

In this report, we explore five use cases for emerging technology that can improve on capabilities needed to compete in the digital economy. Use cases combine emerging technologies with new processes and strategic planning.

DIGITAL ECONOMY

TREND 01 | Human Resources Management

HYBRID COLLABORATION
Provide a digital employee experience that is flexible, contextual, and free from the friction of hybrid operating models.

TREND 02 | Security Strategy

BATTLE AGAINST RANSOMWARE
Prevent ransomware infections and create a response plan for a worst-case scenario. Collaborate with relevant external partners to access resources and mitigate risks.

TREND 03 | Business Process Controls and Internal Audit

CARBON METRICS IN ENERGY 4.0
Use internet of things (IoT) and auditable tracking to provide insight into business process implications for greenhouse gas emissions.

TREND 04 | Data Architecture

INTANGIBLE VALUE CREATION
Provide governance around digital marketplace and manage implications of digital currency. Use blockchain technology to turn unique intellectual property into saleable digital products

TREND 05 | Innovation

AUTOMATION AS A SERVICE
Automate business processes and access new sophisticated technology services through platform integration.

Hybrid Collaboration

TREND 01 | HUMAN RESOURCES MANAGEMENT

Provide a digital employee experience that is flexible, contextual, and free from the friction of hybrid operating models.

Emerging technologies:
Intelligent conference rooms; intelligent workflows, platforms

Introduction

Hybrid work models enable productive, diverse, and inclusive talent ecosystems necessary for the digital economy.

Hybrid work models have become the default post-pandemic work approach as most knowledge workers prefer the flexibility to choose whether to work remotely or come into the office. CIOs have an opportunity lead hybrid work by facilitating collaboration between employees mixed between meeting at the office and virtually.

IT departments rose to the challenge to quickly facilitate an all-remote work scenario for their organizations at the outset of the pandemic. Now they must adapt again to facilitate the hybrid work model, which brings new friction to collaboration but also new opportunities to hire a talented, engaged, and diverse workforce.

79% of organizations will have a mix of workers in the office and at home. (Info-Tech Tech Trends 2022 Survey)

35% view role type as a determining factor in the feasibility of the hybrid work model.

Return-to-the-office tensions

Only 18% of employees want to return to the office full-time.

But 70% of employers want people back in the office. (CNBC, April 2021)

Signals

IT delivers the systems needed to make the hybrid operating model a success.

IT has an opportunity to lead by defining the hybrid operating model through technology that enables collaboration. To foster collaboration, companies plan to invest in the same sort of tools that helped them cope during the pandemic.

As 79% of organizations envision a hybrid model going forward, investments into hybrid work tech stacks – including web conferencing tools, document collaboration tools, and team workspaces – are expected to continue into 2022.

Plans for future investment in collaboration technologies

Drivers

COVID-19

Vaccination rates around the world are rising and allowing more offices to welcome back workers because the risk of COVID-19 transmission is reduced and jurisdictions are lifting restrictions limiting gatherings.

Worker satisfaction

Most workers don't want to go to the office full-time. In a Bloomberg poll (2021), almost half of millennial and Gen Z workers say they would quit their job if not given an option to work remotely.

IT spending

Companies are investing more into IT budgets to find ways to support a mix of remote work and in-office resources to cope with work disruption. This extra spending is offset in some cases by companies saving money from having employees work from home some portion of the time. (CIO Dive, 2021)

Risks and Benefits

Benefits

Risks

“We have to be careful what we automate. Do we want to automate waste? If a company is accustomed to having a ton of meetings and their mode in the new world is to move that online, what are you going to do? You're going to end up with a lot of fatigue and disenchantment…. You have to rethink your methods before you think about the automation part of it." (Vijay Sundaram, Chief Strategy Officer, Zoho)

Listen to the Tech Insights podcast: Unique approach to hybrid collaboration

Case Study: Zoho

Situation

Zoho Corp. is a cloud software firm based in Chennai, India. It develops a wide range of cloud software, including enterprise collaboration software and productivity tools. Over the past decade, Zoho has used flexible work models to grant remote work options to some employees.

When the coronavirus pandemic hit, not only did the office have to shut down but also many employees had to relocate back with families in rural areas. The human costs of the pandemic experienced by staff required Zoho to respond by offering counseling services and material support to employees.

Complication

Zoho prides itself as an employee-centric company and views its culture as a community that's purpose goes beyond work. That sense of community was lost because of the disruption caused by the pandemic. Employees lost their social context and their work role models. Zoho had to find a way to recreate that without the central hub of the office or find a way to work with the limitations of it not being possible.

Resolution

To support employees in rural settings, Zoho sent out phones to provide redundant bandwidth. As lockdowns in India end, Zoho is taking a flexible approach and giving employees the option to come to the office. It's seeing more people come back each week, drawn by the strong community.

Zoho supports the hybrid mix of workers by balancing synchronous and asynchronous collaboration. It holds meetings when absolutely necessary through tools like Zoho Meet but tries to keep more work context to asynchronous collaboration that allows people to complete tasks quickly and move on. Its applications are connected to a common platform that is designed to facilitate workflows between employees with context and intelligence. (Interview with Vijay Sundaram, Chief Strategy Officer, Zoho)

“We tend to think of it on a continuum of synchronous to asynchronous work collaboration. It’s become the paramount norm for so many different reasons…the point is people are going to work at different times in different locations. So how do we enable experiences where everyone can participate?" (Jason Brommet, Head of Modern Work and Security Business Group at Microsoft)

Listen to the Tech Insights podcast: Microsoft on the ‘paradox of hybrid work’

Case Study: Microsoft

Situation

Before the pandemic, only 18% of Microsoft employees were working remotely. As of April 1, 2020, they were joined by the other 82% of non-essential workers at the company in working remotely.

As with its own customers, Microsoft used its own software to enable this new work experience, including Microsoft Teams for web conferencing and instant messaging and Office 365 for document collaboration. Employees proved just as productive getting their work done from home as they were working in the office.

Complication

At Microsoft, the effects of firm-wide remote work changed the collaboration patterns of the company. Even though a portion of the company was working remotely before the pandemic, the effects of everyone working remotely were different. Employees collaborated in a more static and siloed way, focusing on scheduled meetings with existing relationships. Fewer connections were made with more disparate parts of the organization. There was also a decrease in synchronous communication and an increase in asynchronous communication.

Resolution

Microsoft is creating new tools to break down the silos in organizations that are grappling with hybrid work challenges. For example, Viva Insights is designed to inform workers about their collaboration habits with analytics. Microsoft wants to provide workers with insights on their collaborative networks and whether they are creating new connections or deepening existing connections. (Interview with Jason Brommet, Head of Modern Work and Security Business Group, Microsoft; Nature Human Behaviour, 2021)

What's Next?

Distributed collaboration space:

International Workplace Group says that more companies are taking advantage of its full network deals on coworking spaces. Companies such as Standard Charter are looking to provide their workers with a happy compromise between working from home and making the commute all the way to the central office. The hub-and-spoke model gives employees the opportunity to work near home and looks to be part of the hybrid operating model mix for many companies. (Interview with Wayne Berger, CEO of IWG Canada & Latin America)

Optimized hybrid meetings:

Facilitating hybrid meetings between employees grouped in the office and remote workers will be a major pain point. New hybrid meeting solutions will provide cameras embedded with intelligence to put boardroom participants into independent video streams. They will also focus on making connecting to the same meeting from various locations as convenient as possible and capture clear and crisp audio from each speaker.

Uncertainties

Mix between office and remote work:

It's clear we're not going to work the way we used to previously with central work hubs, but full-on remote work isn't the right path forward either. A new hybrid work model is emerging, and organizations are experimenting to find the right approach.

Attrition:

Between April and September 2021, 15 million US workers quit their jobs, setting a record pace. Employees seek a renewed sense of purpose in their work, and many won’t accept mandates to go back to the office. (McKinsey, 2021)

Equal footing in meetings:

What are the new best practices for conducting an effective meeting between employees in the office and those who are remote? Some companies ask each employee to connect via a laptop. Others are using conference rooms with tech to group in-office workers together and connect them with remote workers.

Hybrid Collaboration Scenarios

Organizations can plan their response to the hybrid work context by plotting their circumstances across two continuums: synchronous to asynchronous collaboration approach and remote work to central hub work model.

Recommendations

Rethink technology solutions. Don't expect your pre-pandemic videoconference rooms to suffice. And consider how to optimize your facilities and infrastructure for hot-desking scenarios.

Optimize remote work. Shift from the collaboration approach you put together just to get by to the program you'll use to maximize flexibility.

Enable effective collaboration. Enable knowledge sharing no matter where and when your employees work and choose the best collaboration software solutions for your scenario.

Run better meetings. Successful hybrid workplace plans must include planning around hybrid meetings. Seamless hybrid meetings are the result of thoughtful planning and documented best practices.

89% of organizations invested in web conferencing technology to facilitate better collaboration, but only 43% invested in office meeting room solutions. (Info-Tech Tech Trends 2022 Survey)

Info-Tech Resources

• Rethink Technology Solutions
• Optimize Remote Work
• Enable Effective Collaboration
• Run Better Meetings

Battle Against Ransomware

TREND 02 | SECURITY STRATEGY

Prevent ransomware infections and create a response plan for a worst-case scenario. Collaborate with relevant external partners to access resources and mitigate risks.

Emerging technologies:
Open source intelligence; AI-powered threat detection

“It has been a national crisis for some time…. For every [breach] that hits the news there are hundreds that never make it.” (Steve Orrin, Federal Chief Technology Officer, Intel)

Listen to the Tech Insights podcast: Ransomware crisis and AI in military

Introduction

Between 2019 and 2020, ransomware attacks rose by 62% worldwide and by 158% in North America. (PBS NewsHour, 2021)

Security strategies are crucial for companies to control access to their digital assets and confidential data, providing it only to the right people at the right time. Now security strategies must adapt to a new caliber of threat in ransomware to avoid operational disruption and reputational damage.

In 2021, ransomware attacks exploiting flaws in widely used software from vendors Kaseya, SolarWinds, and Microsoft affected many companies and saw record-breaking ransomware payments made to state-sponsored cybercriminal groups.

After a ransomware attack caused Colonial Pipeline to shut down its pipeline operations across the US, the ransomware issue became a topic of federal attention with executives brought before Senate committees. A presidential task force to combat ransomware was formed.

62% of IT professionals say they are more concerned about being a victim of ransomware than they were one year ago. (Info-Tech Tech Trends 2022 Survey)

$70 million demanded by REvil gang in ransom to unlock firms affected by the Kaseya breach. (TechRadar, 2021)

Signals

Organizations are taking a multi-faceted approach to preparing for the event of a ransomware breach.

The most popular methods to prepare for ransomware are to buy an insurance policy or create offline backups and redundant systems. Few are making an effort to be aware of free decryption tools, and only 2% admit to budgeting to pay ransoms.

44% of IT professionals say they spent time and money specifically to prevent ransomware over the past year. (Info-Tech Tech Trends 2022 Survey)

Approaches to prepare for ransomware

(Info-Tech Tech Trends 2022 Survey)

Drivers

National security concerns

Attacks on US infrastructure and government agencies have prompted the White House to treat ransomware as a matter of national security. The government stance is that Russia supports the attacks. The US is establishing new mechanisms to address the threat. Plans include new funding to support ransomware response, a mandate for organizations to report incidents, and requirements for organizations to consider the alternatives before paying a ransom. (Institute for Security and Technology, 2021)

Advice from cybersecurity insurance providers

Increases in ransom payouts have caused cybersecurity insurance providers to raise premiums and put in place more security requirements for policyholders to try and prevent ransomware infection. However, when clients are hit with ransomware, insurance providers advise to pay the ransom as it's usually the cheapest option. (ProPublica, 2019)

Reputational damage

Ransomware attacks also often include a data breach event with hackers exfiltrating the data before encrypting it. Admitting a breach to customers can seriously damage an organization's reputation as trustworthy. Organizations may also be obligated to pay for credit protection of their customers. (Interview with Frank Trovato, Research Director – Infrastructure, Info-Tech Research Group)

Risks and Benefits

Benefits

Risks

Case Study: Victim to ransomware

Situation

In February 2020, a large organization found a ransomware note on an admin’s workstation. They had downloaded a local copy of the organization’s identity management database for testing and left a port open on their workstation. Hackers exfiltrated it and encrypted the data on the workstation. They demanded a ransom payment to decrypt the data.

Complication

Because private information of employees and customers was breached, the organization decided to voluntarily inform the state-level regulator. With 250,000 accounts affected, plans were made to require password changes en masse. A public announcement was made two days after the breach to ensure that everyone affected could be reached.

The organization decided not to pay the ransom because it didn’t need the data back, since it had a copy on an unaffected server.

Resolution

After a one-day news cycle for the breach, the story about the ransom was over. The organization also received praise for handling the situation well and quickly informing stakeholders.

The breach motivated the organization to put more protections in place. It implemented a deny-by-default network and turned off remote desktop protocol and secure shell. It mandated multi-factor authentication and put in a new endpoint-detection and response system. (Interview with CIO of large enterprise)

What's Next

AI for cybersecurity:

New endpoint protections using AI are being deployed to help defend against ransomware and other cybersecurity intrusions. The solutions focus on the prevention and detection of ransomware by learning about the expected behavior of an environment and then detecting anomalies that could be attack attempts. This type of approach can be applied to everything from reading the contents of an email to helping employees detect phishing attempts to lightweight endpoint protection deployed to an Internet of Things device to detect an unusual connection attempt.

Unfortunately, AI is a tool available to both the cybersecurity industry and hackers. Examples of hackers tampering with cybersecurity AI to bypass it have already surfaced. (Forbes, 23 Sept. 2021)

Uncertainties

Government response:

In the US, the Ransomware Task Force has made recommendations to the government but it's not clear whether all of them will be followed. Other countries such as Russia are reported to be at least tolerating ransomware operations if not supporting them directly with resources.

Supply chain security:

Sophisticated attacks using zero-day exploits in widely used software show that organizations simply can't account for every potential vulnerability.

Arms escalation:

The ransomware-as-a-service industry is doing good business and finding new ways to evade detection by cybersecurity vendors. New detection techniques involving AI are being introduced by vendors, but will it just be another step in the back-and-forth game of one-upmanship? (Interview with Frank Trovato)

Battle Against Ransomware Scenarios

Determine your organization’s threat profile for ransomware by plotting two variables: the investment made in cybersecurity and the sophistication level of attacks that you should be prepared to guard against.

Recommendations

Create a ransomware incident response plan. Assess your current security practices and identify gaps. Quantify your ransomware risk to prioritize investments and run tabletop planning exercises for ransomware attacks.

Reduce your exposure to ransomware. Focus on securing the frontlines by improving phishing awareness among staff and deploying AI tools to help flag attacks. Use multi-factor authentication. Take a zero-trust approach and review your use of RDP, SSH, and VPN.

Require security in contracts. Security must be built into vendor contracts. Government contracts are now doing this, elevating security to the same level as functionality and support features. This puts money incentives behind improving security. (Interview with Intel Federal CTO Steve Orrin)

42% of IT practitioners feel employees must do much more to help defend against ransomware. (Info-Tech Tech Trends 2022 Survey)

Info-Tech Resources

• Create a Ransomware Incident Response Plan
• Defend Against the Evolving Threat of Ransomware

Carbon Metrics in Energy 4.0

TREND 03 | BUSINESS PROCESS CONTROLS AND INTERNAL AUDIT

Use Internet of Things (IoT) and auditable tracking to provide insight into business process implications for greenhouse gas emissions.

Emerging technologies:
IoT

Introduction

Making progress towards a carbon-neutral future.

A landmark report published in 2021 by the United Nations Intergovernmental Panel on Climate Change underlines that human actions can still determine the future course of climate change. The report calls on governments, individuals, and organizations to stop putting new greenhouse gas emissions into the atmosphere no later than 2050, and to be at the halfway point to achieving that by 2030.

With calls to action becoming more urgent, organizations are making plans to reduce the use of fossil fuels, move to renewable energy sources, and reduce consumption that causes more emissions downstream. As both voluntary and mandatory regulatory requirements task organizations with reducing emissions, they will first be challenged to accurately measure the size of their footprint.

CIOs in organizations are well positioned to make conscious decisions to both influence how technology choices impact carbon emissions and implement effective tracking of emissions across the entire enterprise.

Canada’s CIO strategy council is calling on organizations to sign a “sustainable IT pledge” to cut emissions from IT operations and supply chain and to measure and disclose emissions annually. (CIO Strategy Council, Sustainable IT Pledge)

SCOPE 3 – Indirect Consumption

• Goods and services
• Fuel, travel, distribution
• Waste, investments, leased assets, employee activity

SCOPE 2 – Indirect Energy

• Electricity
• Heat and cooling

SCOPE 1 – Direct

• Facilities
• Vehicles

Signals

Emissions tracking requires a larger scope.

About two-thirds of organizations have a commitment to reduce greenhouse gas emissions. When asked about what tactics they use to reduce emissions, the most popular options affect either scope 1 emissions (retiring older IT equipment) or scope 2 emissions (using renewable energy sources). Fewer are using tactics that would measure scope 3 emissions such as using IoT to track or using software or AI.

68% of organizations say they have a commitment to reduce greenhouse gas emissions. (Info-Tech Tech Trends 2022 Survey)

Approaches to reducing carbon emissions

(Info-Tech Tech Trends 2022 Survey)

Drivers

Investor pressure

The world’s largest asset manager, at $7 trillion in investments, says it will move away from investing in firms that are not aligned to the Paris Agreement. (The New York Times, 2020)

Compliance tipping point

International charity CDP has been collecting environmental disclosure from organizations since 2002. In 2020, more than 9,600 of the world’s largest companies – representing over 50% of global market value – took part. (CDP, 2021)

International law

In 2021, six countries have net-zero emissions policies in law, six have proposed legislations, and 20 have policy documents. (Energy & Climate Intelligence Unit, 2021)

Employee satisfaction

In 2019, thousands of workers walked out of offices of Amazon, Google, Twitter, and Microsoft to demand their employers do more to reduce carbon emissions. (NBC News, 2021)

High influence factors for carbon reduction

• 25% – New government laws or policies
• 9% – External social pressures
• 9% – Pressure from investors
• 8% – International climate compliance efforts
• 7% – Employee satisfaction

(Info-Tech Tech Trends 2022 Survey)

Risks and Benefits

Benefits

Risks

“When you can take technology and embed that into management change decisions that impact the environment, you can essentially guarantee that [greenhouse gas] offset. Companies that are looking to reduce their emissions can buy those offsets and it creates value for everybody.” (Wade Barnes, CEO and founder of Farmers Edge)

Listen to the Tech Insights podcast: The future of farming is digital

Case Study

Situation

The Alberta Technology Innovation and Emissions Reduction Regulation is Alberta’s approach to reduce emissions from large industrial emitters. It prices GHG and provides a trading system.

No-till farming and nitrogen management techniques sequester up to 0.3 metric tons of GHG per year.

Complication

Farmers Edge offers farmers a digital platform that includes IoT and a unified data warehouse. It can turn farm records into digital environmental assets, which are aggregated and sold to emitters.

Real-time data from connected vehicles, connected sensors, and other various inputs can be verified by third-party auditors.

Resolution

Farmers Edge sold aggregated carbon offsets to Alberta power producer Capital Power to help it meet regulatory compliance.

Farmers Edge is expanding its platform to include farmers in other provinces and in the US, providing them opportunity to earn revenue via its Smart Carbon program.

The firm is working to meet standards outlined by the U.S. Department of Agriculture’s Natural Resources Conservation Service. (Interview with Wade Barnes, CEO, Farmers Edge)

What's Next

Global standards:

The International Sustainability Standards Board (ISSB) has been formed by the International Financial Reporting Standards Foundation and will have its headquarters location announced in November at a United Nations conference. The body is already governing a set of global standards that have a roadmap for development through 2023 through open consultation. The standards are expected to bring together the multiple frameworks for sustainability standards and offer one global set of standards. (Business Council of Canada, 2021)

CIOs take charge:

The CIO is well positioned to take the lead role on corporate sustainability initiatives, including measuring and reducing an organization’s carbon footprint (or perhaps even monetizing carbon credits for an organization that is a negative emitter). CIOs can use their position as facilities managers and cross-functional process owners and mandate to reduce waste and inefficiency to take accountability for this important role. CIOs will expand their roles to deliver transparent and auditable reporting on environmental, social, and governance (ESG) goals for the enterprise.

Uncertainties

International resolve:

Fighting the climate crisis will require governments and private sector collaboration from around the world to commit to creating new economic structures to discourage greenhouse gas emissions and incentivize long-term sustainable thinking. If some countries or private sector forces continue to prioritize short-term gains over sustainability, the U.N.’s goals won’t be achieved and the human costs as a result of climate change will become more profound.

Cap-and-trade markets:

Markets where carbon credits are sold to emitters are organized by various jurisdictions around the world and have different incentive structures. Some are created by governments and others are voluntary markets created by industry. This type of organization for these markets limits their size and makes it hard to scale the impact. Organizations looking to sell carbon credits at volume face the friction of having to navigate different compliance rules for each market they want to participate in.

Carbon Metrics in Energy 4.0 Scenarios

Determine your organization’s approach to measuring carbon dioxide and other greenhouse gas emissions by considering whether your organization is likely to be a high emitter or a carbon sink. Also consider your capability to measure and report on your carbon footprint.

Recommendations

Measure the whole footprint. Devise a plan to measure scope 1, 2, and 3 greenhouse gas emissions at a level that is auditable by a third party.

Gauge the impact of Industry 4.0. New technologies in Industry 4.0 include IoT, additive manufacturing, and advanced analytics. Make sustainability a core part of your focus as you plan out how these technologies will integrate with your business.

Commit to net zero. Make a clear commitment to achieve net-zero emissions by a specific date as part of your organization’s core strategy. Take a continuous improvement approach to make progress towards the goal with measurable results.

New laws from governments will have the highest degree of influence on an organization’s decision to reduce emissions. (Info-Tech Tech Trends 2022 Survey)

Info-Tech Resources

• Durable Goods Manufacturing Industry 4.0 Report
• Getting to Zero
• Green IT Is Now a Key Component of Sustainability and Competitiveness

Intangible Value Creation

TREND 04 | DATA ARCHITECTURE

Use blockchain technology to turn unique intellectual property into saleable digital products. Provide governance around marketplaces where sales are made.

Emerging technologies:
Blockchain, Distributed Ledger Technology, Virtual Environments

Introduction

Decentralized technologies are propelling the digital economy.

As the COVID-19 pandemic has accelerated our shift into virtual social and economic systems, blockchain technology poses a new technological frontier – further disrupting digital interactions and value creation by providing a modification of data without relying on third parties. New blockchain software developments are being used to redefine how central banks distribute currency and to track provenance for scarce digital assets.

Tokenizing the blockchain

Non-fungible tokens (NFTs) are distinct cryptographic tokens created from blockchain technology. The rarity systems in NFTs are redefining digital ownership and being used to drive creator-centric communities.

Not crypto-currency, central currency

Central Bank Digital Currencies (CBDC) combine the same architecture of cryptocurrencies built on blockchain with the financial authority of a central bank. These currencies are not decentralized because they are controlled by a central authority, rather they are distributed systems. (Decrypt, 2021)

80% of banks are working on a digital currency. (Atlantic Council, 2021)

Brands that launched NFTs

NBA, NFL, Formula 1, Nike, Stella Artois, Coca-Cola, Mattel, Dolce & Gabbana, Ubisoft, Charmin

Banks that launched digital currencies

The Bahamas, Saint Kitts and Nevis, Antigua and Barbuda, Saint Lucia, Grenada

Signals

ID on the blockchain

Blockchains can contain smart contracts that automatically execute given specific conditions, protecting stakeholders involved in a transaction. These have been used by central banks to automate when and how currency can be spent and by NFT platforms to attribute a unique identity to a digital asset. Automation and identity verification are the most highly valued digital capabilities of IT practitioners.

$69.3 million – The world’s most expensive NFT artwork sale, for Beeple’s “Everydays: The First 5,000 Days” (The New York Times, Mar. 2021)

Digital capabilities that provide high value to the organization

(Info-Tech Tech Trends 2022 Survey)

Drivers

Financial autonomy

Central banks view cryptocurrencies as "working against the public good" and want to maintain control over their financial system to maintain the integrity of payments and provide financial crime oversight and protections against money laundering. (Board of Governors of the Federal Reserve System, 2021)

Bitcoin energy requirements and greenhouse gas emissions

Annual energy consumption of the Bitcoin blockchain in China is estimated to peak in 2024 at 297 TwH and generate 130.5 million metric tons of carbon emissions. That would exceed the annual GHG of the Czech Republic and Qatar and rank in the top 10 among 182 cities and 42 industrial sectors in China. This is motiving cryptocurrency developers and central banks to move away from the energy-intensive "Proof of Work" mining approach and towards the "Proof of Stake" approach. (Nature Communications, 2021)

Digital communities

During the pandemic, people spent more time exploring digital spaces and interacting in digital communities. Asset ownership within those communities is a way for individuals to show their own personal investment in the community and achieve a status that often comes with additional privileges. The digital assets can also be viewed as an investment vehicle or to gain access to exclusive experiences.

“The pillars of the music economy have always been based on three things that the artist has never had full control of. The idea of distribution is freed up. The way we are going to connect to fans in this direct to fan value prop is very interesting. The fact we can monetize it, and that money exchange, that transaction is immediate. And on a platform like S!NG we legitimately have a platform to community build…. Artists are getting a superpower.” (Raine Maida, Chief Product Officer, S!NG Singer, Our Lady Peace)

Listen to the Tech Insights podcast: Raine Maida's startup is an NFT app for music

Case Study

Situation

Artists can create works and distribute them to a wide audience more easily than ever with the internet. Publishing a drawing or a song to a website allows it to be infinitely copied. Creators can use social media accounts and digital advertisements to build up a fan base for their work and monetize it through sales or premium-access subscriber schemes.

Complication

The internet's capacity for frictionless distribution is a boon and a burden for artists at the same time. Protecting copyright in a digital environment is difficult because there is no way to track a song or a picture back to its creator. This devalues the work because it can be freely exchanged by users.

Resolution

S!NG allows creators to mint their works with a digital token that stamps its origin to the file and tracks provenance as it is reused and adapted into other works. It uses the ERC 721 standard on the Ethereum blockchain to create its NFT tokens. They are portable files that the user can create for free on the S!NG platform and are interoperable with other digital token platforms. This enables a collaboration utility by reducing friction in using other people's works while giving proper attribution. Musicians can create mix tracks using the samples of others’ work easily and benefit from a smart-contract-based revenue structure that returns money to creators when sales are made. (Interview with Geoff Osler and Raine Maida, S!NG Executives)

Risks and Benefits

Benefits

Risks

What's Next

Into the Metaverse:

Digital tokens are finding new utility in virtual environments known as the Metaverse. Decentraland is an example of a virtual reality environment that can be accessed via a web browser. Based on the Ethereum blockchain, it's seen sales of virtual land plots for hundreds of thousands of dollars. Sotheby's is one buyer, building a digital replica of its New Bond Street gallery in London, complete with commissionaire Hans Lomuldur in avatar form to greet visitors. The gallery will showcase and sell Sotheby's digital artworks. (Artnet News, 2021)

Bitcoin as legal tender:

El Salvador became the first country in the world to make Bitcoin legal tender in September 2021. The government intended for this to help citizens avoid remittance fees when receiving money sent from abroad and to provide a way for citizens without bank accounts to receive payments. Digital wallet Chivo launched with technical glitches and in October a loophole that allowed “price scalping” had to be removed to stop speculators from using the app to trade for profit. El Salvador’s experiment will influence whether other countries consider using Bitcoin as legal tender. (New Scientist, 2021)

Uncertainties

Stolen goods at the mint:

William Shatner complained that Twitter account @tokenizedtweets had taken his content without permission and minted tokens for sale. In doing so, he pointed out there’s no guarantee a minted digital asset is linked to the creator of the attached intellectual property.

Decentralized vs. distributed finance:

Will blockchain-based markets be controlled by a single platform operator or become truly open? For example, Dapper Labs centralizes the minting of NFTs on its Flow blockchain and controls sales through its markets. OpenSea allows NFTs minted elsewhere to be brought to the platform and sold.

Supply and demand:

Platforms need to improve the reliability of minting technology to create tokens in the future. Ethereum's network is facing more demand than it can keep up with and requires future upgrades to improve its efficiency. Other platforms that support minting tokens are also awaiting upgrades to be fully functional or have seen limited NFT projects launched on their platform.

Intangible Value Creation Scenarios

Determine your organization’s strategy by considering the different scenarios based on two main factors. The design decisions are made around whether digital assets are decentralized or distributed and whether the assets facilitate transactions or collections.

Recommendations

Determine your role in the digital asset ecosystem.

• Becoming a platform provider for digital tokens will require a minting capability to create blockchain-based assets and a marketplace for users to exchange them.
• Issuing digital tokens to a platform through a sale will require making partnerships and marketing.
• Investing in digital assets will require management of digital wallets and subject-matter expert analysis of the emerging markets.

Track the implications of digital currencies.

Track what your country’s central bank is planning for digital currency and determine if you’ll need to prepare to support it. Be informed about payment partner support for cryptocurrency and consider any complications that may introduce.

$1 billion+ – The amount of cryptocurrency spent by consumers globally through crypto-linked Visa cards in first half of 2021. (CNBC, July 2021)

Info-Tech Resources

• Demystify Blockchain: How Can It Bring Value to Your Organization?
• The Obvious Case: Blockchain in Financial Services
• Build a Platform-Based Organization

Automation as a Service

TREND 05 | INNOVATION

Automate business processes and access new sophisticated technology services through platform integration.

Emerging technologies:
Cloud platforms, APIs, Generative AI

Introduction

The glue for innovation

Rapidly constructing a business model that is ready to compete in a digital economy requires continuous innovation. Application programming interfaces (APIs) can accelerate innovation by unlocking marketplaces of ready-to-use solutions to business problems and automating manual tasks to make more time for creativity. APIs facilitate a microarchitecture approach and make it possible to call upon a new capability with a few lines of code. This is not a new tool, as the first API was specified in 1951, but there were significant advances of both scale and capability in this area in 2021.

In the past 18 months, API adoption has exploded and even industries previously considered as digital laggards are now integrating them to reinvent back-office processes. Technology platforms specializing in API management are attracting record-breaking investment. And sophisticated technology services such as artificial intelligence are being delivered by APIs.

APIs can play a role in every company’s digital strategy, from transforming back-office processes to creating revenue as part of a platform.

$500,000 was invested in API companies in 2016. (Forbes, May 2021)

$2,000,000,000+ was invested in API companies in 2020. (Forbes, May 2021)

69% of IT practitioners say digital transformation has been a high priority for their organization during the pandemic. (Info-Tech Tech Trends 2022 Survey)

51% of developers used more APIs in 2020 than in 2019. (InsideHPC, 2021)

71% of developers planned to use even more APIs in 2021. (InsideHPC, 2021)

Signals

IT practitioners indicate that digital transformation was a strong focus for their organization during the pandemic and will remain so during the period afterwards, and one-third say their organizations were “extremely focused” on digital transformation.

When it came to shifting processes from being done manually to being completed digitally, more than half of IT practitioners say they shifted at least 21% of their processes during the past year. More than one in five say that at least 60% of their processes were shifted from manual to digital in the past year.

3.5 trillion calls were performed on API management platform Apigee, representing a 50% increase year over year. (SiliconANGLE, 2021)

Processes shifted from manual to digital in the past year

Drivers

Covid-19

The pandemic lockdowns pushed everyone into a remote-work scenario. With in-person interaction not an option, even more traditional businesses had to adapt to digital processes.

Customer Expectations

The success of digital services in the consumer space is causing expectations to rise in other areas, such as professional services. Consumers now want their health records to be portable and they want to pay their lawyer through e-transfer, not by writing a cheque. (Interview with Mik Lernout)

Standardization

Technology laggard industries such as legal and healthcare are recognizing the pain of working with siloed systems. New standardization efforts are driving the adoption of open APIs at a rapid rate. (Interview with Jennifer Jones, Research Director – Industry, Info-Tech Research Group)

Risks and Benefits

Benefits

Risks

“When we think about what the pandemic did, we had this internal project called 'back to the future.' It kind of put the legal industry in a time machine and it kind of accelerated the legal industry 5, maybe even 10 years. A lot of the things we saw with the innovators became table stakes.” (Mik Lernout, Vice President of Product, Clio)

Listen to the Tech Insights podcast: Clio drives digital transformation to redefine the legal industry

Case Study

Situation

The COVID-19 pandemic required the legal industry to shift to remote work. A typically change-resistant industry was now holding court hearings over videoconference, taking online payments, and collecting e-signatures on contracts. For Clio, a software-as-a-service software vendor that serves the legal industry, its client base grew and its usage increased. It previously focused on the innovators in the legal industry, but now it noticed laggards were going digital too.

Complication

Law firms have very different needs depending on their legal practice area (e.g. family law, corporate law, or personal injury) and what jurisdiction they operate in.

Clients are also demanding more from their lawyers in terms of service experience. They don't want to travel to the law office to drop off a check but expect digital interactions on par with service they receive in other areas.

Resolution

Since its inception, Clio built its software product so that all of its functions could be called upon by an API as well. It describes its platform as the "operating system for the legal industry." Its API functions include capabilities like managing activities, billing, and contracts. External developers can submit applications to the Clio Marketplace to add new functionality. Its platform approach enables it to find solutions for its 150,000+ users. During the pandemic, Clio saw its customers rely on its APIs more than ever before. It expects this accelerated adoption to be the way of working in the future. (ProgrammableWeb, 2021; Interview with Mik Lernout)

What's Next

GOOGLE’S API-FIRST APPROACH:

Google is expanding its Apigee API management platform so enterprises will be able to connect existing data and applications and access them via APIs. It's part of Google's API-first approach to digital transformation, helping enterprises with their integration challenges. The new release includes tools and a framework that's needed to integrate services in this way and includes pre-built connectors for common business apps and services such as Salesforce, Cloud SQL, MySQL, and BigQuery. (SiliconANGLE, 2021)

Uncertainties

API SECURITY:

APIs represent another potential vulnerability for hackers to exploit and the rise in popularity has come with more security incidents. Companies using APIs have leaked data through APIs, with one research report on the state of API security finding that 91% of organizations have suffered an API security incident. Yet more than a quarter of firms running production APIs don’t have an API security strategy. (VentureBeat, 2021)

For low IT maturity organizations moving onto platforms that introduce API capabilities, education is required about the consequences of creating more integrations. Platforms must bear some responsibility for monitoring for irregular activity. (Interview with Mik Lernout)

Automation as a Service Scenarios

Determine your organization’s platform strategy from the basis of your digital maturity – from that of a laggard to a native – and whether it involves monetized APIs vs. freely available public APIs. A strategy can include both the consumption of APIs and the creation of them.

Recommendations

Leverage APIs to connect your systems. Create a repeatable process to improve the quality, reusability, and governance of your web APIs.

Transform your business model with digital platforms. Use the best practices of digital native enterprises and leverage your core assets to compete in a digital economy.

Deliver sophisticated new capabilities with APIs. Develop an awareness of new services made available through API integration, such as artificial intelligence, and take advantage of them.

4.5 billion words per day generated by the OpenAI natural language API GPT-3, just nine months after launch. (OpenAI, 2021)

Info-Tech Resources

• Develop APIs That Work Properly for the Organization
• Build a Data Integration Strategy
• Design Data-as-a-Service

Behind the design

Inspiration provided by the golden ratio

The golden ratio has long fascinated humans for its common occurrence in nature and inspired artists who adopted its proportions as a guiding principle for their creations. A new discovery of the golden ratio in economic cycles was published in August 2021 by Bert de Groot, et al. As the boundaries of value creation blur between physical and digital and the pace of change accelerates, these digital innovations may change our lives in many ways. But they are still bound by the context of the structure of the economy. Hear more about this surprising finding from de Groot and from this report’s designer by listening to our podcast. (Technological Forecasting and Social Change, 2021)

“Everything happening will adapt itself into the next cycle, and that cycle is one phi distance away.” (Bert de Groot, professor of economics at Erasmus University Rotterdam)

Listen to the Tech Insights podcast: New discovery of the golden ratio in the economy

Contributing Experts

Vijay Sundaram Chief Strategy Officer, Zoho		Jason Brommet Head of Modern Work and Security Business Group, Microsoft
Steve Orrin Federal Chief Technology Officer, Intel		Wade Barnes CEO and Founder, Farmers Edge

Contributing Experts

Raine Maida Chief Product Officer, S!NG Singer, Our Lady Peace		Geoff Osler CEO, S!NG
Mik Lernout Vice President of Product, Clio		Bert de Groot Professor of Economics, Erasmus University Rotterdam

Bibliography – Enabling the Digital Economy

“2021 Canada Dealer Financing Satisfaction Study.” J.D. Power, 13 May 2021. Accessed 27 May 2021.

Brown, Sara. “The CIO Role Is Changing. Here’s What’s on the Horizon.” MIT Sloan, 2 Aug. 2021. Accessed 16 Aug. 2021.

de Groot, E. A., et al. “Disentangling the Enigma of Multi-Structured Economic Cycles - A New Appearance of the Golden Ratio.” Technological Forecasting and Social Change, vol. 169, Aug. 2021, pp. 120793. ScienceDirect, https://doi.org/10.1016/j.techfore.2021.120793.

Hatem, Louise, Daniel Ker, and John Mitchell. “Roadmap toward a common framework for measuring the Digital Economy.” Report for the G20 Digital Economy Task Force, OECD, 2020. Accessed 19 Oct. 2021.

LaBerge, Laura, et al. “How COVID-19 has pushed companies over the technology tipping point—and transformed business forever.” McKinsey, 5 Oct. 2020. Accessed 14 June 2021.

Pomeroy, James. The booming digital economy. HSBC, Sept. 2020. Web.

Salman, Syed. “Digital Transformation Realized Through COBIT 2019.” ISACA, 13 Oct. 2020. Accessed 25 Oct. 2021.

Bibliography – Hybrid Collaboration

De Smet, Aaron, et al. “Getting Real about Hybrid Work.” McKinsey Quarterly, 9 July 2021. Web.

Herskowitz, Nicole. “Brace Yourselves: Hybrid Work Is Hard. Here’s How Microsoft Teams and Office 365 Can Help.” Microsoft 365 Blog, 9 Sept. 2021. Web.

Melin, Anders, and Misyrlena Egkolfopoulou. “Employees Are Quitting Instead of Giving Up Working From Home.” Bloomberg, 1 June 2021. Web.

Spataro, Jared. “Microsoft and LinkedIn Share Latest Data and Innovation for Hybrid Work.” The Official Microsoft Blog, 9 Sept. 2021. Web.

Subin, Samantha. “The new negotiation over job benefits and perks in post-Covid hybrid work.” CNBC, 23 Apr. 2021. Web.

Torres, Roberto. “How to Sidestep Overspend as Hybrid Work Tests IT.” CIO Dive, 26 July 2021. Accessed 16 Sept. 2021.

Wong, Christine. “How the hybrid workplace will affect IT spending.” ExpertIP, 15 July 2021. Web.

Yang, Longqi, et al. “The Effects of Remote Work on Collaboration among Information Workers.” Nature Human Behaviour, Sept. 2021, pp. 1-12. Springer Nature, https://doi.org/10.1038/s41562-021-01196-4.

Bibliography – Battle Against Ransomware

Berg, Leandro. “RTF Report: Combatting Ransomware.” Institute for Security and Technology (IST), 2021. Accessed 21 Sept. 2021.

Dudley, Renee. “The Extortion Economy: How Insurance Companies Are Fueling a Rise in Ransomware Attacks.” ProPublica, 27 Aug. 2019. Accessed 22 Sept. 2021.

Durbin, Steve. “Council Post: Artificial Intelligence: The Future Of Cybersecurity?” Forbes, 23 Sept. 2021. Accessed 21 Oct. 2021.

“FACT SHEET: Ongoing Public U.S. Efforts to Counter Ransomware.” The White House, 13 Oct. 2021. Web.

Jeffery, Lynsey, and Vignesh Ramachandran. “Why ransomware attacks are on the rise — and what can be done to stop them.” PBS NewsHour, 8 July 2021. Web.

McBride, Timothy, et al. Data Integrity: Recovering from Ransomware and Other Destructive Events. NIST Special Publication (SP) 1800-11, National Institute of Standards and Technology, 22 Sept. 2020. NIST Computer Security Resource Center (CSRC), https://doi.org/10.6028/NIST.SP.1800-11.

Mehrotra, Karitkay, and Jennifer Jacobs. “Crypto Channels Targeted in Biden’s Fight Against Ransomware.” BNN Bloomberg, 21 Sept. 2021. Web.

Sharma, Mayank. “Hackers demand $70m ransom after executing massive Solar Winds-like attack.” TechRadar, 5 July 2021. Web.

“Unhacked: 121 Tools against Ransomware on a Single Website.” Europol, 26 July 2021. Web.

Bibliography – Carbon Metrics in Energy 4.0

“The A List 2020.” CDP, 2021. Web.

Baazil, Diedrik, Hugo Miller, and Laura Hurst. “Shell loses climate case that may set precedent for big oil.” Australian Financial Review, 27 May 2021. Web.

“BlackRock’s 2020 Carbon Footprint.” BlackRock, 2020. Accessed 25 May 2021.

“CDP Media Factsheet.” CDP, n.d. Accessed 25 May 2021.

Glaser, April, and Leticia Miranda. “Amazon workers demand end to pollution hitting people of color hardest.” NBC News, 24 May 2021. Accessed 25 May 2021.

Little, Mark. “Why Canada should be the home of the new global sustainability standards board.” Business Council of Canada, 1 Oct. 2021. Accessed 22 Oct. 2021.

McIntyre, Catherine. “Canada vying for global headquarters to oversee sustainable-finance standards.” The Logic, 22 July 2021. Web.

“Net Zero Scorecard.” Energy & Climate Intelligence Unit, 2021. Accessed 25 May 2021.

Sayer, Peter. “Greenhouse gas emissions: The next big issue for CIOs.” CIO, 13 Oct. 2021. Web.

“Scope 1 and Scope 2 Inventory Guidance.” US EPA, OAR. 14 Dec. 2020. Web.

Sorkin, Andrew Ross. “BlackRock C.E.O. Larry Fink: Climate Crisis Will Reshape Finance.” The New York Times, 14 Jan. 2020. Web.

“Sustainable IT Pledge.” CIO Strategy Council, 2021. Accessed 22 Oct. 2021.

Bibliography – Intangible Value Creation

Areddy, James T. “China Creates Its Own Digital Currency, a First for Major Economy.” Wall Street Journal, 5 Apr. 2021. Web.

Boar, Codruta, et al. Impending arrival - a sequel to the survey on central bank digital currency. BIS Papers No 107, Jan. 2020. Web.

Brainard, Lael. “Speech by Governor Brainard on Private Money and Central Bank Money as Payments Go Digital: An Update on CBDCs.” Board of Governors of the Federal Reserve System, 24 May 2021. Accessed 28 May 2021.

Howcroft, Elizabeth, and Ritvik Carvalho. “How a 10-second video clip sold for $6.6 million.” Reuters, 1 Mar. 2021. Web.

“Central Bank Digital Currency Tracker.” Atlantic Council, 2021. Accessed 10 Sept. 2021.

“Expert Comment From Warwick Business School: Problems With El Salvador’s Bitcoin Experiment Are Unsurprising.” Mondo Visione, 8 Sept. 2021. Accessed 10 Sept. 2021.

Goldstein, Caroline. “In Its Ongoing Bid to Draw Crypto-Collectors, Sotheby’s Unveils a Replica of Its London H.Q. in the Blockchain World Decentraland.” Artnet News, 7 June 2021. Web.

Hamacher, Adriana. “Taco Bell to Charmin: 10 Big Brands Jumping On The NFT Bandwagon.” Decrypt, 22 Mar. 2021. Web.

Hazan, Eric, et al. “Getting tangible about intangibles: The future of growth and productivity?” McKinsey. 16 June 2021. Web.

Bibliography – Intangible Value Creation

Herrera, Pedro. “Dapp Industry Report: Q3 2021 Overview.” DappRadar, 1 Oct. 2021. Web.

Holland, Frank. “Visa Says Crypto-Linked Card Usage Tops $1 Billion in First Half of 2021.” CNBC, 7 July 2021. Web.

Jiang, Shangrong, et al. “Policy Assessments for the Carbon Emission Flows and Sustainability of Bitcoin Blockchain Operation in China.” Nature Communications, vol. 12, no. 1, Apr. 2021, p. 1938. Springer Nature, https://doi.org/10.1038/s41467-021-22256-3.

Reyburn, Scott. “JPG File Sells for $69 Million, as ‘NFT Mania’ Gathers Pace.” The New York Times, 11 Mar. 2021. Web.

Taylor, Luke. “Bitcoin: El Salvador’s Cryptocurrency Gamble Hit by Trading Loophole.” New Scientist, 25 Oct. 2021. Web.

Bibliography – Automation as a Service

Belsky, Scott. “The Furry Lisa, CryptoArt, & The New Economy Of Digital Creativity.” Medium, 21 Feb. 2021. Web.

Culbertson, Joy. “10 Top Law APIs.” ProgrammableWeb, 14 Feb. 2021. Web.

Caballar, Rina Diane. “Programming by Voice May Be the Next Frontier in Software Development - IEEE Spectrum.” IEEE Spectrum: Technology, Engineering, and Science News, 22 Mar 2021. Accessed 23 Mar. 2021.

Gonsalves, Chris. “The Problem with APIs.” VentureBeat, 7 May 2021. Web.

Graca, Joao. “Council Post: How APIs Are Democratizing Access To AI (And Where They Hit Their Limits).” Forbes, 24 Sept 2021. Accessed 28 Sept. 2021.

Harris, Tony. “What is the API Economy?” API Blog: Everything You Need to Know, 4 May 2021. Web.

Kitsing, Meelis. Scenarios for Digital Platform Ecosystems, 2020, pp. 453-57. ResearchGate, https://doi.org/10.1109/ICCCS49078.2020.9118571.

Pilipiszyn, Ashley. “GPT-3 Powers the Next Generation of Apps.” OpenAI, 25 Mar. 2021. Web.

Rethans, John. “So You Want to Monetize Your APIs?” APIs and Digital Transformation, 29 June 2018. Web.

Bibliography – Automation as a Service

Salyer, Patrick. “API Stack: The Billion Dollar Opportunities Redefining Infrastructure, Services & Platforms.” Forbes, 4 May 2021. Accessed 27 Oct. 2021.

staff. “RapidAPI Raises $60M for Expansion of API Platform.” InsideHPC, 21 Apr. 2021. Web.

Taulli, Tom. “API Economy: Is It The Next Big Thing?” Forbes, 18 Jan. 2021. Accessed 5 May 2021.

Warren, Zach. “Clio Taking 2021 Cloud Conference Virtual, Announces New Mission Among Other News.” Legaltech News, 11 Mar. 2021. Web.

Wheatley, Mike. “Google Announces API-First Approach to Application Data Integration with Apigee.” SiliconANGLE, 28 Sept. 2021. Web.

About the research

Tech trends survey

As part of its research process for the 2022 Tech Trends Report, Info-Tech Research Group conducted an open online survey among its membership and wider community of professionals. The survey was fielded from August 2021 to September 2021, collecting 475 responses.

The underlying metrics are diverse, capturing 14 countries and regions and 16 Industries.

Industry

Department

Role

IT Spend

Respondents on average spent 35 million per year on their IT budget.

Accounting for the outlier responses – the median spend sits closer to 4.5 million per year. The highest spend on IT was within the Government, Healthcare, and Retail & Wholesale sectors.

Implement Hardware Asset Management

Build IT services value on the foundation of a proactive asset management program.

ANALYST PERSPECTIVE

IT asset data impacts the entire organization. It’s time to harness that potential.

"Asset management is like exercise: everyone is aware of the benefits, but many struggle to get started because the process seems daunting. Others fail to recognize the integrative potential that asset management offers once an effective program has been implemented.

A proper hardware asset management (HAM) program will allow your organization to cut spending, eliminate wasteful hardware, and improve your organizational security. More data will lead to better business decision-making across the organization.

As your program matures and your data gathering and utility improves, other areas of your organization will experience similar improvements. The true value of asset management comes from improved IT services built upon the foundation of a proactive asset management program." - Sandi Conrad, Practice Lead, Infrastructure & Operations Info-Tech Research Group

Our understanding of the problem

This Research Is Designed For:

• Asset Managers and Service Delivery Managers tasked with developing an asset management program who need a quick start.
• CIOs and CFOs who want to reduce or improve budgeting of hardware lifecycle costs.
• Information Security Officers who need to mitigate the risk of sensitive data loss due to insecure assets.

This Research Will Help You:

• Develop a hardware asset management (HAM) standard operating procedure (SOP) that documents:
  • Process roles and responsibilities.
  • Data classification scheme.
  • Procurement standards, processes, and workflows for hardware assets.
  • Hardware deployment policies, processes, and workflows.
  • Processes and workflows for hardware asset security and disposal.
• Identify requirements for an IT asset management (ITAM) solution to help generate a shortlist.
• Develop a hardware asset management implementation roadmap.
• Draft a communication plan for the initiative.

Executive summary

Situation

• Executives are aware of the numerous benefits asset management offers, but many organizations lack a defined ITAM program and especially a HAM program.
• Efforts to implement HAM are stalled because organizations cannot establish and maintain defined processes and policies.

Complication

• Organizations often implement an asset management program as a one- off project and let it stagnate, but asset management needs to be a dynamic, continually involving process to succeed.
• Organizations often fail to dedicate adequate resources to the HAM process, leading to unfinished processes and inconsistent standards.
• Hardware asset management programs yield a large amount of useful data. Unfortunately, this data is often underused. Departments within IT become data siloes, preventing effective use of the data.

Resolution

• As the IT environment continues to change, it is important to establish consistency in the standards around IT asset management.
• A current state assessment of your HAM program will shed light on the steps needed to safeguard your processes.
• Define the assets that will need to be managed to inform the scope of the ITAM program before defining processes.
• Build and involve an ITAM team in the process from the beginning to help embed the change.
• Define standard policies, processes, and procedures for each stage of the hardware asset lifecycle, from procurement through to disposal.
• Pace yourself; a staged implementation will make your ITAM program a success.

Info-Tech Insight

1. HAM is more than just tracking inventory. A mature asset management program provides data for proactive planning and decision making to reduce operating costs and mitigate risk.
2. ITAM is not just IT. IT leaders need to collaborate with Finance, Procurement, Security, and other business units to make informed decisions and create value across the enterprise.
3. Treat HAM like a process, not a project. HAM is a dynamic process that must react and adapt to the needs of the business.

Implement HAM to reduce and manage costs, gain efficiencies, and ensure regulatory compliance

Save & Manage Money

• Companies with effective HAM practices achieve cost savings through redeployment, reduction of lost or stolen equipment, power management, and on-time lease returns.
• The right HAM system will enable more accurate planning and budgeting by business units.

Improve Contract Management

• Real-time asset tracking to vendor terms and conditions allows for more effective negotiation.

Inform Technology Refresh

• HAM provides accurate information on hardware capacity and compatibility to inform upgrade and capacity planning

Gain Service Efficiencies

• Integrating the hardware lifecycle with the service desk will enable efficiencies through Install/Moves/Adds/Changes (IMAC) processes, for larger organizations.

Meet Regulatory Requirements

• You can’t secure organizational assets if you don’t know where they are! Meet governance and privacy laws by knowing asset location and that data is secure.

Prevent Risk

• Ensure data is properly destroyed through disposal processes, track lost and stolen hardware, and monitor hardware to quickly identify and isolate vulnerabilities.

HAM is more than just inventory; 92% of organizations say that it helps them provide better customer support

Hardware asset management (HAM) provides a framework for managing equipment throughout its entire lifecycle. HAM is more than just keeping an inventory; it focuses on knowing where the product is, what costs are associated with it, and how to ensure auditable disposition according to best options and local environmental laws.

Implementing a HAM practice enables integration of data and enhancement of many other IT services such as financial reporting, service management, green IT, and data and asset security.

Cost savings and efficiency gains will vary based on the organization’s starting state and what measures are implemented, but most organizations who implement HAM benefit from it. As organizations increase in size, they will find the greatest gains operationally by becoming more efficient at handling assets and identifying costs associated with them.

A 2015 survey by HDI of 342 technical support professionals found that 92% say that HAM has helped their teams provide better support to customers on hardware-related issues. Seventy-seven percent have improved customer satisfaction through managing hardware assets. (HDI, 2015)

HAM delivers cost savings beyond only the procurementstage

HAM cost savings aren’t necessarily realized through the procurement process or reduced purchase price of assets, but rather through the cost of managing the assets.

HAM delivers cost savings in several ways:

• Use a discovery tool to identify assets that may be retired, redeployed, or reused to cut or reallocate their costs.
• Enforce power management policies to reduce energy consumption as well as costs associated with wasted energy.
• Enforce policies to lock down unauthorized devices and ensure that confidential information isn’t lost (and you don’t have to waste money recovering lost data).
• Know the location of all your assets and which are connected to the network to ensure patches are up to date and avoid costly security risks and unplanned downtime.
• Scan assets to identify and remediate vulnerabilities that can cause expensive security attacks.
• Improve vendor and contract management to identify areas of hardware savings.

The ROI for HAM is significant and measurable

1. Weigh the return against the annual cost of investing in an ITAM solution to calculate the ROI.
2. Don’t forget about the intangible benefits that are more difficult to quantify but still significant, such as increased visibility into hardware, more accurate IT planning and budgeting, improved service delivery, and streamlined operations.

Avoid these common barriers to ITAM success

Organizations that struggle to implement ITAM successfully usually fall victim to these barriers:

Organizational resistance to change

Senior-level sponsorship, engagement, and communication is necessary to achieve the desired outcomes of ITAM; without it, ITAM implementations stall and fail or lack the necessary resources to deliver the value.

Lack of dedicated resources

ITAM often becomes an added responsibility for resources who already have other full-time responsibilities, which can quickly cause the program to lose focus. Increase the chance of success through dedicated resources.

Focus on tool over process

Many organizations buy a tool thinking it will do most of the work for them, but without supporting processes to define ITAM, the data within the tool can become unreliable.

Choosing a tool or process that doesn’t scale

Some organizations are able to track assets through manual discovery, but as their network and user base grows, this quickly becomes impossible. Choose a tool and build processes that will support the organization as it grows.

Using data only to respond to an audit without understanding root causes

Often, organizations implement ITAM only to the extent necessary to achieve compliance for audits, but without investigating the underlying causes of non-compliance and thus not solving the real problems.

To help you make quick progress, Info-Tech Research Group parses hardware asset management into essential processes

Focus on hardware asset lifecycle management essentials:

IT Asset Procurement:

• Define procurement standards for new hardware along with related warranties and support options.
• Develop processes and workflows for purchasing and work out financial implications to inform budgeting later.

IT Asset Intake and Deployment:

• Define policies, processes, and workflows for hardware and receiving, inventory, and tracking practices.
• Develop processes and workflows for managing imaging, change and moves, and large-scale rollouts.

IT Asset Security and Maintenance:

• Develop processes, policies, and workflows for asset tracking and security.
• Maintain contracts and agreements.

IT Asset Disposal or Recovery:

• Manage the employee termination and equipment recovery cycle.
• Securely wipe and dispose of assets that have reached retirement stage.

Follow Info-Tech’s methodology to build a plan to implement hardware asset management

Asset management is a key piece of Info-Tech's COBIT- inspired IT Management and Governance Framework

Cisco IT reduced costs by upwards of $50 million through implementing ITAM

CASE STUDY

Industry IT

Source Cisco Systems, Inc.

Cisco Systems, Inc.

Cisco Systems, Inc. is the largest networking company in the world. Headquartered in San Jose, California, the company employees over 70,000 people.

Asset Management

As is typical with technology companies, Cisco boasted a proactive work environment that encouraged individualism amongst employees. Unfortunately, this high degree of freedom combined with the rapid mobilization of PCs and other devices created numerous headaches for asset tracking. At its peak, spending on hardware alone exceeded $100 million per year.

Results

Through a comprehensive ITAM implementation, the new asset management program at Cisco has been a resounding success. While employees did have to adjust to new rules, the process as a whole has been streamlined and user-satisfaction levels have risen. Centralized purchasing and a smaller number of hardware platforms have allowed Cisco to cut its hardware spend in half, according to Mark Edmondson, manager of IT services expenses for Cisco Finance.

This case study continues in phase 1

Info-Tech delivers: Use our tools and templates to accelerate your project to completion

HAM Standard Operating Procedures (SOP)

HAM Maturity Assessment

Non-Standard Hardware Request Form

HAM Visio Process Workflows

HAM Policy Templates

HAM Budgeting Tool

HAM Communication Plan

HAM Implementation Roadmap Tool

Measured value for Guided Implementations (GIs)

Engaging in GIs doesn’t just offer valuable project advice, it also results in significant cost savings.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation overview

Workshop overview

Contact your account representative or email Workshops@InfoTech.comfor more information.

Phase 1

Lay Foundations

Implement Hardware Asset Management

A centralized procurement process helped cut Cisco’s hardware spend in half

CASE STUDY

Industry IT

Source Cisco Systems, Inc.

Challenge

Cisco Systems’ hardware spend was out of control. Peaking at $100 million per year, the technology giant needed to standardize procurement processes in its highly individualized work environment.

Users had a variety of demands related to hardware and network availability. As a result, data was spread out amongst multiple databases and was managed by different teams.

Solution

The IT team at Cisco set out to solve their hardware-spend problem using a phased project approach.

The first major step was to identify and use the data available within various departments and databases. The heavily siloed nature of these databases was a major roadblock for the asset management program.

This information had to be centralized, then consolidated and correlated into a meaningful format.

Results

The centralized tracking system allowed a single point of contact (POC) for the entire lifecycle of a PC. This also created a centralized source of information about all the PC assets at the company.

This reduced the number of PCs that were unaccounted for, reducing the chance that Cisco IT would overspend based on its hardware needs.

There were still a few limitations to address following the first step in the project, which will be described in more detail further on in this blueprint.

This case study continues in phase 2

Step 1.1: Assess current state and plan scope

Phase 1: Assess & Plan

1.1 Assess current state & plan scope

1.2 Build team & define metrics

This step will walk you through the following activities:

1.1.1 Complete MGD (optional)

1.1.2 Outline hardware asset management challenges

1.1.3 Conduct HAM maturity assessment

1.1.4 Classify hardware assets to define scope of the program

This step involves the following participants:

• CIO/CFO
• IT Director
• Asset Manager
• Purchasing
• Service Desk Manager
• Security (optional)
• Operations (optional)

Step Outcomes

• Understand key challenges related to hardware asset management within your organization to inform program development.
• Evaluate current maturity level of hardware asset management components and overall program to determine starting point.
• Define scope for the ITAM program including list of hardware to track as assets.

Complete the Management & Governance Diagnostic (MGD) to weigh the effectiveness of ITAM against other services

1.1.1 Optional Diagnostic

The MGD helps you get the data you need to confirm the importance of improving the effectiveness of your asset management program.

The MGD allows you to understand the landscape of all IT processes, including asset management. Evaluate all team members’ perceptions of each process’ importance and effectiveness.

Use the results to understand the urgency to change asset management and its relevant impact on the organization.

Establish process owners and hold team members accountable for process improvement initiatives to ensure successful implementation and realize the benefits from more effective processes.

To book a diagnostic, or get a copy of our questions to inform your own survey, visit Info-Tech’s Benchmarking Tools, contact your account manager, or call toll-free 1-888-670-8889 (US) or 1-844-618-3192 (CAN).

Sketch out challenges related to hardware asset management to shape the direction of the project

Common HAM Challenges

Processes and Policies:

• Existing asset management practices are labor intensive and time consuming
• Manual spreadsheets are used, making collaboration and automation difficult
• Lack of HAM policies and standard operating procedures
• Asset management data is not centralized
• Lack of clarity on roles and responsibilities for ITAM functions
• End users don’t understand the value of asset management

Tracking:

• Assets move across multiple locations and are difficult to track
• Hardware asset data comes from multiple sources, creating fragmented datasets
• No location data is available for hardware
• No data on ownership of assets

Security and Risk:

• No insight into which assets contain sensitive data
• There is no information on risks by asset type
• Rogue systems need to be identified as part of risk management best practices
• No data exists for assets that contain critical/sensitive data

Procurement:

• No centralized procurement department
• Multiple quotes from vendors are not currently part of the procurement process
• A lack of formal process can create issues surrounding employee onboarding such as long lead times
• Not all procurement standards are currently defined
• Rogue purchases create financial risk

Receiving:

• No formal process exists, resulting in no assigned receiving location and no assigned receiving role
• No automatic asset tracking system exists

Disposal:

• No insight into where disposed assets go
• Formal refresh and disposal system is needed

Contracts:

• No central repository exists for contracts
• No insight into contract lifecycle, hindering negotiation effectiveness and pricing optimization

Outline hardware asset management challenges

1.1.1 Brainstorm HAM challenges

Participants

• CIO/CFO
• IT Director
• Asset Manager
• Purchasing
• Service Desk Manager
• Security
• Operations (optional)

A. As a group, outline the hardware asset management challenges facing the organization.

Use the previous slide to help you get started. You can use the following headings as a guide or think of your own:

• Processes and Policies
• Tracking
• Procurement
• Receiving
• Security and Risk
• Disposal
• Contracts

B. If you get stuck, use the Hardware Asset Management Maturity Assessment Tool to get a quick view of your challenges and maturity targets and kick-start the conversation.

To be effective with hardware asset management, understand the drivers and potential impact to the organization

Each level of HAM maturity comes with its own unique challenges

Conduct a hardware maturity assessment to understand your starting point and challenges

1.1.3 Complete HAM Maturity Assessment Tool

Complete the Hardware Asset Management Maturity Assessment Tool to understand your organization’s overall maturity level in HAM, as well as the starting maturity level aligned with each step of the blueprint, in order to identify areas of strength and weakness to plan the project. Use this to track progress on the project.

An effective asset management project has four essential components, with varying levels of management required

The hardware present in your organization can be classified into four categories of ascending strategic complexity: commodity, inventory, asset, and configuration.

Commodity items are devices that are low-cost, low-risk items, where tracking is difficult and of low value.

Inventory is tracked primarily to identify location and original expense, which may be depreciated by Finance. Typically there will not be data on these devices and they’ll be replaced as they lose functionality.

Assets will need the full lifecycle managed. They are identified by cost and risk. Often there is data on these devices and they are typically replaced proactively before they become unstable.

Configuration items will generally be tracked in a configuration management database (CMDB) for the purpose of enabling the support teams to make decisions involving dependencies, configurations, and impact analysis. Some data will be duplicated between systems, but should be synchronized to improve accuracy between systems.

See Harness Configuration Management Superpowers to learn more about building a CMDB.

Classify your hardware assets to determine the scope and strategy of the program

Asset: A unique device or configuration of devices that enables a user to perform productive work tasks and has a defined location and ownership attributes.

• Hardware asset management involves tracking and managing physical components from procurement through to retirement. It provides the base for software asset management and is an important process that can lead to improved lifecycle management, service request fulfillment, security, and cost savings through harvesting and redeployment.
• When choosing your strategy, focus on those devices that are high cost and high risk/function such as desktops, laptops, servers, and mobile devices.

ASSET - Items of high importance and may contain data, such as PCs, mobile devices, and servers.

INVENTORY - Items that require significant financial investment but no tracking beyond its existence, such as a projector.

COMMODITY - Items that are often in use but are of relatively low cost, such as keyboards or mice.

Classify your hardware assets to define the scope of the program

1.1.4 Define the assets to be tracked within your organization

Participants

• Participants
• CIO/CFO
• IT Director
• Asset Manager
• Purchasing
• Service Desk Manager
• Security (optional)
• Operations (optional)

Document

Document in the Standard Operating Procedures, Section 1 – Overview & Scope

1. Determine value/risk threshold at which items should be tracked (e.g. over $1,000 and holding data).
2. Divide a whiteboard or flip chart into three columns: commodity, asset, and inventory.
3. Divide participants into groups by functional role to brainstorm devices in use within the organization. Write them down on sticky notes.
4. Place the sticky notes in the column that best describes the role of the product in your organization.

Align the scope of the program with business requirements

CASE STUDY

Industry Public Administration

Source Client Case Study

Situation

A state government designed a process to track hardware worth more than $1,000. Initially, most assets consisted of end-user computing devices.

The manual tracking process, which relied on a series of Excel documents, worked well enough to track the lifecycle of desktop and laptop assets.

However, two changes upended the organization’s program: the cost of end-user computing devices dropped dramatically and the demand for network services led to the proliferation of expensive equipment all over the state.

Complication

The existing program was no longer robust enough to meet business requirements. Networking equipment was not only more expensive than end-user computing devices, but also more critical to IT services.

What was needed was a streamlined process for procuring high-cost, high-utility equipment, tracking their location, and managing their lifecycle costs without compromising services.

Resolution

The organization decided to formalize, document, and automate hardware asset management processes to meet the new challenges and focus efforts on high-cost, high-utility end-user computing devices only.

Step 1.2: Build team and define metrics

Phase 1: Assess & Plan

1.1 Assess current state & plan scope

1.2 Build team and define metrics

This step will walk you through the following activities:

1.2.1 Define responsibilities for Asset Manager and Asset Administrator

1.2.2 Use a RACI chart to determine roles within HAM team

1.2.3 Further clarify HAM responsibilities for each role

1.2.4 Identify HAM reporting requirements

This step involves the following participants:

• CIO/CFO
• IT Director
• IT Managers
• Asset Manager
• Asset Coordinators
• ITAM Team
• Service Desk
• End-User Device Support Team

Step Outcomes:

• Defined responsibilities for Asset Manager and Asset Administrator
• Documented RACI chart assigning responsibility and accountability for core HAM processes
• Documented responsibilities for ITAM/HAM team
• Defined and documented KPIs and metrics to meet HAM reporting requirements

Form an asset management team to lead the project

Asset management is an organizational change. To gain buy-in for the new processes and workflows that will be put in place, a dedicated, passionate team needs to jump-start the project.

Delegate the following roles to team members and grow your team accordingly.

• The ITAM team should visit and consult with each component of the business as well as IT.
• Engage with leaders in each department to determine what their pain points are.
• The needs of each department are different and their responses will assist the ITAM team when designing goals for asset management.
• Consultations within each department also communicates the change early, which will help with the transition to the new ITAM program.

Info-Tech Insight

Ensure that there is diversity within the ITAM team. Assets for many organizations are diverse and the composition of your team should reflect that. Have multiple departments and experience levels represented to ensure a balanced view of the current situation.

Define the responsibilities for core ITAM/HAM roles of Asset Manager and Asset Administrator

1.2.1 Use Info-Tech’s job description templates to define roles

The role of the IT Asset Manager is to oversee the daily and long-term strategic management of software and technology- related hardware within the organization. This includes:

• Planning, monitoring, and recording software licenses and/or hardware assets to ensure compliance with vendor contracts.
• Forming procurement strategies to optimize technology spend across the organization.
• Developing and implementing procedures for tracking company assets to oversee quality control throughout their lifecycles.

The role of the IT Asset Administrator is to actively manage hardware and software assets within the organization. This includes:

• Updating and maintaining accurate asset records.
• Planning, monitoring, and recording software licenses and/or hardware assets to ensure compliance with vendor contracts.
• Administrative duties within procurement and inventory management.
• Maintaining records and databases regarding warranties, service agreements, and lifecycle management.
• Product standardization and tracking.

Use Info-Tech’s job description templates to assist in defining the responsibilities for these roles.

Organize your HAM team based on where they fit within the strategic, tactical, and operational components

Typically the asset manager will answer to either the CFO or CIO. Occasionally they answer to a vendor manager executive. The hierarchy may vary based on experience and how strategic a role the asset manager will play.

Determine the roles and responsibilities of the team who will support your HAM program

1.2.2 Complete a RACI

A RACI chart will identify who should be responsible, accountable, consulted, and informed for each key activity during the consolidation.

Participants

• Project Sponsor
• IT Director, CIO
• Project Manager
• IT Managers and Asset Manager(s)
• ITAM Team

Document

Document in the Standard Operating Procedure.

Instructions:

1. Write out the list of all stakeholders along the top of a whiteboard. Write out the key initiative steps for the consolidation project along the left side (use this list as a starting point).
2. For each initiative, identify each team member’s role. Are they:
   • Responsible? The one responsible for getting the job done.
   • Accountable? Only one person can be accountable for each task.
   • Consulted? Involved through input of knowledge and information.
   • Informed? Receive information about process execution and quality.
3. As you proceed through the initiative, continue to add tasks and assign responsibility to this RACI chart.

A sample RACI chart is provided on the next slide

Start with a RACI chart to determine the responsibilities

1.2.2 Complete a RACI chart for your organization

Further clarify HAM responsibilities for each role

1.2.3 Define roles and responsibilities for the HAM team

Participants

• Participants IT Asset Managers and Coordinators
• ITAM Team
• IT Managers and IT Director

Document

• Document in the Standard Operating Procedures in section 3 – Roles and Responsibilities

1. Discuss and finalize positions to be established within the ITAM/HAM office as well as additional roles that will be involved in HAM.
2. Review the sample responsibilities below and revise or create responsibilities for each key position within the HAM team.
3. Document in the HAM Standard Operating Procedures.

Determine criteria for success: establish metrics to quantify and demonstrate the results and value of the HAM function

HAM metrics fall in the following categories:

HAM Metrics

• Quantity e.g. inventory levels and need
• Cost e.g. value of assets, budget for hardware
• Compliance e.g. contracts, policies
• Quality e.g. accuracy of data
• Duration e.g. time to procure or deploy hardware

Follow a process for establishing metrics:

1. Identify and obtain consensus on the organization’s ITAM objectives, prioritized if possible.
2. For each ITAM objective, select two or three metrics in the applicable categories (not all categories will apply to all objectives); be sure to select metrics that are achievable with reasonable effort.
3. Establish a baseline measurement for each metric.
4. Establish a method and accountability for ongoing measurement and analysis/reporting.
5. Establish accountability for taking action on reported results.
6. As ITAM expands and matures, change or expand the metrics as appropriate.

Define KPIs and associated metrics

• Identify the critical success factors (CSFs) for your hardware asset management program based on strategic goals.
• For each success factor, identify the key performance indicators (KPIs) to measure success and specific metrics that will be tracked and reported on.
• Sample metrics are below:

Identify hardware asset reporting requirements and the data you need to collect to meet them

1.2.4 Identify asset reporting requirements

Participants

• CIO/CFO
• IT Director
• Asset Manager
• Purchasing
• Service Desk Manager
• Operations (optional)

Document

Document in the Standard Operating Procedures, Section 13: Reporting

1. Discuss the goals and objectives of implementing or improving hardware asset management, based on challenges identified in Step 1.2.
2. From the goals, identify the critical success factors for the HAM program
3. For each CSF, identify one to three key performance indicators to evaluate achievement of the success factor.
4. For each KPI, identify one to three metrics that can be tracked and reported on to measure success. Ensure that the metrics are tangible and measurable and will be useful for decision making or to take action.
5. Determine who needs this information and the frequency of reporting.
6. If you have existing ITAM data, record the baseline metric.

Phase 1 Guided Implementation

Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Guided Implementation 1: Lay Foundations

Proposed Time to Completion: 4 weeks

Step 1.1: Assess current state and plan scope

Start with an analyst kick-off call:

• Review challenges.
• Assess current HAM maturity level.
• Define scope of HAM program.

Then complete these activities…

• Complete MGD (optional).
• Outline hardware asset management challenges.
• Conduct HAM maturity assessment.
• Classify hardware assets to define scope of the program.

With these tools & templates:

HAM Maturity Assessment

Standard Operating Procedures

Step 1.2: Build team and define metrics

Review findings with analyst:

• Define roles and responsibilities.
• Assess reporting requirements.
• Document metrics to track.

Then complete these activities…

• Define responsibilities for Asset Manager and Asset Administrator.
• Use a RACI chart to determine roles within HAM team.
• Document responsibilities for HAM roles.
• Identify HAM reporting requirements.

With these tools & templates:

RACI Chart

Asset Manager and Asset Administrator Job Descriptions

Standard Operating Procedures

Phase 1 Results & Insights:

For asset management to succeed, it needs to support the business. Engage business leaders to determine needs and build your HAM program around these goals.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

Book a workshop with our Info-Tech analysts:

• To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
• Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
• Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

1.1.4 Classify hardware assets to define scope of the program

Determine value/risk threshold at which assets should be tracked, then divide a whiteboard into four quadrants representing four categories of assets. Participants write assets down on sticky notes and place them in the appropriate quadrant to classify assets.

1.2.2 Build a RACI chart to determine responsibilities

Identify all roles within the organization that will play a part in hardware asset management, then document all core HAM processes and tasks. For each task, assign each role to be responsible, accountable, consulted, or informed.

Phase 2

Procure and Receive

Implement Hardware Asset Management

Step 2.1: Request and Procure Hardware

Phase 2: Procure & Receive

2.1 Request & Procure

2.2 Receive & Deploy

This step will walk you through the following activities:

2.1.1 Identify IT asset procurement challenges

2.1.2 Define standard hardware requests

2.1.3 Document standard hardware request procedure

2.1.4 Build a non-standard hardware request form

2.1.5 Make lease vs. buy decisions for hardware assets

2.1.6 Document procurement workflow

2.1.7 Build a purchasing policy

This step involves the following participants:

• Asset Manager
• Purchasing
• Service Desk Manager
• Operations (optional)
• CFO or other management representative from Finance

Step Outcomes:

• Definition of standard hardware requests for roles, including core vs. optional assets
• End-user request process for standard hardware
• Non-standard hardware request form
• Lease vs. buy decisions for major hardware assets
• Defined and documented procurement workflow
• Documented purchasing policy

California saved $40 million per year using a green procurement strategy

CASE STUDY

Industry Government

Source Itassetmanagement.net

Challenge

Signed July 27, 2004, Executive order S-20-04, the “Green Building Initiative,” placed strict regulations on energy consumption, greenhouse gas emissions, and raw material usage and waste.

In compliance with S-20-04, the State of California needed to adopt a new procurement strategy. Its IT department was one of the worst offenders given the intensive energy usage by the variety of assets managed under the IT umbrella.

Solution

A green IT initiative was enacted, which involved an extensive hardware refresh based on a combination of agent-less discovery data and market data (device age, expiry dates, power consumption, etc.).

A hardware refresh of almost a quarter-million PCs, 9,500 servers, and 100 email systems was rolled out as a result.

Other changes, including improved software license compliance and data center consolidation, were also enacted.

Results

Because of the scale of this hardware refresh, the small changes meant big savings.

A reduction in power consumption equated to savings of over $40 million per year in electricity costs. Additionally, annual carbon emissions were trimmed by 200,000 tons.

Improve your hardware asset procurement process to…

Asset Procurement

• Standardization
• Aligned procurement processes
• SLAs
• TCO reduction
• Use of centralized/ single POC

Standardize processes: Using standard products throughout the enterprise lowers support costs by reducing the variety of parts that must be stocked for onsite repairs or for provisioning and supporting equipment.

Align procurement processes: Procurement processes must be aligned with customers’ business requirements, which can have unique needs.

Define SLAs: Providing accurate and timely performance metrics for all service activities allows infrastructure management based on fact rather than supposition.

Reduce TCO: Management recognizes service infrastructure activities as actual cost drivers.

Implement a single POC: A consolidated service desk is used where the contact understands both standards (products, processes, and practices) and the user’s business and technical environment.

Identify procurement challenges to identify process improvement needs

2.1.1 Identify IT asset procurement challenges

Participants

• Asset Manager
• Purchasing
• Service Desk Manager
• Operations (optional)

1. As a group, brainstorm existing challenges related to IT hardware requests and procurement.
2. If you get stuck, consider the common challenges listed below.
3. Use the results of the discussion to focus on which problems can be resolved and integrated into your organization as operational standards.

Document hardware standards to speed time to procure and improve communications to users regarding options

The first step in your procurement workflow will be to determine what is in scope for a standard request, and how non-standard requests will be handled. Questions that should be answered by this procedure include:

• What constitutes a non-standard request?
• Who is responsible for evaluating each type of request? Will there be one individual or will each division in IT elect a representative to handle requests specific to their scope of work?
• What additional security measures need to be taken?
• Are there exceptions made for specific departments or high-ranking individuals?

If your end-user device strategy requires an overhaul, schedule time with an Info-Tech analyst to review our blueprint Build an End-User Computing Strategy.

Once you’ve answered questions like these, you can outline your hardware standards as in the example below:

Info-Tech Insight

Approach hardware standards from a continual improvement frame of mind. Asset management is a dynamic process. Hardware standards will need to adapt over time to match the needs of the business. Plan assessments at routine intervals to ensure your current hardware standards align with business needs.

Document specifications to meet environmental, security, and manageability requirements

Determine environmental requirements and constraints.

Power management

Compare equipment for power consumption and ability to remotely power down machines when not in use.

Heat and noise

Test equipment run to see how hot the device gets, where the heat is expelled, and how much noise is generated. This may be particularly important for users who are working in close quarters.

Carbon footprint

Ask what the manufacturer is doing to reduce post-consumer waste and eliminate hazardous materials and chemicals from their products.

Ensure security requirements can be met.

• Determine if network/wireless cards meet security requirements and if USB ports can be turned off to prevent removal of data.
• Understand the level of security needed for mobile devices including encryption, remote shut down or wipe of hard drives, recovery software, or GPS tracking.
• Decide if fingerprint scanners with password managers would be appropriate to enable tighter security and reduce the forgotten-password support calls.

Review features available to enhance manageability.

• Discuss manageability goals with your IT team to see if any can be solved with added features, for example:
  • Remote control for troubleshooting and remote management of data security settings.
  • Asset management software or tags for bar coding, radio frequency identification (RFID), or GPS, which could be used in combination with strong asset management practices to inventory, track, and manage equipment.

If choosing refurbished equipment, avoid headaches by asking the right questions and choosing the right vendor

• Is the equipment functional and for how long is it expected to last?
• How long will the vendor stand behind the product and what support can be expected?
  • This is typically two to five years, but will vary from vendor to vendor.
  • Will they repair or replace machines? Many will just replace the machine.
• How big is the inventory supply?
  • What kind of inventory does the vendor keep and for how long can you expect the vendor to keep it?
  • How does the vendor source the equipment and do they have large quantities of the same make and model for easier imaging and support?
• How complete is the refurbishment process?
  • Do they test all components, replace as appropriate, and securely wipe or replace hard drives?
  • Are they authorized to reload MS Windows OEM?
• Is the product Open Box or used?
  • Open Box is a new product returned back to the vendor. Even if it is not used, the product cannot be resold as a new product. Open Box comes with a manufacturer’s warranty and the latest operating system.
  • If used, how old is the product?

"If you are looking for a product for two or three years, you can get it for less than half the price of new. I bought refurbished equipment for my call center for years and never had a problem". – Glen Collins, President, Applied Sales Group

Info-Tech Insight

Price differences are minimal between large and small vendors when dealing with refurbished machines. The decision to purchase should be based on ability to provide and service equipment.

Define standard hardware requests, including core and optional assets

2.1.2 Identify standards for hardware procurement by role

Participants

• Asset Manager
• Purchasing
• Service Desk Manager
• Operations (optional)
• Representatives from all other areas of the business

Document

Document in the Standard Operating Procedures, Section 7: Procurement.

1. Divide a whiteboard into columns representing all major areas of the business.
2. List the approximate number of end users present at each tier and record these totals on the board.
3. Distribute sticky notes. Use two different sizes: large sizes represent critically important hardware and small sizes represent optional hardware.
4. Define core hardware assets for each division as well as optional hardware assets.
5. Focus on the small sticky notes to determine if these optional purchases are necessary.
6. Finalize the group decision to determine the standard hardware procurement for each role in the organization. Record results in a table similar to the example below:

Document procedures for users to make standard hardware requests

2.1.3 Document standard hardware request procedure

Participants

• Asset Manager
• Purchasing
• Service Desk Manager
• Operations (optional)
• Representatives from all other areas of the business

Document

Document in the Standard Operating Procedures, Section 6: End-User Request Process.

Discuss and document the end-user request process:

1. In which cases can users request a primary device?
2. In which cases can users request a secondary (optional device)?
3. What justification is needed to approve of a secondary device?
   1. E.g. The request for a secondary device should be via email to the IS Projects and Procurements Officer. This email should outline the business case for why multiple devices are required.
4. Will a service catalog be available and integrated with an ITAM solution for users to make standard requests? If so, can users also configure their options?
5. Document the process in the standard operating procedure. Example:

End-User Request Process

• Hardware and software will be purchased through the user-facing catalog.
• Peripherals will be ordered as needed.
• End-user devices will be routed to business managers for approval prior to fulfillment by IT.
• Requests for secondary devices must be accompanied by a business case.
• Equipment replacements due to age will be managed through IT replacement processes.

Improve the process for ordering non-standard hardware by formalizing the request process, including business needs

2.1.4 Build a non-standard hardware request form

• Although the goal should be to standardize as much as possible, this isn’t always possible. Ensure users who are requesting non-standard hardware have a streamlined process to follow that satisfies the justifications for increased costs to deliver.
• Use Info-Tech’s template to build a non-standard hardware request form that may be used by departments/users requesting non-standard hardware in order to collect all necessary information for the request to be evaluated, approved, and sent to procurement.
• Ensure that the requestor provides detailed information around the equipment requested and the reason standard equipment does not suffice and includes all required approvals.
• Include instructions for completing and submitting the form as well as expected turnaround time for the approval process.

Info-Tech Insight

Include non-standard requests in continual improvement assessment. If a large portion of requests are for non-standard equipment, it’s possible the hardware doesn’t meet the recommended requirements for specialized software in use with many of your business users. Determine if new standards need to be set for all users or just “power users.”

Identify the information you need to collect to ensure a smooth purchasing process

Info-Tech Best Practice

Take into account the possibility of encountering taxation issues based on where the equipment is being delivered as well as taxes imposed or incurred in the location from which the asset was shipped or sent. This may impact purchasing decisions and shipping instructions.

Develop a procurement plan to get everyone in the business on the same page

• Without an efficient and structured process around how IT purchases are budgeted and authorized, maverick spending and dark procurement can result, limiting IT’s control and visibility into purchases.
• The challenge many IT departments face is that there is a disconnect between meeting the needs of the business and bringing in equipment according to existing policies and procedures.
• The asset manager should demonstrate how they can bridge the gaps and improve tracking mechanisms at the same time.

Improve procurement decisions:

• Demonstrate how technology is a value-add.
• Make a clear case for the budget by using the same language as the rest of the business.
• Quantify the output of technology investments in tangible business terms to justify the cost.
• Include the refresh cycle in the procurement plan to ensure mission- critical systems will include support and appropriate warranty.
• Plan technology needs for the future and ensure IT technology will continue to meet changing needs.
• Synchronize redundant organizational procurement chains in order to lower cost.

Document the following in your procurement procedure:

• Process for purchase requests
• Roles and responsibilities, including requestors and approvers
• Hardware assets to purchase and why they are needed
• Timelines for purchase
• Process for vendors

Info-Tech Insight

IT procurement teams are often heavily siloed from ITAM teams. The procurement team is typically found in the finance department. One way to bridge the gap is to implement routine, reliable reporting between departments.

Determine if it makes sense to lease or buy your equipment; weigh the pros and cons of leasing hardware

Pros

• Keeps operational costs low in the short term by containing immediate cost.
• Easy, predictable payments makes it easier to budget for equipment over long term.
• Get the equipment you need to start doing business right away if you’re just starting out.
• After the leasing term is up, you can continue the lease and update your hardware to the latest version.
• Typical leases last 2 or 3 years, meaning your hardware can get upgrades when it needs it and your business is in a better position to keep up with technology.
• Leasing directly from the vendor provides operational flexibility.
• Focus on the business and let the vendor focus on equipment service and updates as you don’t have to pay for maintenance.
• Costs structured as OPEX.

Cons

• In the long term, leasing is almost always more expensive than buying because there’s no equity in leased equipment and there may be additional fees and interest.
• Commitment to payment through the entire lease period even if you’re not using the equipment anymore.
• Early termination fees if you need to get out of the lease.
• No option to sell equipment once you’re finished with it to make money back.
• Maintenance is up to leasing company’s specifications.
• Product availability may be limited.

Recommended for:

• Companies just starting out
• Business owners with limited capital or budget
• Organizations with equipment that needs to be upgraded relatively often

Weigh the pros and cons of purchasing hardware

Pros

• Complete control over assets.
• More flexible and straightforward procurement process.
• Tax incentives: May be able to fully deduct the cost of some newly purchased assets or write off depreciation for computers and peripherals on taxes.
• Preferable if your equipment will not be obsolete in the next two or three years.
• You can resell the asset once you don’t need it anymore to recover some of the cost.
• Customization and management of equipment is easier when not bound by terms of leasing agreement.
• No waiting on vendor when maintenance is needed; no permission needed to make changes.

Cons

• High initial cost of investment with CAPEX expense model.
• More paperwork.
• You (as opposed to vendor) are responsible for equipment disposal in accordance with environmental regulations.
• You are responsible for keeping up with upgrades, updates, and patches.
• You risk ending up with out-of-date or obsolete equipment.
• Hardware may break after terms of warranty are up.

Recommended for:

• Established businesses
• Organizations needing equipment with long-term lifecycles

Make a lease vs. buy decision for equipment purchases

2.1.4 Decide whether to purchase or lease

Participants

• Asset Manager
• Purchasing
• Service Desk Manager
• Operations (optional)
• Representatives from all other areas of the business

Document

Document policy decisions in the Standard Operating Procedures – Section 7: Procurement

1. Identify hardware equipment that requires a purchase vs. lease decision.
2. Discuss with Finance whether it makes sense to purchase or lease each major asset, considering the following:

• Costs of equipment through each method
• Tax deductions
• Potential resale value
• Potential revenue from using the equipment
• How quickly the equipment will be outdated or require refresh
• Size of equipment
• Maintenance and support requirements
• Overall costs

Determine appropriate warranty and service-level agreements for your organization

Determine acceptable response time, and weigh the cost of warranty against the value of service.

• Standard warranties vary by manufacturer, but are typically one or three years.
• Next-day, onsite service may be part of the standard offering or may be available as an uplift.
• Four-hour, same-day service can also be added for high availability needs.
• Extended warranties can be purchased beyond three years, although not many organizations take advantage of this offering.
• Other organizations lower or remove the warranty and have reported savings of as much as $150 per machine.

Speak to your partner to see how they can help the process of distributing machines.

• Internal components change frequently with laptops and desktops. If purchasing product over time rather than buying in bulk, ensure the model will be available for a reasonable term to reduce imaging and support challenges.
• Determine which services are important to your organization and request these services as part of the initial quote. If sending out a formal RFQ or RFP, document required services and use as the basis for negotiating SLAs.
• Document details of SLA, including expectations of services for manufacturer, vendor, and internal team.
• If partner will be providing services, request they stock an appropriate number of hot spares for frequently replaced parts.
• If self-certifying, review resource capabilities, understand skill and certification requirements; for example, A+ certification may be a pre-requisite.
• Understand DOA policy and negotiate a “lemon policy,” meaning if product dies within 15 or 30 days it can be classified as DOA. Seek clarity on return processes.

Consider negotiation strategies, including how and when to engage with different partners during acquisition

Direct Model

• Dell’s primary sales model is direct either through a sales associate or through its e-commerce site. Promotions are regularly listed on the website, or if customization is required, desktops and laptops have some flexibility in configuration. Discounts can be negotiated with a sales rep on quantity purchases, but the discount level changes based on the model and configuration.
• Other tier-one manufacturers typically sell direct only from their e-commerce sites, providing promotions based on stock they wish to move, and providing some configuration flexibility. They rely heavily on the channel for the majority of their business.

Channel Model

• Most tier one manufacturers have processes in place to manage a smaller number of partners rather than billing and shipping out to individual customers. Deviating from this process and dealing direct with end customers can create order processing issues.
• Resellers have the ability to negotiate discounts based on quantities. Discounts will vary based on model, timing (quarter or year end), and quantity commitment.
• Negotiations on large quantities should involve a manufacturer rep as well as the reseller to clearly designate roles and services, ensure processes are in place to fulfill your needs, and agree on pricing scheme. This will prevent misunderstandings and bring clarity to any commitments.
• Often the channel partners are authorized to provide repair services under warranty for the manufacturer.
• Dell also uses the channel model for distribution where customers demand additional services.

Expect discounts to reflect quantity and method of purchase

Transaction-based purchases will receive the smallest discounting.

• Understand requirements to find the most appropriate make and model of equipment.
• Prepare a forecast of expected purchases for the year and discuss discounting.
• Typically initial discounts will be 3-5% off suggested retail price.
• Once a history is in place, and the vendor is receiving regular orders, it may extend deeper discounts.

Bulk purchases will receive more aggressive discounting of 5-15% off suggested retail price, depending on quantities.

• Examine shipping options and costs to take advantage of bulk deliveries; in some cases vendors may waive shipping fees as an extension of the discounting.
• If choosing end-of-line product, ensure appropriate quantity of a single model is available to efficiently roll out equipment.
• Various pricing models can be used to obtain best price.

Larger quantities rolled out over time will require commitments to the manufacturer to obtain deepest discounts.

• Discuss all required services as part of negotiation to ensure there are no surprise charges.
• Several pricing models can be used to obtain the best price.
  • Suggested retail price minus as much as 20%.
  • Cost plus 3% up to 10% or more.
  • Fixed price based on negotiating equipment availability with budget requirements.

If sending out to bid, determine requirements and scoring criteria

It’s nearly impossible to find two manufacturers with the exact same specifications, so comparisons between vendors is more art than science.

New or upgraded components will be introduced into configurations when it makes the most sense in a production cycle. This creates a challenge in comparing products, especially in an RFP. The best way to handle this is to:

• Define and document minimum technology requirements.
• Define and document service needs.
• Compare vendors to see if they’ve met the criteria or not; if yes, compare prices.
• If the vendors have included additional offerings, see if they make sense for your organization. If they do, include that in the scoring. If not, exclude and score based on price.
• Recognize that the complexity of the purchase will dictate the complexity of scoring.

"The hardware is the least important part of the equation. What is important is the warranty, delivery, imaging, asset tagging, and if they cannot deliver all these aspects the hardware doesn’t matter." – Doug Stevens, Assistant Manager Contract Services, Toronto District School Board

Document and analyze the hardware procurement workflow to streamline process

The procurement process should balance the need to negotiate appropriate pricing with the need to quickly approve and fulfill requests. The process should include steps to follow for approving, ordering, and tracking equipment until it is ready for receipt.

Within the process, it is particularly important to decide if this is where equipment is added into the database or if it will happen upon receipt.

A poorly designed procurement workflow:

• Includes many bottlenecks, stopping and starting points.
• May impact project and service requests and requires unrealistic lead times.
• May lead to lost productivity for users and lost credibility for the IT department.

A well-designed hardware procurement workflow:

• Provides reasonable lead times for project managers and service or hardware request fulfillment.
• Provides predictability for technical resources to plan deployments.
• Reduces bureaucracy and workload for following up on missing shipments.
• Enables improved documentation of assets to start lifecycle management.

Info-Tech Insight

Where the Hardware Asset Manager is unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand. Projects, replacements, and new-user requests cannot be delayed in a service-focused IT organization due to bureaucratic processes.

Document and analyze your procurement workflow to identify opportunities for improvement and communicate process

Determine if you need one workflow for all equipment or multiples for small vs. large purchases.

Occasionally large rollouts require significant changes from lower dollar purchases.

Watch for:

• Back and forth communications
• Delays in approvals
• Inability to get ETAs from vendors
• Too many requests for quotes for small purchases
• Entry into asset database

This sample can be found in the HAM Process Workflows.

Design the process workflow for hardware procurement

2.1.6 Illustrate procurement workflow with a tabletop exercise

Participants

• Asset Manager
• Purchasing
• Service Desk Manager
• Operations (optional)
• CFO or other management representative from Finance

Document

Document in the Standard Operating Procedures, Section 7: Procurement

1. In a group, distribute sticky notes or cue cards.
2. Designate a space on the table/whiteboard to plot the workflow.
3. Determine which individuals are responsible for handling non-standard requests. Establish any exceptions that may apply to your defined hardware standard.
4. Gather input from Finance on what the threshold will be for hardware purchases that will require further approval.
5. Map the procurement process for a standard hardware purchase.
6. If applicable, map the procurement process for a non-standard request separately.
7. Evaluate the workflow to identify any areas of inefficiency and make any changes necessary to improve the process.
8. Be sure to discuss and include:
   • All necessary approvals
   • Time required for standard equipment process
   • Time required for non-standard equipment process
   • How information will be transferred to ITAM database

Document and share an organizational purchasing policy

2.1.7 Build a purchasing policy

A purchasing policy helps to establish company standards, guidelines, and procedures for the purchase of all information technology hardware, software, and computer-related components as well as the purchase of all technical services.

The policy will ensure that all purchasing processes are consistent and in alignment with company strategy. The purchasing policy is key to ensuring that corporate purchases are effective and the best value for money is obtained.

Implement a purchasing policy to prevent or reduce:

• Costly corporate conflict of interest cases.
• Unauthorized purchases of non-standard, difficult to support equipment.
• Unauthorized purchases resulting in non-traceable equipment.
• Budget overruns due to decentralized, equipment acquisition.

Download Info-Tech’s Purchasing Policytemplate to build your own purchasing policy.

Step 2.2: Receive and Deploy Hardware

Phase 2: Procure & Receive

2.1 Request & Procure

2.2 Receive & Deploy

This step will walk you through the following activities:

2.2.1 Select appropriate asset tagging method

2.2.2 Design workflow for receiving and inventorying equipment

2.2.3 Document the deployment workflow(s)

This step involves the following participants:

• Asset Manager
• Purchasing
• Receiver (optional)
• Service Desk Manager
• Operations (optional)

Step Outcomes:

• Understanding of the pros and cons of various asset tagging methods
• Defined asset tagging method, process, and location by equipment type
• Identified equipment acceptance, testing, and return procedures
• Documented equipment receiving and inventorying workflow
• Documented deployment workflows for desktop hardware and large-scale deployments

Cisco implemented automation to improve its inventory and deployment system

CASE STUDY

Industry Networking

Source Cisco IT

Challenge

Although Cisco Systems had implemented a centralized procurement location for all PCs used in the company, inventory tracking had yet to be addressed.

Inventory tracking was still a manual process. Given the volume of PCs that are purchased each year, this is an incredibly labor-intensive process.

Sharing information with management and end users also required the generation of reports – another manual task.

Solution

The team at Cisco recognized that automation was the key component holding back the success of the inventory management program.

Rolling out an automated process across multiple offices and groups, both nationally and internationally, was deemed too difficult to accomplish in the short amount of time needed, so Cisco elected to outsource its PC management needs to an experienced vendor.

Results

As a result of the PC management vendor’s industry experience, the implementation of automated tracking and management functions drastically improved the inventory management situation at Cisco.

The vendor helped determine an ideal leasing set life of 30 months for PCs, while also managing installations, maintenance, and returns.

Even though automation helped improve inventory and deployment practices, Cisco still needed to address another key facet of asset management: security.

This case study continues in phase 3.

An effective equipment intake process is critical to ensure product is correct, documented, and secured

Examine your current process for receiving assets. Typical problems include:

Receiving inventory at multiple locations can lead to inconsistent processes. This can make invoice reconciliation challenging and result in untracked or lost equipment and delays in deployment.

Equipment not received and secured quickly. Idle equipment tends to go missing if left unsupervised for too long. Missed opportunities to manage returns where equipment is incorrect or defective.

Disconnect between procurement and receiving where ETAs are unknown or incorrect. This can create an issue where no one is prepared for equipment arrival and is especially problematic on large orders.

How do you solve these problems? Create a standardized workflow that outlines clear steps for asset receiving.

A workflow will help to answer questions such as:

• How do you deal with damaged shipments? Incorrect shipments?
• Did you reach an agreement with the vendor to replace damaged/incorrect shipments within a certain timeframe?
• When does the product get tagged and entered into the system as received?
• What information needs to get captured on the asset tag?

Standardize the process for receiving your hardware assets

The first step in effective hardware asset intake is establishing proper procedures for receiving and handling of assets.

Process: Start with information from the procurement process to determine what steps need to follow to receive into appropriate systems and what processes will enable tagging to happen as soon as possible.

People: Ensure anyone who may impact this process is aware of the importance of documenting before deployment. Having everyone who may be handling equipment on board is key to success.

Security: Equipment will be secured at the loading dock or reception. It will need to be secured as inventory and be secured if delivering directly to the bench for imaging. Ensure all receiving activities are done before equipment is deployed.

Tools: A centralized ERP system may already provide a place to receive and reconcile with purchasing and invoicing, but there may still be a need to receive directly into the ITAM and/or CMDB database rather than importing directly from the ERP system.

Tagging: A variety of methods can be used to tag equipment to assist with inventory. Consider the overall lifecycle management when determining which tagging methods are best.

Info-Tech Insight

Decentralized receiving doesn’t have to mean multiple processes. Take advantage of enterprise solutions that will centralize the data and ensure everyone follows the same processes unless there is an uncompromising and compelling logistical reason to deviate.

Evaluate the pros and cons of different asset tagging methods

Evaluate the pros and cons of different asset tagging methods

Select the appropriate method for tagging and tracking your hardware assets

2.2.1 Select asset tagging method

Participants

• Asset Manager
• Purchasing
• Service Desk Manager
• Operations (optional)

Document

Document in the Standard Operating Procedures, Section 8

1. Define your asset tagging method. For most organizations, asset tracking is done via barcoding or QR codes, either by using one method or a combination of the two. Other methods, including RFID, may be applicable based on cost or tracking complexity. Overall, barcodes embedded with RFID are the most robust and efficient method for asset tagging, but also the most expensive. Choose the best method for your organization, taking into account affordability, labor-intensiveness, data complexity needs, and ease of deployment.
2. Define the process for tagging assets, including how soon they should receive the tag, whose responsibility it is, and whether the tag type varies depending on the asset type.
3. Define the location of asset tags according to equipment type. Example:

Inspect and test equipment before accepting it into inventory to ensure it’s working according to specifications

Upon receipt of procured hardware, validate the equipment before accepting it into inventory.

1. Receive - Upon taking possession of the equipment, stage them for inspection before placing them into inventory or deploying for immediate use.
2. Inspect - The inspection process should involve at minimum examining the products that have been delivered to determine conformance to purchase specifications.
3. Test -Depending on the type and cost of hardware, some assets may benefit from additional testing to determine if they perform at a satisfactory level before being accepted.
4. Accept - If the products conform to the requirements of the purchase order, acknowledge receipt so the supplier may be paid. Most shipments are automatically considered as accepted and approved for payment within a specific timeframe.

Assign responsibility and accountability for inspection and acceptance of equipment, verifying the following:

• The products conform to purchase order requirements.
• The quantity ordered is the same as the quantity delivered.
• There is no damage to equipment.
• Delivery documentation is acceptable.
• Products are operable and perform according to specifications.
• If required, document an acceptance testing process as a separate procedure.

Build the RMA procedure into the receiving process to handle receipt of defective equipment

The return merchandise authorization (RMA) process should be a standard part of the receiving process to handle the return of defective materials to the vendor for either repair or replacement.

If there is a standard process in place for all returns in the organization, you can follow the same process for returning hardware equipment:

• Call the vendor to receive a unique RMA number that will be attached to the equipment to be returned, then follow manufacturer specifications for returning equipment within allowable timelines according to the contract where applicable.
• Establish a lemon policy with vendors, allowing for full returns up to 30 days after equipment is deployed if the product proves defective after initial acceptance.

Info-Tech Insight

Make sure you’re well aware of the stipulations in your contract or purchase order. Sometimes acceptance is assumed after 60 days or less, and oftentimes the clock starts as soon as the equipment is shipped out rather than when it is received.

Info-Tech Best Practice

Keep in mind that the serial number on the received assed may not be the asset that ultimately ends up on the user’s desk if the RMA process is initiated. Record the serial number after the RMA process or add a correction process to the workflow to ensure the asset is properly accounted for.

Determine what equipment should be stocked for quick deployment where demand is high or speed is crucial

The most important feature of your receiving and inventory process should be categorization. A well-designed inventory system should reflect not only the type of asset, but also the usage level.

A common technique employed by asset managers is to categorize your assets using an ABC analysis. Assets are classified as either A, B, or C items. The ratings are based on the following criteria:

A

A items have the highest usage. Typically, 10-20% of total assets in your inventory account for upwards of 70-80% of the total asset requests.

A items should be tightly controlled with secure storage areas and policies. Avoiding stock depletion is a top priority.

B

B items are assets that have a moderate usage level, with around 30% of total assets accounting for 15-25% of total requests.

B items must be monitored; B items can transition to A or C items, especially during cycles of heavier business activity.

C

C items are assets that have the lowest usage, with upwards of 50% of your total inventory accounting for just 5% of total asset requests.

C items are reordered the least frequently, and present a low demand and high risk for excessive inventory (especially if they have a short lifecycle). Many organizations look to move towards an on-demand policy to mitigate risk.

Info-Tech Insight

Get your vendor to keep stock of your assets. If large quantities of a certain asset are required but you lack the space to securely store them onsite, ask your vendor to keep stock for you and release as you issue purchase orders. This speeds up delivery and delays warranty activation until the item is shipped. This does require an adherence to equipment standards and understanding of demand to be effective.

Define the process for receiving equipment into inventory

Define the following in your receiving process:

• When will equipment be opened once delivered?
• Who will open and validate equipment upon receipt?
• How will discrepancies be resolved?
• When will equipment be tagged and identified in the tracking tool?
• When will equipment be locked in secure storage?
• Where will equipment go if it needs to be immediately deployed?

Design the workflow for receiving and inventorying equipment

2.2.2 Illustrate receiving workflow with a tabletop exercise

Participants

• Asset Manager
• Purchasing
• Service Desk Manager
• Operations (optional)
• CFO or other management representative from Finance

Document

Document in the Standard Operating Procedures, Section 8: Receiving and Equipment Inventory

Option 1: Whiteboard

1. Discuss the workflow and draw it on the whiteboard.
2. Assess whether you are using the best workflow. Modify it if necessary.
3. Use the sample workflow from this step as a guide if starting from scratch.
4. Engage the team in refining the process workflow.
5. Transfer data to Visio and add to the SOP.

Option 2: Tabletop Exercise

1. Distribute index cards to each member of the team.
2. Have each person write a single task they perform on the index card. Be granular. Include the title or the name of the person responsible.
3. Mark cards that are decision points. Use a card of a different color or use a marker to make a colored dot.
4. Arrange the index cards in order, removing duplicates.
5. Assess whether you are using the best workflow. Engage the team to refine it if necessary.
6. Transfer data to Visio and add to the SOP.

Improve device deployment by documenting software personas for each role

• Improve the deployment process for new users by having a comprehensive list of software used by common roles within the organization. With large variations in roles, it may be impossible to build a complete list, but as you start to see patterns in requirements, you may find less distinct personas than anticipated.
• Consider a survey to business units to determine what they need if this will solve some immediate problems. If this portion of the project will be deferred, use the data uncovered in the discovery process to identify which software is used by which roles.
• Replacement equipment can have the software footprint created by what was actually utilized by the user, not necessarily what software was installed on the previous device.

A software usage snapshot for an urban planner/engineer.

• Once software needs are determined, use this information to review the appropriate device for each persona.
  • Ensure hardware is appropriate for the type of work the user does and supports required software.
  • If it is more appropriate for a user to have a tablet, ensure the software they use can be used on any device.
• Review deployment methods to determine if there is any opportunity to improve the imaging or software deployment process with better tools or methodologies.
• Document the device’s location if it will be static, or if the user may be more mobile, add location information for their primary location.
• Think about the best place to document – if this information can be stored in Active Directory and imported to the ITAM database, you can update once and use in multiple applications. But this process is built into your add/move/change workflows.

Maintain a lean library to simplify image management

Simplify, simplify, simplify. Use a minimal number of desktop images and automate as much as you can.

• Embrace minimalism. When it comes to managing your desktop image library, your ultimate goal should be to minimize the manual effort involved in provisioning new desktops.
• Less is more. Try to maintain as few standard desktop images as possible and consider a thin gold image, which can be patched and updated on a regular basis. A thin image with efficient application deployment will improve the provisioning process.
• Standardize and repeat. System provisioning should be a repeatable process. This means it is ripe for standardization and automation. Look at balancing the imaging process with software provisioning, using group policy and deployment tools to reduce time to provision and deliver equipment.
• Outsource where appropriate. Imaging is one of the most employed services, where the image is built in-house and deployed by the hardware vendor. As a minimum, quarterly updates should still be provided to integrate the latest patches into the operating system.

Document the process workflow for hardware deployment

Define the process for deploying hardware to users.

Include the following in your workflow:

• How will equipment be configured and imaged before deployment?
• Which images will be used for specific roles?
• Which assets are assigned to specific roles?
• How will the device status be changed in the ITAM tool once deployed?

Large-scale deployments should be run as projects, benefitting from economies of scale in each step

Large-scale desktop deployments or data center upgrades will likely be managed as projects.

These projects should include project plans, including resources, timelines, and detailed procedures.

Define the process for large-scale deployment if it will differ from the regular deployment process.

Document the deployment workflow(s)

2.2.3 Document deployment workflows for desktop and large-scale deployment

Participants

• Asset Manager
• Purchasing
• Service Desk Manager
• Operations (optional)
• CFO or other management representative from Finance

Document

Document in the Standard Operating Procedures, Section 9: Deployment

Document each step in the system deployment process with notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.

1. Outline each step in the process of desktop deployment. Be as granular as possible. On each card, describe the step as well as the individual responsible for it.
2. When you are satisfied that each step is accurately captured, use a second color of notecard to document any challenges, inefficiencies, or pains associated with each step. Consider further documenting the time on each task.
3. Examine each challenge or pain point. Discuss whether or not there is a clear solution to the problem. If yes, document the solution and amend the workflow. If not, engage in a broader discussion of possible solutions, taking into account people, processes, and available technology.
4. Document separately the process for large-scale deployment if required.

Look for opportunities to improve the request and deployment process with better communication and tools

The biggest challenge in deploying equipment is meeting expectations of the business, and without cooperation from multiple departments, this becomes significantly more difficult.

• Work with the procurement and the services team to ensure inventory is accessible, and regularly validate that inventory levels in the ITAM database are accurate.
• Work with the HR department to predict (where possible) anticipated new hires. Plan for inventory ebbs and flows to match the hiring timelines where there are large variations.
• If service catalogs will be made available for communicating options and SLAs for equipment purchases, work with the service catalog administrators to automate inventory checks and notifications. Work with the end-user device managers to set standards and reduce equipment variations to a manageable amount.
• Where deployments are part of equipment refresh, ensure data is up to date for the services team to plan the project rollouts and know which software should be redeployed with the devices.
• Infrastructure and security teams may have specific hardware assets relating to networking, data centers, and security, which may bypass the end-user device workflows but need to be tagged and entered into inventory early in the process. Work with these teams to have their equipment follow the same receiving and inventory processes. Deployment will vary based on equipment type and location.

Automate hardware deployment where users are dispersed and deployment volume is high

Self-serve kiosks (vending machines) can provide cost reductions in delivery of up to 25%. Organizations that have a high distribution rate are seeing reductions in cost of peripherals averaging 30-35% and a few extreme cases of closer to 85%.

Benefits of using vending machines:

• Secure equipment until deployed.
• Equipment can be either purchased by credit card or linked to employee ID cards, enabling secure transactions and reporting.
• Access rights can be controlled in real time, preventing terminated employees from accessing equipment or managing how many devices can be deployed to each user.
• Vending machines can be managed through a cellular or wireless network.
• Technology partners can be tasked with monitoring and refilling vending machines.
• Employees are able to access technology wherever a vending machine can be located rather than needing to travel to the help desk.
• Equipment loans and new employee packages can be managed through vending machines.

Phase 2 Guided Implementation

Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Guided Implementation 2: Request, Procure, Receive, and Deploy

Proposed Time to Completion: 4 weeks

Step 2.1: Request & Procure

Start with an analyst kick-off call:

• Define standard and non-standard hardware.
• Weigh the pros and cons of leasing vs. buying.
• Build the procurement process.

Then complete these activities…

• Define standard hardware requests.
• Document standard hardware request procedure.
• Document procurement workflow.
• Build a purchasing policy.

With these tools & templates:

• Standard Operating Procedures
• Non-Standard Hardware Request Form
• Hardware Procurement Workflow
• Purchasing Policy

Step 2.2: Receive & Deploy

Review findings with analyst:

• Determine appropriate asset tagging method.
• Define equipment receiving process.
• Define equipment deployment process.

Then complete these activities…

• Select appropriate asset tagging method.
• Design workflow for receiving and inventorying equipment.
• Document the deployment workflow(s).

With these tools & templates:

• Standard Operating Procedures
• Equipment Receiving & Tagging Workflow
• Deployment Workflow

Phase 2 Insight: Bridge the gap between IT and Finance to build a smoother request and procurement process through communication and routine reporting. If you’re unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

Book a workshop with our Info-Tech analysts:

• To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
• Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
• Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

2.1.2 Define standard hardware requests

Divide whiteboard into columns representing core business areas. Define core hardware assets for end users in each division along with optional hardware assets. Discuss optional assets to narrow and define standard equipment requests.

2.2.1 Select appropriate method for tagging and tracking assets

Discuss the various asset tagging methods and choose the tagging method that is most appropriate for your organization. Define the process for tagging assets and document the standard asset tag location according to equipment type.

Phase 3

Maintain and Dispose

Implement Hardware Asset Management

Cisco overcame organizational resistance to change to improve asset security

CASE STUDY

Industry Networking

Source Cisco IT

Challenge

Cisco Systems had created a dynamic work environment that prized individuality. This environment created high employee satisfaction, but it also created a great deal of risk surrounding device security.

Cisco lacked an asset security policy; there were no standards for employees to follow. This created a surplus of not only hardware, but software to support the variety of needs amongst various teams at Cisco.

Solution

The ITAM team at Cisco recognized that their largest problem was the lack of standardization with respect to PCs. Variance in cost, lifecycle, and software needs/compatibility were primary issues.

Cisco introduced a PC leasing program with the help of a PC asset management vendor to correct these issues. The primary goal was to increase on-time returns of PCs. A set life of 30 months was defined by the vendor.

Results

Cisco engaged employees to help contribute to improving its asset management protocols, and the approach worked.

On-time returns increased from 60% to 80%. Costs were reduced due to active tracking and disposal of any owned assets still present.

A reduction in hardware and software platforms has cut costs and increased security thanks to improved tracking capabilities.

This case study continues in phase 4

Step 3.1: Manage, Maintain, and Secure Hardware Assets

Phase 3: Maintain & Dispose

3.1 Manage & Maintain

3.2 Dispose or Redeploy

This step will walk you through the following activities:

3.1.1 Build a MAC policy and request form

3.1.2 Build workflows to document user MAC processes

3.1.3 Design process and policies for hardware maintenance, warranty, and support documentation handling

3.1.4 Revise or create an asset security policy

This step involves the following participants:

• Asset Manager
• Service Desk Manager
• Operations (optional)
• Security Department

Step Outcomes

• Understanding of inventory management process best practices
• Templates for move/add/change request policy and form
• Documented process workflows for the user move/add/change process
• Process and policies for hardware maintenance, warranty, and support documentation handling
• Defined policies for maintaining asset security

Determine methods for performing inventory audits on equipment

Auto-discovery

• Auto-discovery tools will be crucial to the process of understanding what equipment is connected to the network and in use.
• The core functionality of discovery tools is to scan the environment and collect configuration data from all connected assets, but most tools can also be used to collect usage data, network monitoring, and software asset management data including software distribution, compliance, and license information.
• These tools may not connect to peripheral devices such as monitors and external drives, will not scan devices that are turned off or disconnected from the network, may not inventory remote users, and will rarely provide location information. This often results in a need to complete physical audits as well.

Info-Tech Insight

One of the most common mistakes we see when it comes to asset management is to assume that the discovery tool will discovery most or all of your inventory and do all the work. It is better to assume only 80-90% coverage by the discovery tool and build ownership records to uncover the unreportable assets that are not tied into the network.

Physical audit

• The physical audit can be greatly improved with barcode, RFID, or QR codes, allowing items to be scanned, records opened, then updated.
• If not everything is tagged or entered into the ITAM database, then searching closets, cabinets, and desk drawers may be required to tag and enter those devices into the database.
• Provide the inventory team with exact instructions on what needs to be collected, verified, and recorded. Depending on the experience and thoroughness of the team, spot checks early in the process may alleviate quality issues often discovered at the end of the inventory cycle.

Determine requirements for performing inventory audits on equipment

Conduct an annual hardware audit to ensure hardware is still assigned to the person and location identified in your ITAM system, and assess its condition.

Perform a quarterly review of hardware stock levels in order to ensure all equipment is relevant and usable. The table below is an example of how to organize this information.

Info-Tech Insight

Don’t forget about your remotely deployed assets. Think about how you plan to inventory remotely deployed equipment. Some tools will allow data collection through an agent that will talk to the server over the internet, and some will completely ignore those assets or provide a way to manually collect the data and email back to the asset manager. Mobile device management tools may also help with this inventory process. Determine what is most appropriate based on the volume of remote workers and devices.

Build an inventory management process to maintain an accurate view of owned hardware assets

• Your inventory should capture which assets are on hand, where they are located, and who owns them, at minimum. Maintaining an accurate, up-to-date view of owned hardware assets allows you to see at any time the actual state of the components that make up your infrastructure across the enterprise.
• Automated inventory practices save time and effort from doing physical inventories and also reduce the interruption to business users while improving accuracy of data.
• If you are just starting out, define the process for conducting an inventory of deployed assets, and then define the process for regular upkeep and audit of inventory data.

Inventory Methods

• Electronic – captures networked asset information only and can be deployed over the network with no deskside service interaction.
• Physical – captures environmental detail and must be performed manually by a service technician with possible disruption to users.
• Full inventory – both physical and electronic inventory of assets.

Internal asset information to collect electronically

• Hardware configuration
• Installed software
• Operating system
• System BIOS
• Network configuration
• Network drive mappings
• Printer setups
• System variables

External asset information that cannot be detected electronically

• Assigned user
• Associated assets
• Asset/user location
• Usage of asset
• Asset tag number

IMAC (Install, Move, Add, Change) services will form the bulk of asset management work while assets are deployed

IMAC services are usually performed at a user’s deskside by a services technician and can include:

• Installing new desktops or peripherals
• Installing or modifying software
• Physically moving an end user’s equipment
• Upgrading or adding components to a desktop

Specific activities may include:

Changes

• Add new user IDs
• Manage IDs
• Network changes
• Run auto-discovery scan

Moves

• Perform new location site survey
• Coordinate with facilities
• Disconnect old equipment
• Move to new location
• Reconnect at new location
• Test installed asset
• Obtain customer acceptance
• Close request

Installs and Adds

• Perform site survey
• Perform final configuration
• Coordinate with Facilities
• Asset tagging
• Transfer data from old desktop
• Wipe old desktop hard drive
• Test installed asset
• Initiate auto-discovery scan
• Obtain customer acceptance
• Close request

A strong IMAC request process will lessen the burden on IT asset managers

• When assets are actively in use, Asset Managers must also participate in the IMAC (Install-Move-Add-Change) process and ensure that any changes to asset characteristics or locations are updated and tracked in the asset management tool and that the value and usefulness of the asset is monitored.
• The IMAC process should not only be reactive in response to requests, but proactive to plan for moves and relocations during any organizational change events.

Recommendations:

Automate. Wherever possible, use tools to automate the IMAC process.

E-forms, help desk, ticketing, or change management software can automate the request workflow by allowing the requestor to submit a request ticket that can then be automatically assigned to a designated team member according to the established chain of command. As work is completed, the ticket can be updated, and the requestor will be able to check the status of the work at any time.

Communicate the length of any downtime associated with execution of the IMAC request to lessen the frustration and impatience among users.

Involve HR. When it comes to adding or removing user accounts, HR can be a valuable resource. As most new employees should be hired through HR, work with them to improve the onboarding process with enough advanced notice to set up accounts and equipment. Role changes with access rights and software modifications can benefit from improved communications. Review the termination process as well, to secure data and equipment.

Build a MAC request policy and form for end users

A consistent Move, Add, Change (MAC) request process is essential for lessening the burden on the IT department. MAC requests are used to address any number of tasks, including:

• Relocation of PCs and/or peripherals.
• New account setup.
• Hardware or software upgrades.
• Equipment swaps or replacements.
• User account/access changes.
• Document generation.
• User acceptance testing.
• Vendor coordination.

Create a request form.

If you are not using help desk or other ticketing software, create a request template that must be submitted for each MAC. The request should include:

• The name and department of the requester.
• The date of the request.
• Severity of the request. For example, severity can be graded on a score of high, medium, or low where high represents a mission-critical change that could compromise business continuity if not addressed immediately, and low represents a more cosmetic change that will not negatively affect operations. The severity of the request can be determined by the service-level agreement (SLA) associated with the service.
• Date the request must be completed by. Or at least, what would be the ideal date for completion. This will vary greatly depending on the severity of the request. For example, deleting the access of a terminated employee would be very time sensitive.
• Item or service to be moved, added, or changed. Include location, serial number, or other designated identifier where possible.
• If the item or service is to be moved, indicated where it is being moved.
• It is a good idea to include a comments section where the requester can add any additional questions or details.

Use Info-Tech’s templates to build your MAC policy and request form

3.1.1 Build a MAC policy and request form

Desktop Move/Add/Change Policy

This desktop move/add/change policy should be put in place to mitigate the risk associated with unauthorized changes, minimize disruption to the business, IT department, and end users, and maintain consistent expectations.

Move, Add, Change Request Form

Help end users navigate the move/add/change process. Use the Move/Add/Change Request Form to increase efficiency and organization for MAC requests.

Document the process for user equipment moves

Include the following in your process documentation:

• How and when will any changes to user or location information be made in the ITAM tool?
• Will any changes in AD automatically update in the ITAM tool?
• How should requests for equipment moves or changes be made?
• How will resources be scheduled?

Build workflows to document user MAC processes

3.1.2 Build MAC process workflows

Participants

• Asset Manager
• Service Desk Manager
• Operations (optional)

Document

Document in the Standard Operating Procedures, Section 10: Equipment Install, Adds, Moves, and Changes

Document each step in the system deployment process using notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.

1. Outline each step in the process of desktop deployment. Be as granular as possible. On each card, describe the step as well as the individual responsible for each step.
2. When you are satisfied that each step is accurately captured, use a second color of notecard to document any challenges, inefficiencies, or pains associated with each step. Consider further documenting the time on each task.
3. Examine each challenge or pain point. Discuss whether or not there is a clear solution to the problem. If so, document the solution and amend the workflow. If not, engage in a broader discussion of possible solutions, taking into account people, processes, and available technology.
4. Document separately the process for large-scale deployment if required.

Define a policy to ensure effective maintenance of hardware assets

Effective maintenance and support of assets provides longer life, higher employee productivity, and increased user satisfaction.

• Your asset management documentation and database should store equipment maintenance contract information so that it can be consulted whenever hardware service is required.
• Record who to contact as well as how, warranty information, and any SLAs that are associated with the maintenance agreement.
• Record all maintenance that hardware equipment receives, which will be valuable for evaluating asset and supplier performance.
• In most cases, the Service Desk should be the central point of contact for maintenance calls to all suppliers.

Sample equipment maintenance policy terms:

• Maintenance and support arrangements are required for all standard and non-standard hardware.
• All onsite hardware should be covered by onsite warranty agreements with appropriate response times to meet business continuity needs.
• Defective items under warranty should be repaired in a timely fashion.
• Service, maintenance, and support shall be managed through the help desk ticketing system.

Design process and policies for hardware maintenance, warranty, and support documentation handling

3.1.3 Design process for hardware maintenance

Participants

• Asset Manager
• Purchasing
• Service Desk Manager
• Security
• Operations (optional)

Document

Document in the Standard Operating Procedures, Section 10

1. Discuss and document the policy for hardware maintenance, warranty, and support.
2. Key outcomes should include:

• Who signs off on policies?
• What is the timeline for documentation review?
• Where are warranty and maintenance documents stored?
• How will equipment be assessed for condition during audits?
• How often will deployed equipment be reimaged?
• How will equipment repair needs be requested?
• How will repairs for equipment outside warranty be handled?

Use your HAM program to improve security and meet regulatory requirements

ITAM complements and strengthens security tools and processes, improving the company’s ability to protect its data and systems and reduce operational risk.

It’s estimated that businesses worldwide lose more than $221 billion per year as a result of security breaches. HAM is one important factor in securing data, equipment investment, and meeting certain regulatory requirements.

How does HAM help keep your organization secure?

• Educating users on best practices for securing their devices, and providing physical security such as cable locks and tracking mechanisms.
• Best practices for reporting lost or stolen equipment for quickly removing access and remotely wiping devices.
• Accurate location and disposal records will enable accurate reporting for HIPAA and PCI DSS audits where movement of media or hardware containing data is a requirement. Best practices for disposal will include properly wiping drives, recording information, and ensuring equipment is disposed of according to environmental regulations.
• Secure access to data through end-user mobile devices. Use accurate records and MDM tools to securely track, remove access, and wipe mobile devices if compromised.
• Encrypt devices that may be difficult to track such as USB drives or secure ports to prevent data from being copied to external drives.
• Managed hardware allows software to be managed and patched on a regular basis.

Best Practices

1. Educate end users about traveling with equipment. Phones and laptops are regularly stolen from cars; tablets and phones are left on planes. Encourage users to consider how they store equipment on the way home from work.
2. Cable locks used at unsecured offsite or onsite work areas should be supplied to employees.
3. Equipment stored in IT must be secured at all times.

Implement mobile device management (MDM) solutions

Organizations with a formal mobile management strategy have fewer problems with their mobile devices.

Develop a secure MDM to:

• Provide connection and device support when the device is fully subsidized by the organization to increase device control.
• Have loaner devices for when traveling to limit device theft or data loss.
• Personal devices not managed by MDM should be limited to internet access on a guest network.
• Limit personal device access to only internet access or a limited zone for data access and a subset of applications.
• Advanced MDM platforms provide additional capabilities including containerization.

The benefits of a deployed MDM solution:

• Central management of a variety of devices and platforms is the most important advantage of MDM. Administrators can gain visibility into device status and health, set policies to groups of users, and control who has access to what.
• Security features such as enforcing passcodes and remote wipe are also essential, given the increased risk of mobile devices.
  • Remote wipe should be able to wipe either the whole device or just selected areas.
• Separation of personal data is becoming increasingly important as BYOD becomes the norm. This is a feature that vendors are approaching radically differently.
• Device lock: Be able to lock the device itself, its container, or its SIM. Even if the SIM is replaced, the device should still remain locked. Consider remote locking a device if retrieval is possible.

Mobile device management is constantly evolving to incorporate new features and expand to new control areas. This is a high-growth area that warrants constant up-to-date knowledge on the latest developments.

What can be packed into an MDM can vary and be customized in many forms for what your organization needs.

Secure endpoint devices to protect the data you cannot control

Endpoint Encryption

Benefits from endpoint encryption:

• Reduced risk associated with mobile workers.
• Enabled sharing of data in secured workspace.
• Enhanced end-user accountability.
• Reduced number of data breach incidents.
• Reduced number of regulatory violations.

Ways to reduce endpoint encryption costs:

• Use multiple vendors (multiple platforms): 33%
• Use a single vendor (one platform): 40%
• Use a single management console: 22%
• Outsource to managed service provider: 26%
• Permit user self-recovery: 26%

Remote Wiping

• If all else fails, a device can always be erased of all its data, protecting sensitive data that may have been on it.
• Selective wipe takes it a step further by erasing only sensitive data.

Selective wipe is not perfect.

It is nearly impossible to keep the types of data separate, even with a sandbox approach. Selective wipe will miss some corporate data, and even a full remote wipe can only catch some of users’ increasingly widely distributed data.

Selective wipe can erase:

• Corporate profiles, email, and network settings.
• Data within a corporate container or other sandbox.
• Apps deployed across the enterprise.

Know when to perform a remote wipe.

Not every violation of policy warrants a wipe. Playing Candy Crush during work hours probably does not warrant a wipe, but jail breaking or removing a master data management client can open up security holes that do warrant a wipe.

Design an effective asset security policy to protect the business

Data security is not simply restricted to compromised software. In fact, 70% of all data breaches in the healthcare industry since 2010 are due to device theft or loss, not hacking. (California Data Breach Report – October, 2014) ITAM is not just about tracking a device, it is also about tracking the data on the device.

Organizations often struggle with the following with respect to IT asset security:

• IT hardware asset removal control.
• Personal IT hardware assets (BYOD).
• Data removal from IT hardware assets.
• Inventory control with respect to leased hardware and software.
• Unused software.
• Repetitive versions of software.
• Unauthorized software.

Your security policy should seek to protect IT hardware and software that:

• Have value to the business.
• Require ongoing maintenance and support.
• Create potential risk in terms of financial loss, data loss, or exposure.

These assets should be documented and controlled in order to meet security requirements.

The asset security policy should encompass the following:

• Involved parties.
• Hardware removal policy/documentation procedure.
• End-user asset security responsibilities.
• Theft/loss reporting procedure.
• BYOD standards, procedures, and documentation requirements.
• Data removal.
• Software usage.
• Software installation.

Info-Tech Insight

Hardware can be pricey; data is priceless. The cost of losing a device is minimal compared to the cost of losing data contained on a device.

Revise or create an asset security policy

3.1.4 Develop IT asset security policy

Participants

• CIO or IT Director
• Asset Manager
• Service Desk Manager
• Security
• Operations (optional)

Document

Document in the Asset Security Policy.

1. Identify asset security challenges within your organization. Record them in a table like the one below.

2. Brainstorm the reasons for why these challenges exist.
3. Identify target policy details that pertain to each challenge. Record the outcomes in section(s) 5.1, 5.2, or 5.3 of the Asset Security Policy.

Poor asset security and data protection had costly consequences for UK Ministry of Justice

CASE STUDY

Industry Legal

Source ICO

Challenge

The Ministry of Justice (MoJ) in the UK had a security problem: hard drives that contained sensitive prisoner data were unencrypted and largely unprotected for theft.

These hard drives contained information related to health, history of drug use, and past links to organized crime.

After two separate incidents of hard drive theft that resulted in data breaches, the Information Commissioner’s Office (ICO), stepped in.

Solution

It was determined that after the first hard drive theft in October 2011, replacement hard drives with encryption software were provisioned to prisons managed by the MoJ.

Unfortunately, the IT security personnel employed by the MoJ were unaware that the encryption software required manual activation.

When the second hard drive theft occurred, the digital encryption could not act as a backup to poor physical security (the hard drive was not secured in a locker as per protocol).

Results

The perpetrators were never found and the stolen hard drives were never recovered.

As a result of the two data breaches, the MoJ had to implement costly security upgrades to its data protection system.

The ICO fined the MoJ £180,000 for its repeated security breaches. This costly fine could have been avoided if more diligence was present in the MoJ’s asset management program.

Step 3.2: Dispose or Redeploy Assets

3.1 Manage & Maintain

3.2 Dispose or Redeploy

This step will walk you through the following activities:

3.2.1 Identify challenges with IT asset recovery and disposal

3.2.2 Design hardware asset recovery and disposal workflows

3.2.3 Build a hardware asset disposition policy

This step involves the following participants:

• Infrastructure Director/Manager
• Asset Manager
• Service Desk Manager
• Operations (optional)

Step Outcomes:

• Defined process to determine when to redeploy vs. dispose of hardware assets
• Process for recovering and redeploying hardware equipment
• Process for safely disposing of assets that cannot be redeployed
• Comprehensive asset disposition policy

Balance the effort to roll out new equipment against the cost to maintain equipment when building your lifecycle strategy

$500MM); and orange is Overall.">

(Info-Tech Research Group; N=96)

Determining the optimal length of time to continue to use equipment will depend on use case and equipment type

Build a process to determine when and how to redeploy or dispose of hardware assets at end of use

• When equipment is no longer needed for the function or individual to whom it was assigned, the Hardware Asset Manager needs to use data to ensure the right decision is made as to what to do with the asset.
• End of use involves evaluating options for either continuing to use the equipment in another capacity or by another individual or determining that the asset has no remaining value to the organization in any capacity and it is time to retire it.
• If the asset is retired, it may still have capacity for continued use outside of the organization or it may be disposed.

Redeployment

• Deliver the asset to a new user if it is no longer needed by the original user but still has value and usability.
• Redeployment saves money and prevents unnecessary purchases.
• Common when employees leave the company or a merge or acquisition changes the asset pool.

VS.

Disposal

• When an asset is no longer of use to the organization, it may be disposed of.
• Need to consider potential financial and public relations considerations if disposal is not done according to environmental legislation.
• Need to ensure proper documentation and data removal is built into disposition policy.

Use persistent documentation and communication to improve hardware disposal and recovery

Warning! Poor hardware disposal and recovery practices can be caused by the following:

1. Your IT team is too busy and stretched thin. Data disposal is one of many services your IT team is likely to have to deal with, but this service requires undivided attention. By standardizing hardware refreshes, you can instill more predictability with your hardware life cycles and better manage disposal.
2. Poor inventory management. Outdated data and poor tracking practices can result in lost assets during the disposal phase. It only takes a single lost asset to cause a disastrous data breach in your supply chain.
3. Obliviousness to disposal regulations. Electronic disposal and electronically stored data are governed by strict regulation.

How do you improve your hardware disposal and recovery process?

• A specific, controlled process needs to be in place to wipe all equipment and verify that it’s been wiped properly. Otherwise, companies will continue to spend money to protect data while equipment is in use, but overlook the dangerous implications of careless IT asset disposal. Create a detailed documentation process to track your assets every step of the way to ensure that data and applications are properly disposed of. Detailed documentation can also help bolster sustainability reporting for organizations wishing to track such data.
• Better communication should be required. Most decommissioning or refresh processes use multiple partners for manufacturing, warehousing, data destruction, product resale, and logistics. Setting up and vetting these networks can take years, and even then, managing them can be like playing a game of telephone; transparency is key.

Address three core challenges of asset disposal and recovery

Asset Disposal

Data Security

Sixty-five percent of organizations cite data security as their top concern. Many data breaches are a result of hardware theft or poor data destruction practices.

Choosing a reputable IT disposal company or data removal software is crucial to ensuring data security with asset disposal.

Environmental

Electronics contain harmful heavy metals such as mercury, arsenic, and cadmium.

Disposal of e-waste is heavily regulated, and improper disposal can result in hefty fines and bad publicity for organizations.

Residual value

Many obsolete IT assets are simply confined to storage at their end of life.

This often imposes additional costs with maintenance or storage fees and leaves a lot of value on the table through assets that could be sold or re-purposed within the organization.

Identify challenges with IT asset recovery and disposal with a triple bottom line scorecard

3.2.1 Identify challenges with IT asset recovery and disposal

Participants

• Infrastructure Director/Manager
• Asset Manager
• Service Desk Manager
• Operations (optional)

1. Divide the whiteboard into three boxes: Social, Economic, and Environmental.
2. Divide each box into columns like the one shown below:

3. Ask participants to list challenges associated with each area.
4. Once challenges facing recovery and disposal have been exhausted from the group, assign a significance of 1-5 (1 being the lowest and 5 being the highest) to each challenge.
5. Discuss the most significant challenges and how they might be addressed through the next steps of building recovery & disposal processes.

Build a process for recovery and redeployment of hardware

• Having hardware standards in place makes redeploying easier by creating a larger pool of possible users for a standardized asset.
• Most redeployment activities will be carried out by the Help Desk as a service request ticket, so it is important to have clear communication and guidelines with the Help Desk as to which tasks need to be carried out as part of the request.

Ensure the following are addressed:

• Where will equipment be stored before being redeployed?
• Will shipping be required and are shipping costs factored into analysis?
• Ensure equipment is cleaned before it is redeployed.
• Do repairs and reconfigurations need to be made?
• How will software be removed and licenses harvested and reported to Software Asset Manager?
• How will data be securely wiped and protected?

Define the process for safely disposing of assets that cannot be redeployed

Asset Disposal Checklist

1. Review the data stored on the device.
2. Determine if there has been any sensitive or confidential information stored.
3. Remove all sensitive/confidential information.
4. Determine if software licenses are transferable.
5. Remove any non- transferable software prior to reassignment.
6. Update the department’s inventory record to indicate new individual assigned custody.
7. In the event of a transfer to another department, remove data and licensed software.
8. If sensitive data has been stored, physically destroy the storage device.

• Define the process for retiring and disposing of equipment that has reached replacement age or no longer meets minimum conditions or standards.
• Clearly define the steps that need to be taken both before and after the involvement of an ITAD partner.

Design hardware asset recovery and disposal workflows

3.2.2 Design hardware asset recovery and disposal policies and workflows

Participants

• Infrastructure Director/Manager
• Asset Manager
• Service Desk Manager
• Operations (optional)

Document

Document in the Standard Operating Procedures, Sections 11 and 12

Document each step in the recovery and disposal process in two separate workflows using notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.

1. Keeping in mind current challenges around hardware asset recovery and disposal, design the target state for both the asset recovery and disposal processes.
2. Outline each step of the process and be as granular as possible.
3. When you are satisfied that each step is accurately captured, use a second color of notecard to document any challenges, inefficiencies, or pains associated with each step. Consider further documenting the time on each task.
4. Examine each challenge or pain point. Discuss whether or not there is a clear solution to the problem. If so, document the solution and amend the workflow. If not, engage in a broader discussion of possible solutions, taking into account people, processes, and available technology.
5. Review the checklists on the previous slides to ensure all critical tasks are accounted for in your process workflows.

Add equipment disposition to asset lifecycle decisions to meet environmental regulations and mitigate risk

Although traditionally an afterthought in asset management, IT asset disposition (ITAD) needs to be front and center. Increase focus on data security and concern surrounding environmental sustainability and develop an awareness of the cost efficiencies possible through best-practices disposition.

Optimized ITAD solutions:

1. Protect sensitive or valuable data
2. Support sustainability
3. Focus on asset value recovery

Info-Tech Insight

A well-thought-out asset management program mitigates risk and is typically less costly than dealing with a large-scale data loss incident or an inappropriate disposal suit. Also, it protects your company’s reputation – which is difficult to put a price on.

Partner with an ITAD vendor to support your disposition strategy

Maximizing returns on assets requires knowledge and skills in asset valuation, upgrading to optimize market return, supply chain management, and packaging and shipping. It’s unlikely that the return will be adequate to justify that level of investment, so partnering with a full-service ITAD vendor is a no-brainer.

• An ITAD vendor knows the repurpose and resale space better than your organization. They know the industry and have access to more potential buyers.
• ITAD vendors can help your organization navigate costly environmental regulations for improper disposal of IT assets.

Disposal doesn’t mean your equipment has to go to waste.

Additionally, your ITAD vendor can assist with a large donation of hardware to a charitable organization or a school.

Donating equipment to schools or non-profits may provide charitable receipts that can be used as taxable benefits.

Before donating:

• Ensure equipment is needed and useful to the organization.
• Be prepared for an appraisal requirement. Receipts can only be issued for fair market value.
• Prevent compromised data by thoroughly wiping or completely replacing drives.
• Ensure official transfer of ownership to prevent liability if improper disposal practices follow.

Info-Tech Insight

Government assistance grants may be available to help keep your organization’s hardware up to date, thereby providing incentives to upgrade equipment while older equipment still has a useful life.

Protect the organization by sufficiently researching potential ITAD partners

Research ITAD vendors as diligently as you would primary hardware vendors.

Failure to thoroughly investigate a vendor could result in a massive data breach, fines for disposal standards violations, or a poor resale price for your disposed assets. Evaluate vendors using questions such as the following:

• Are you a full-service vendor or are you connected to a wholesaler?
• Who are your collectors and processors?
• How do you handle data wiping? If you erase the data, how many passes do you perform?
• What do you do with the e-waste? How much is reused? How much is recycled?
• Do you have errors and omissions insurance in case data is compromised?
• How much will it cost to recycle or dispose of worthless equipment?
• How much will I receive for assets that still have useful life?

ITAD vendors that focus on recycling will bundle assets to ship to an e-waste plant – leaving money on the table.

ITAD vendors with a focus on reuse will individually package salable assets for resale – which will yield top dollars.

Info-Tech Insight

To judge the success of a HAM overhaul, you need to establish a baseline with which to compare final results. Be sure to take HAM “snapshots” before ITAD partnering so it’s easy to illustrate the savings later.

Work with ITAD partner or equipment supplier to determine most cost-effective method and appropriate time for disposal

2-4 Two-to-four year hardware refresh cycle

• Consider selling equipment to an ITAD partner who specializes in sales of refurbished equipment.
• Consider donating equipment to schools or non-profits, possibly using an ITAD partner who specializes in refurbishing equipment and managing the donation process.

5-7 Five-to-seven year hardware refresh cycle

• At this stage equipment may still have a viable life, but would not be appropriate for school or non-profit donations, due to a potentially shorter lifespan. Consider selling equipment to an ITAD partner who has customers interested in older, refurbished equipment.

7+ Seven or more years hardware refresh cycle

• If keeping computers until they reach end of life, harvest parts for replacement on existing machines and budget for disposal fees.
• Ask new computer supplier about disposal services or seek out ITAD partner who will disassemble and dispose of equipment in an environmentally responsible manner.

Info-Tech Insight

• In all cases, ensure hard drives are cleansed of data with no option for data recovery. Many ITAD partners will provide a drive erasure at DoD levels as part of their disposal service.
• Many ITAD partners will provide analysts to help determine the most advantageous time to refresh.

Ensure data security and compliance by engaging in reliable data wiping before disposition

Failure to properly dispose of data can not only result in costly data breaches, but also fines and other regulatory repercussions. Choosing an ITAD vendor or a vendor that specializes in data erasure is crucial. Depending on your needs, there are a variety of data wiping methods available.

Certified data erasure is the only method that leaves the asset’s hard drive intact for resale or donation. Three swipes is the bare minimum, but seven is recommended for more sensitive data (and required by the US Department of Defense). Data erasure applications may be destructive or non-destructive – both methods overwrite data to make it irretrievable.

Physical destruction must be done thoroughly, and rigorous testing must be done to verify data irretrievability. Methods such as hand drilling are proven to be unreliable.

Degaussing uses high-powered magnets to erase hard drives and makes them unusable. This is the most expensive option; degaussing devices can be purchased or rented.

Info-Tech Best Practice

Data wiping can be done onsite or can be contracted to an ITAD partner. Using an ITAD partner can ensure greater security at a more affordable price.

Make data security a primary driver of asset disposition practices

It is estimated that 10-15% of data loss cases result from insecure asset disposal. Protect yourself by following some simple disposition rules.

1. Reconcile your data onsite

• Verify that bills of landing and inventory records match before assets leave. Otherwise, you must take the receiver’s word on shipment contents.

• Do at least one in-house data wipe before the assets leave the site for greater data security.

• Prompt shipment will minimize involvement with the assets, and therefore, cost. Also, the chance of missing assets will drop dramatically.

• Reputable ITAD companies maintain strict chain of custody control over assets. Using a third party introduces unnecessary risk.

• Records will protect you in the event of an audit, a data loss incident, or an environmental degradation claim. They could save you millions.

• Don’t forget cell phones, fax machines, USB drives, scanners, and printers – they can carry sensitive information that can put the organization at risk.

Work these rules into your disposition policy to mitigate data loss risk.

Support your HAM efforts with a comprehensive disposition policy

3.2.3 Build a Hardware Asset Disposition Policy

Implementation of a HAM program is a waste of time if you aren’t going to maintain it. Maintenance requires the implementation of detailed policies, training, and an ongoing commitment to proper management.

Use Info-Tech’s Hardware Asset Disposition Policy to:

1. Establish and define clear standards, procedures, and restrictions surrounding disposition.
2. Ensure continual compliance with applicable data security and environmental legislation.
3. Assign specific responsibilities to individuals or groups to ensure ongoing adherence to policy standards and that costs or benefits are in line with expectations.

Phase 3 Guided Implementation

Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Guided Implementation 3: Maintain & Dispose

Proposed Time to Completion: 4 weeks

Start with an analyst kick-off call:

• Discuss inventory management best practices.
• Build process for moves, adds, and changes.
• Build process for hardware maintenance.
• Define policies for maintaining asset security.

Then complete these activities…

• Build a MAC policy and request form.
• Build workflows to document user MAC processes.
• Design processes and policies for hardware maintenance, warranty, and support documentation handling.
• Build an asset security policy.

With these tools & templates:

• Standard Operating Procedures
• Asset Security Policy

Step 3.2: Dispose or Redeploy Assets

Review findings with analyst:

• Discuss when to dispose vs. redeploy assets.
• Build process for redeploying vs. disposing of assets.
• Review ITAD vendors.

Then complete these activities…

• Identify challenges with IT asset recovery and disposal.
• Design hardware asset recovery and disposal workflows.
• Build a hardware asset disposition policy.

With these tools & templates:

• Standard Operating Procedures
• Asset Recovery Workflow
• Asset Disposal Workflow
• Hardware Asset Disposition Policy

Phase 3 Insight: Not all assets are created equal. Taking a blanket approach to asset maintenance and security is time consuming and costly. Focus on the high-cost, high-use, and data-sensitive assets first.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

Book a workshop with our Info-Tech analysts:

• To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
• Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
• Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

3.1.4 Revise or create an asset security policy

Discuss asset security challenges within the organization; brainstorm reasons the challenges exist and process changes to address them. Document a new asset security policy.

3.2.2 Design hardware asset recovery and disposal workflows

Document each step in the hardware asset recovery and disposal process, including all decision points. Examine challenges and amend the workflow to address them.

Phase 4

Plan Budget Process and Build Roadmap

Implement Hardware Asset Management

Cisco deployed an enterprise-wide re-education program to implement asset management

CASE STUDY

Industry Networking

Source Cisco IT

Challenge

Even though Cisco Systems had designed a comprehensive asset management program, implementing it across the enterprise was another story.

An effective solution, complete with a process that could be adopted by everyone within the organization, would require extensive internal promotion of cost savings, efficiencies, and other benefits to the enterprise and end users.

Cisco’s asset management problem was as much a cultural challenge as it was a process challenge.

Solution

The ITAM team at Cisco began discussions with departments that had been tracking and managing their own assets.

These sessions were used as an educational tool, but also as opportunities to gather internal best practices to deploy across the enterprise.

Eventually, Cisco introduced weekly meetings with global representation to encourage company-wide communication and collaboration.

Results

“By establishing a process for managing PC assets, we have cut our hardware costs in half.” – Mark Edmonson, Manager – IT Services Expenses

Cisco reports that although change was difficult to adopt, end-user satisfaction has never been higher. The centralized asset management approach has resulted in better contract negotiations through better data access.

A reduced number of hardware and software platforms has streamlined tracking and support, and will only drive down costs as time goes on.

Step 4.1: Plan Hardware Asset Budget

Phase 4: Plan Budget & Build Roadmap

4.1 Plan Budget

4.2 Communicate & Build Roadmap

This step will walk you through the following activities:

4.1 Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget

This step involves the following participants:

• IT Director
• Asset Manager
• Finance Department

Step Outcomes

• Know where to find data to budget for hardware needs accurately
• Learn how to manage a hardware budget
• Plan hardware asset budget with a budgeting tool

Gain control of the budget to increase the success of HAM

A sophisticated hardware asset management program will be able to uncover hidden costs, identify targets for downsizing, save money through redistributing equipment, and improve forecasting of equipment to help control IT spending.

While some asset managers may not have experience managing budgets, there are several advantages to ITAM owning the hardware budget:

• Be more involved in negotiating pricing with suppliers.
• Build better relationships with stakeholders across the business.
• Forecast requirements more accurately.
• Inform benchmarks for hardware performance.
• Gain more responsibility and have a greater influence on purchasing decisions.
• Directly impact the reduction in IT spend.
• Manage the asset database more easily and have a greater understanding of hardware needs.
• Build a continuous rolling refresh.

Use ITAM data to forecast hardware needs accurately and realistically

Your IT budget should be realistic, accounting for business needs, routine maintenance, hardware replacement costs, unexpected equipment failures, and associated support and warranty costs. Know where to find the data you need and who to work with to forecast hardware needs as accurately as possible.

What type of data should I take into account?

Plan for:

• New hardware purchases required
  • Planned refreshes based on equipment lifecycle
  • Inventory for break and fix
  • Standard equipment for new hires
  • Non-standard equipment required
  • Hardware for planned projects
  • Implementation and setup costs
  • Routine hardware implementation
  • Large hardware implementation for projects
  • Support and warranty costs

Take into account:

• Standard refresh cycle for each hardware asset
• Amount of inventory to keep on hand
• Length of time from procurement to inventory
• Current equipment costs and equipment price increases
• Equipment depreciation rates and resale profits

Where do I find the information I need to budget accurately?

• Work with HR to forecast equipment needs for new hires.
• Work with the Infrastructure Manager to forecast devices and equipment needed for approved and planned projects.
• Use the asset management database to forecast hardware refresh and replacement needs based on age and lifecycle.
• Work with business stakeholders to ensure all new equipment needs are accounted for in the budget.

Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget

4.1.1 Build HAM budget

This tool is designed to assist in developing and justifying the budget for hardware assets for the upcoming year. The tool will allow you to budget for projects requiring hardware asset purchases as well as equipment requiring refresh and to adjust the budget as needed to accommodate both projects and refreshes. Follow the instructions on each tab to complete the tool.

The hardware budget should serve as a planning and communications tool for the organization

The most successful relationships have a common vocabulary. Thus, it is important to translate “tech speak” into everyday language and business goals and initiatives as you plan your budget.

One of the biggest barriers that infrastructure and operations team face with regards to equipment budgeting is the lack of understanding of IT infrastructure and how it impacts the rest of the organization. The biggest challenge is to help the rest of the organization overcome this barrier.

There are several things you can do to overcome this barrier:

• Avoid using technical terms or jargon. Terms many would consider common knowledge, such as “WLAN,” are foreign to many.
• Don’t assume the business knows how the technology you’re referring to will impact their day-to-day work. You will need to demonstrate it to them.
• Help the audience understand the business impact of not implementing each initiative. What does this mean for them?
• Discuss the options on the table in terms of the business value that the hardware can enable. Review how deferring refresh projects can impact user-facing applications, systems, and business unit operations.
• Present options. If you can’t implement everything on the project list, present what you can do at different levels of funding.

Info-Tech Insight

Err on the side of inviting more discussion. Your budgeting process relies on business decision makers and receiving actionable feedback requires an ongoing exchange of information.

Help users understand the importance of regular infrastructure refreshes

Getting business users to support regular investments in maintenance relies on understanding and trust. Present the facts in plain language. Provide options, and clearly state the impact of each option.

Example: Your storage environment is nearing capacity.

Don’t:

Explain the project exclusively in technical terms or slang.

“We’re exploring deduping technology as well as cheap solid state, SATA, and tape storage to address capacity.”

Do:

• Explain impact in terms that the business can understand.

“Deduplication technology can reduce our storage needs by up to 50%, allowing us to defer a new storage purchase.”

• Be ready to present project alternatives and impacts.

“Without implementing deduplication technology, we will need to purchase additional storage by the end of the year at an estimated cost of $25,000.”

• Connect the project to business initiatives and strategic priorities.

“This is a cost-effective technique to increase storage capacity to manage annual average data growth at around 20% per year.”

Step 4.2: Build Communication Plan and Roadmap

Phase 4: Plan Budget & Build Roadmap

4.1 Plan Budget

4.2 Communicate & Build Roadmap

This step will walk you through the following activities:

4.2 Develop a HAM implementation roadmap

This step involves the following participants:

• CIO
• IT Director
• Asset Manager
• Service Desk Manager

Step Outcomes

• Documented end-user hardware asset management policies
• Communications plan to achieve support from end users and other business units
• HAM implementation roadmap

Educate end users through ITAM training to increase program success

As part of your communication plan and overall HAM implementation, training should be provided to end users within the organization.

All facets of the business, from management to new hires, should be provided with ITAM training to help them understand their role in the project’s success.

ITAM solutions are complex by nature with both business process and technical knowledge required to use them correctly. Keep the message appropriate to the audience – end users don’t need to know the complete process, but will need to know policy and how to request.

Management may have priorities that appear to clash with new processes. Engage management by making them aware of the benefits and importance of ITAM. Include the benefits and consequences of not implementing ITAM in your education approach. Encourage them to support efforts by reinforcing your messages to end users.

New hires should have ITAM training bundled into their onboarding process. Fresh minds are easier to train and the ITAM program will be seen as an organizational standard, not merely a change.

Policy documents can help summarize end users’ obligations and clarify processes. Consider an IT Resources Acceptable UsePolicy.

"The lowest user is the most important user in your asset management program. New employees are your most important resource. The life cycle of the assets will go much smoother if new employees are brought on board." – Tyrell Hall, ITAM Program Coordinator

Info-Tech Insight

During training, you should present the material through the lens of “what’s in it for me?” Otherwise, you risk alienating end users through implementing organizational change viewed as low value.

Include policy design and enforcement in your communication plan

• Hardware asset management policies should define the actions to be taken to protect and preserve technology assets from failure, loss, destruction, theft, or damage.
• Implementing asset management policies enforces the notion that the organization takes its IT assets and the management of them seriously, and will help ensure the benefits of ITAM are achieved.
• Designing, approving, documenting, and adopting one set of standard ITAM policies for each department to follow will ensure the processes are enforced equally across the organization.
• Good ITAM policies answer the “what, how, and why” of IT asset management, provide the means for ITAM governance, and provide a basis for strategy and decision making.

Info-Tech Insight

Use policy templates to jumpstart your policy development and ensure policies are comprehensive, but be sure to modify and adapt policies to suit your corporate culture or they will not gain buy-in from employees. For a policy to be successful, it must be a living document and have participation and involvement from the committees and departments to whom it will pertain.

Use Info-Tech’s policy templates to build HAM policies

4.2.1 Build HAM policies

Use these HAM policy templates to get started:

Information Technology Standards Policy

This policy establishes standards and guidelines for a company’s information technology environment to ensure the confidentiality, integrity, and availability of company computing resources.

Desktop Move/Add/Change Policy

This desktop move/add/change policy is put in place for users to request to change their desktop computing environments. This policy applies configuration changes within a company.

Purchasing Policy

The purchasing policy helps to establish company standards, guidelines, and procedures for the purchase of all information technology hardware, software, and computer-related components as well as the purchase of all technical services.

Hardware Asset Disposition Policy

This policy assists in creating guidelines around disposition in the last stage of the asset lifecycle.

Additional policy templates

• End-User Devices Acceptable Use Policy
• Software Asset Management Policy
• Software Development Policy
• Laptop Loan Policy
• Personnel Security Policy Template
• Application Security Policy
• Mobile Device Acceptable Use Policy
• Systems Monitoring and Auditing Policy
• Data Center Contract Management Policy

Info-Tech Insight

Use policy templates to jumpstart your policy development and ensure policies are comprehensive, but modify and adapt them to suit your corporate culture or they will not gain buy-in from employees. For a policy to be successful, it must be a living document and have participation from the committees and departments to whom it will pertain.

Create a communication plan to achieve end-user support and adherence to policies

Communication is crucial to the integration and overall implementation of your ITAM program. An effective communication plan will:

• Gain support from management at the project proposal phase.
• Create end-user buy-in once the program is set to launch.
• Maintain the presence of the program throughout the business.
• Instill ownership throughout the business from top-level management to new hires.

Use the variety of components as part of your communication plan in order to reach the organization.

1. Advertise successes.

• Regularly demonstrate the value of the ITAM program with descriptive statistics focused on key financial benefits.
• Share data with the appropriate personnel; promote success to obtain further support from senior management.

• Sharing detailed asset-related reports frequently gives decision makers useful data to aid in their strategy.
• These reports can help your organization prepare for audits, adjust asset budgeting, and detect unauthorized assets.

Develop a communication plan to convey the right messages

4.2.2 Develop a communication plan to convey the right messages

Participants

• CIO
• IT Director
• Asset Manager
• Service Desk Manager

Document

Document in the HAM Communication Plan

1. Identify the groups that will be affected by the HAM program as those who will require communication.
2. For each group requiring a communication plan, identify the following:

• Benefits of HAM for that group of individuals (e.g. better data, security).
• The impact the change will have on them (e.g. change in the way a certain process will work).
• Communication method (i.e. how you will communicate).
• Timeframe (i.e. when and how often you will communicate the changes).

Implement ITAM in a phased, constructive approach

• One of the most difficult decisions to make when implementing ITAM is: “where do we start?”
• The pyramid to the right mirrors Maslow’s hierarchy of needs. The base is the absolute bare minimum that should be in place, and each level builds upon the previous one.
• As you track up the pyramid, your ITAM program will become more and more mature.

Now that your asset lifecycle environment has been constructed in full, it’s time to study it. Gather data about your assets and use the results to create reports and new solutions to continually improve the business.

• Asset Data
• Asset Protection: safely protect and dispose of assets once they are mass distributed throughout your organization.
• Asset Distribution: determine standards for asset provisioning and asset inventory strategy.
• Asset Gathering: define what assets you will procure, distribute, and track. Classifying your assets by tier will allow you to make decisions as you progress up the pyramid.

↑ ITAM Program Maturity

Integrate your HAM program into the organization to assist its implementation

The HAM program cannot perform on its own – it must be integrated with other functional areas of the organization in order to maintain its stability and support.

• Effective IT asset management is supported by a comprehensive set of processes as part of its implementation.
• For example, integration with the purchasing/procurement team is required to gather hardware and software purchase data to control asset costs and mitigate software license compliance risk.
• Integration with Finance is required to support internal cost allocations and charge backs.

To integrate your ITAM program into your organization effectively, a clear implementation roadmap needs to be designed. Prioritize “quick wins” in order to demonstrate success to the business early and gain buy-in from your team. Long-term goals should be designed that will be supported by the outcomes of the short-term gains of your ITAM program.

Info-Tech Insight

Installing an ITAM tool does not mean you have an effective asset management program. A complete solution needs to be built around your tool, but the strength of ITAM comes from processes embedded in the organization that are shaped and supported by your ITAM data.

Develop an IT hardware asset management implementation roadmap

4.2.3 Develop a HAM implementation roadmap

Participants

• CIO
• IT Director
• Asset Manager
• Service Desk Manager

Document

Document in the IT Hardware Asset Management Implementation Roadmap

1. Identify up to five streams to work on initiatives for the hardware asset management project.
2. Fill out key tasks and objectives for each process. Assign responsibility for each task.
3. Select a start date and end date for each task. See tab 1 of the tool for instructions on which letters to input for each stage of the process.
4. Once your list is complete, open tab 3 of the tool to see your completed sunshine diagram.
5. Keep this diagram visible for your team and use it as a guide to task completion as you work towards your future-state value stream.

Focus on continual improvement to sustain your ITAM program

Periodically review the ITAM program in order to achieve defined goals, objectives, and benefits.

Act → Plan → Do → Check

Once ITAM is in place in your organization, a focus on continual improvement creates the following benefits:

• Remain in sync with the business: your asset management program reflects the current and desired future states of your organization at the time of its creation. But the needs of the business change. As mentioned previously, asset management is a dynamic process, so in order for your program to keep pace, a focus on continual improvement is needed.
  • For example, imagine if your organization had designed your ITAM program before cloud-based solutions were an option. What if your asset classification scheme did not include personal devices or tablets or your asset security policy lacked a section on BYOD?
• Create funding for new projects through ITAM continual improvement: one of the goals is to save money through more efficient use of your assets by “sweating” out underused hardware and software.
  • It may be tempting to simply present the results to Finance as savings, but instead, describe the results as “available funds for other projects.” Otherwise, Finance may view the savings as a nod to restrict IT’s budget and allocate funds elsewhere. Make it clear that any saved funds are still required, albeit in a different capacity.

Info-Tech Best Practice

Look for new uses for ITAM data. Ask management what their goals are for the next 12-18 months. Analyze the data you are gathering and determine how your ITAM data can assist with achieving these goals.

Phase 4 outline

Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Step 4.1: Plan Budget

Start with an analyst kick-off call:

• Know where to find data to budget for hardware needs accurately.
• Learn how to manage a hardware budget.

Then complete these activities…

• Plan hardware asset budget.

With these tools & templates:

HAM Budgeting Tool

Step 4.2: Communicate & Roadmap

Review findings with analyst:

• Develop policies for end users.
• Build communications plan.
• Build an implementation roadmap.

Then complete these activities…

• Build HAM policies.
• Develop a communication plan.
• Develop a HAM implementation roadmap.

With these tools & templates:

HAM policy templates

HAM Communication Plan

HAM Implementation Roadmap

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

Book a workshop with our Info-Tech analysts:

• To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
• Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
• Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

4.1.1 Build a hardware asset budget

Review upcoming hardware refresh needs and projects requiring hardware purchases. Use this data to forecast and budget equipment for the upcoming year.

4.2.2 Develop a communication plan

Identify groups that will be affected by the new HAM program and for each group, document a communications plan.

Insight breakdown

Overarching Insights

HAM is more than just tracking inventory. A mature asset management program provides data for proactive planning and decision making to reduce operating costs and mitigate risk.

ITAM is not just IT. IT leaders need to collaborate with Finance, Procurement, Security, and other business units to make informed decisions and create value across the enterprise.

Treat HAM like a process, not a project. HAM is a dynamic process that must react and adapt to the needs of the business.

Phase 1 Insight

For asset management to succeed, it needs to support the business. Engage business leaders to determine needs and build your HAM program around these goals.

Phase 2 Insight

Bridge the gap between IT and Finance to build a smoother request and procurement process through communication and routine reporting. If you’re unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand.

Phase 3 Insight

Not all assets are created equal. Taking a blanket approach to asset maintenance and security is time consuming and costly. Focus on the high-cost, high-use, and data-sensitive assets first.

Phase 4 Insight

Deploying a fancy ITAM tool will not make hardware asset management implementation easier. Implementation is a project that requires you focus on people and process first – the technology comes after.

Related Info-Tech research

Implement Software Asset Management

Build an End-User Computing Strategy

Find the Value – and Remain Valuable – With Cloud Asset Management

Consolidate IT Asset Management

Harness Configuration Management Superpowers

IT Asset Management Market Overview

Bibliography

Chalkley, Martin. “Should ITAM Own Budget?” The ITAM Review. 19 May 2011. Web.

“CHAMP: Certified Hardware Asset Management Professional Manual.” International Association of Information Technology Asset Managers, Inc. 2008. Web.

Foxen, David. “The Importance of Effective HAM (Hardware Asset Management).” The ITAM Review. 19 Feb. 2015. Web.

Foxen, David. “Quick Guide to Hardware Asset Tagging.” The ITAM Review. 5 Sep. 2014. Web.

Galecki, Daniel. “ITAM Lifecycle and Savings Opportunities – Mapping out the Journey.” International Association of IT Asset Managers, Inc. 16 Nov. 2014. Web.

“How Cisco IT Reduced Costs Through PC Asset Management.” Cisco IT Case Study. 2007. Web.

Irwin, Sherry. “ITAM Metrics.” The ITAM Review. 14 Dec. 2009. Web.

“IT Asset and Software Management.” ECP Media LLC, 2006. Web.

Rains, Jenny. “IT Hardware Asset Management.” HDI Research Brief. May 2015. Web.

Riley, Nathan. “IT Asset Management and Tagging Hardware: Best Practices.” Samanage Blog. 5 March 2015. Web.

“The IAITAM Practitioner Survey Results for 2016 – Lean Toward Ongoing Value.” International Association of IT Asset Managers, Inc. 24 May 2016. Web.

Make Sense of Strategic Portfolio Management

Separate what's new and valuable from bloated claims on the hype cycle.

Analyst Perspective

Do you need strategic portfolio management, or do you need to do portfolio management more strategically?

Travis Duncan
Research Director, PPM and CIO Strategy
Info-Tech Research Group

While the market is eager to get users into what they're calling "strategic portfolio management," there's a lot of uncertainty out there about what this market is and how it's different from other, more established portfolio disciplines – most significantly, project portfolio management.

Indeed, if you look at how the space is covered within the industry, you'll encounter a dog's breakfast of players, a comparison of apples and oranges: Jira in the same quadrants as Planisware, Smartsheets in the same profiles as Planview and ServiceNow. While each of the individual players is impressive, their areas of focus are unique and the extent to which they should be compared together under the category of strategic portfolio management is questionable.

It speaks to some of the grey area within the SPM space more generally, which is at a bit of a crossroads: Will it formally shed the guardrails of its antecedents to become its own space, or will it devolve into a bait and switch through which capabilities that struggled to gain much traction beyond IT settings seek to infiltrate the business and grow their market share under a different name?

Part of it is up to the rest of us as users and potential customers. Clarifying what we need before we jump into something simply because our prior attempts failed will help determine whether we need a unique space for strategic portfolio management or whether we simply need to do portfolio management more strategically.

Executive Summary

Info-Tech Insight
In the same way that it took many years for PPM to stabilize as a concept distinct from traditional enterprise project management, strategic portfolio management is experiencing a similar period of formational uncertainty. In a space that can be all things to all users, clarify your actual needs before jumping onto a bandwagon and ending up with something that you don't need, and that the organization can't adopt.

Strategic portfolio management is enterprise portfolio management

Evolved from various other capabilities and vendor solutions, strategic portfolio management (SPM) seeks to connect strategy to execution.

While the concept of 'strategic portfolio management' has been written about within project portfolio management circles for nearly 20 years, SPM, as a distinct organizational competence and software category, is a relatively new and largely vendor-driven capability.

First emerging in the discourse during the mid-to-late 2010s, SPM has evolved from its roots in traditional enterprise project portfolio management. Though, as we will discuss, it has other antecedents not limited to PPM.

In this publication, we'll unpack what SPM is, how it is distinct (and, in turn, how it is not distinct) from PPM and other capabilities, and we will consider the extent to which your organization can and should leverage an SPM application to help drive strategic outcomes.

–The increasing need to deliver value from digital initiatives is giving rise to strategic portfolio management, a digital investment management discipline that enables strategy realization in complex dynamic environments."
– OnePlan, "Is Strategic Portfolio Management the Future of PPM?"

Only 2% of business leaders are confident that they will achieve 80% to 100% of their strategic objectives.
Source: Smith, 2022

Put strategic portfolio management in context

SPM is a new stage in the history of project portfolio management more generally. While it's emerging as a distinct capability, and it borrows from capabilities beyond PPM, unpacking its distinctiveness is best done by first understanding its source.

Understand the recent triggers for strategic portfolio management

Triggers for the emergence of strategic portfolio management in the discourse include the pace of technology-introduced change, the waning of enterprise project management, and challenges around enterprise PPM tool adoption.

Spot the difference?

Scope, focus, and audience are just a few of the factors distinguishing what the market calls "SPM" from traditional PPM.

Info-Tech Insight
The distinction between the two capabilities is not necessarily as black and white as the table above would have it (some "PPM" tools offer what we're identifying above as "SPM" capabilities), but it can be helpful to think in these binaries when trying to distinguish the two capabilities. At the very least, SPM broadens its scope to target more executive and business users, and functions best when it's speaking at a higher level, to a business audience.

Strategic portfolio management offers a more holistic view of the enterprise

At its best, strategic portfolio management can accommodate various paradigms of work management and incorporate different types of portfolio management.

Perhaps the biggest evolution from traditional PPM that strategic portfolio management promises is that it casts a wider net in terms of the types of work it tracks (and how it tracks that work) and the types of portfolios it accommodates.

Not bound to the concepts of "projects" and a "project portfolio" specifically, SPM broadens its scope to encompass capabilities like product and product portfolio management, enterprise architecture management, security and risk management, and more.

• Where a PPM solution only shows one piece of the puzzle, SPM looks at the entire investment ecosystem, tracking strategic goals, the ideas generated to help achieve those goals, and all the various kinds of investments made in the service of those goals.
• what's more, where traditional PPM tools required users to adhere to a certain way of working and managing tasks, SPM is more flexible, relying on integrations across various ways of working to provide higher-level insight on the progress of work and the achievement of goals.

Deliver business strategy and change effectively

"An SPM tool will capture business strategy, business capabilities, operating models, the enterprise architecture and the project portfolio with unmatched visibility into how they all relate. This will give...a robust understanding of the impact of a proposed IT change " and enable IT and business to act like cocreators driving innovation."
– Paula Ziehr

You might need a strategic portfolio management tool if–

If you find yourself facing any of these situations, it might be time to step away from your PPM tool and into an SPM approach:

• Your organization is facing a large implementation that will cross multiple departmental units and requires alignment across senior leadership (e.g. a digital transformation initiative).
• You currently have disparate systems tracking different portfolios (project, product, applications, etc.) and types of investments, but lack insight into the whole in terms of how work efforts and investments tie back to strategy realization.
• You are an ePMO or a strategy realization office that doesn't manage work necessarily, but that rather ensures that the work, assets, and capabilities that are funded connect to strategy and drive the realization of strategy.

Sixty one percent of leaders acknowledge their companies struggle to bridge the gap between creating a strategy and executing on that strategy.
Source: StrategyBlocks, 2020

Get to know your strategic portfolio management stakeholders

In terms of users, SPM's focus is further up the org chart than most applications, relying on high-level but usable outputs to help drive decision making.

What should you look for in a strategic portfolio management tool? (1 of 2)

Standard features for SPM include:

What should you look for in a strategic portfolio management tool? (2 of 2)

Advanced features for SPM can include:

What's promising within the space?

As this space continues to stabilize, the following are some promising associations for business and IT enablement.

What's of concern within the space?

As a progeny from other capabilities, SPM has some risks and connotations potential users should be wary of.

Does your organization need a strategic portfolio management tool?

Use Info-Tech's Strategic Portfolio Management Needs Assessment to gauge your readiness for SPM.

• As noted in previous places in this deck, there is often a grey area in the market between project portfolio management tools and strategic portfolio management tools.
• Some PPM tools offer SPM functionality, while some SPM tools avoid traditional PPM outcomes and stay at a higher, strategic level.
• Depending on the scope of your PMO or portfolio optimization needs, you may need a tool that has just one, or both, of these capabilities.
• Use Info-Tech's Strategic Portfolio Management Needs Assessment to help you assess whether you require a high-level strategy management tool, a more low-level project portfolio management tool, or a mix of both.

Download Info-Tech's Strategic Portfolio Management Needs Assessment

1.1 Assess your needs

10 to 20 minutes

1. The Strategic Portfolio Management Needs Assessment is a 41-question survey broken up into three parts: (1) PMO Type, (2) Features and Functionality, (3) Roles.
2. Go through each section using the provided dropdowns to help identify the orientation of your PMO, the feature and functionality needs of your office, as well as the roles whose needs will need to be serviced through the potential tool implementation.

This screenshot shows a sample output from the assessment. Based upon your inputs, you'll be grouped within three ranges:

1. Green: Based upon your inputs, you will benefit from an SPM tool.
2. Yellow: You may benefit from an SPM tool, but you may also require something more traditional. Clarify your requirements before proceeding.
3. Red: you're unlikely to leverage many of the benefits of an SPM tool at this time. Look for a more tactical solution.

Explore the SPM vendor landscape

Use Info-Tech's application selection resources to help find the right solution for your organization.

If the analysis in the previous slides suggested you can benefit from an SPM tool, you can quick-start your vendor evaluation process with SoftwareReviews.

SoftwareReviews has extensive coverage of not just the SPM space, but of the project portfolio management (pictured to the top right) and project management spaces as well. So, from the tactical to the strategic, SoftwareReviews can help you find the right tools.

Further, as you settle in on a shortlist, you can begin your vendor analysis using our rapid application selection methodology (see framework on bottom right). For more information see our The Rapid Application Selection Framework blueprint.

Info-Tech's Rapid Application Selection Framework (RASF)

Related Info-Tech Research

Develop a Project Portfolio Management Strategy
Drive IT project throughput by throttling resource capacity.

Prepare an Actionable Roadmap for your PMO
Turn planning into action with a realistic PMO timeline.

Maintain an Organized Portfolio
Align portfolio management practices with COBIT (APO05: Manage Portfolio)

Bibliography

Angliss, Katy, and Pete Harpum. Strategic Portfolio Management: In the Multi-Project and Program Organization. Book. Routledge. 30 Dec. 2022.

Anthony, James. "95 Essential Project Management Statistics: 2022 Market Share & Data Analysis." Finance Online. 2022. Web. Accessed 21 March 2022

Banham, Craig. "Integrating strategic planning with portfolio management." Sopheon. Webinar. Accessed 6 Feb. 2023.

Garfein, Stephen J. "Executive Guide to Strategic Portfolio Management: roadmap for closing the gap between strategy and results." PMI. Conference Paper. Oct. 2007. Accessed 6 Feb. 2023.

Garfein, Stephen J. "Strategic Portfolio Management: A smart, realistic and relatively fast way to gain sustainable competitive advantage." PMI. Conference Paper. 2 March 2005. Accessed 6 Feb. 2023.

Hontar, Yulia. "Strategic Portfolio Management." PPM Express. Blog 16 June 2022. Accessed 6 Feb. 2023.

Milsom, James. "6 Strategic Portfolio Management Trends for 2023." i-nexus. Blog. 25 Jan. 2022. Accessed 6 Feb. 2023.

Milsom, James. "Strategic Portfolio Management 101." i-nexus. 8 Dec. 2021. Blog . Accessed 6 Feb. 2023.

OnePlan, "Is Strategic Portfolio Management the Future of PPM?" YouTube. 17 Nov. 2022. Accessed 6 Feb. 2023.

OnePlan. "Strategic Portfolio Management for Enterprise Agile." YouTube. 27 May 2022. Accessed 6 Feb. 2023.

Piechota, Frank. "Strategic Portfolio Management: Enabling Successful Business Outcomes." Shibumi. Blog . 31 May 2022. Accessed 6 Feb. 2023.

ServiceNow. "Strategic Portfolio Management—The Thing You've Been Missing." ServiceNow. Whitepaper. 2021. Accessed 6 Feb. 2023.

Smith, Shepherd, "50+ Eye-Opening Strategic Planning Statistics" ClearPoint Strategy. Blog. 13 Sept. 2022. Accessed 6 Feb. 2023.

SoftwareAG. "What is Strategic Portfolio Management (SPM)?" SoftwareAG. Blog. Accessed 6 Feb. 2023.

Stickel, Robert. "What It Means to be Adaptive." OnePlan. Blog. 24 May 2021. Accessed 6 Feb. 2023.

UMT360. "What is Strategic Portfolio Management?" YouTube. Webinar. 22 Oct. 2020. Accessed 6 Feb. 2023.

Wall, Caroline. "Elevating Strategy Planning through Strategic Portfolio Management." StrategyBlocks. Blog. 26 Feb. 2020. Accessed 6 Feb. 2023.

Westmoreland, Heather. "What is Strategic Portfolio Management." Planview. Blog. 19 Oct 2002. Accessed 6 Feb. 2023.

Wiltshire, Andrew. "Shibumi Included in Gartner Magic Quadrant for Strategic Portfolio Management for the 2nd Straight Year." Shibumi. Blog. 20 Apr. 2022. Accessed 6 Feb. 2023.

Ziehr, Paula. "Keep your eye on the prize: Align your IT investments with business strategy." SoftwareAG. Blog. 5 Jul. 2022. Accessed 6 Feb. 2023.

Adding the Right Value: Building Cloud Brokerages That Enable

Considerations for implementing an institutional-focused cloud brokerage.

Your Challenge

Increasingly, large institutions and governments are adopting cloud-first postures for delivering IT resources. Combined with the growth of cloud offerings that are able to meet the certifications and requirements of this segment that has been driven by federal initiatives like Cloud-First in Canada and Cloud Smart in the United States, these two factors have left institutions (and the businesses that serve them) with the challenge of delivering cloud services to their users while maintaining compliance, control, and IT sanity.

In many cases, the answer is to develop a cloud brokerage to manage the complexity. But what should your cloud broker be delivering and how?

Navigating the Problem

Not all cloud brokerages are the same. And while they can be an answer to cloud complexity, an ineffective brokerage can drain value and complicate operations even further. Cloud brokerages need to be designed:

1. To deliver the right type of value to its users.
2. To strike the balance between effective governance & security and flexibility & ease of use.

Info-Tech’s Approach

By defining your end goals, framing solutions based on the type of value and rigor your brokerage needs to deliver, and focusing on the right balance of security and flexibility, you can deliver a brokerage that delivers the best of all worlds.

1. Define the brokerage value you want to deliver.
2. Build the catalog and partner ecosystem.
3. Understand how to maximize adoption and minimize disintermediation while maintaining architectural discipline and compliance.

Info-Tech Insight

Sometimes a brokerage delivery model makes sense, sometimes it doesn’t! Understanding the value addition you want your brokerage to provide before creating it allows you to not only avoid pitfalls and maximize benefits but also understand when a brokerage model does and doesn’t make sense in the first place.

Project Overview

Understand what value you want your brokerage to deliver

Different institutions want brokerage delivery for different reasons. It’s important to define up front why your users need to work through a brokerage and what value that brokerage needs to deliver.

What’s in the catalog? Is it there to consolidate and simplify billing and consumption? Or does it add value further up the technology stack or value chain? If so, how does that change the capabilities you need internally and from partners?

Security and compliance are usually the highest priority

Among institutions adopting cloud, a broker that can help deliver their defined security and compliance standards is an almost universal requirement. Especially in government institutions, this can mean the need to meet a high standard in both implementation and validation.

The good news is that even if you lack the complete set of skills in-house, the high certification levels available from hyperscale providers combined with a growing ecosystem of service providers working on these platforms means you can usually find the right partner(s) to make it possible.

The real goal: frictionless intermediation and enablement

Ultimately, if end users can’t get what they need from you, they will go around you to get it. This challenge, which has always existed in IT, is further amplified in a cloud service world that offers users a cornucopia of options outside the brokerage. Furthermore, cloud users expect to be able to consume IT seamlessly. Without frictionless satisfaction of user demand your brokerage will become disintermediated, which risks your highest priorities of security and compliance.

Understand the evolution: Info-Tech thought model

While initial adoption of cloud brokerages in institutions was focused on ensuring the ability of IT to extend its traditional role as gatekeeper to the realm of cloud services, the focus has now shifted upstream to enabling ease of use and smart adoption of cloud services. This is evidenced clearly in examples like the US government’s renaming of its digital strategy from “Cloud First” to “Cloud Smart” and has been mirrored in other regions and institutions.

Info-Tech Insights

To avoid failure, you need to provide security and compliance.

Basic user satisfaction means becoming a frictionless intermediary.

Exceed expectations! Enabling brokers provide knowledge and guidance for the best usage of cloud.

• Security & Compliance
• Frictionless Intermediation
• Cloud-Enabling Brokerage

Define the role of a cloud broker

Where do brokers fit in the cloud model?

• NIST Definition: An entity that manages the use, performance, and delivery of cloud services and negotiates relationships between cloud providers and cloud consumers.
• Similar to a telecom master agent, a cloud broker acts as the middle-person and end-user point of contact, consolidating the management of underlying providers.
• A government or institutional cloud broker (GCB) is responsible for the delivery of all cloud services consumed by the departments or agencies it supports or that are mandated to use it.

Balancing governance and agility

Info-Tech Insight

While GCBs fill a critical role as a control point for IT consumption, they can easily turn into a friction point for IT projects. It’s important to find the right balance between enabling compliance and providing frictionless usability.

Model brokerage drivers and benefits

Maintain compliance and ensure architecture discipline: Brokerages can be an effective gating point for ensuring properly governed and managed IT consumption that meets the specific regulations and compliances required for an institution. It can also be a strong catalyst and enabler for moving to even more effective cloud consumption through automation.

Avoid disintermediation: Especially in institutions, cloud brokers are a key tool in the fight against disintermediation – that is, end users circumventing your IT department’s procurement and governance by consuming an ad hoc cloud service.

Leverage economies of scale: Simply put, consolidation of your cloud consumption drives effectiveness by making the most of your buying power.

Info-Tech Insights

Understanding the importance of each benefit type to your brokerage audience will help you define the type of brokerage you need to build and what skills and partners will be required to deliver the right value.

The brokerage landscape

The past ten years have seen governments and institutions evolve from basic acceptance of cloud services to the usage of cloud as the core of most IT initiatives.

• As part of this evolution, many organizations now have well-defined standards and guidance for the implementation, procurement, and regulation of cloud services for their use.
• Both Canada (Strategic Plan for Information Management and Information Technology) and the United States (Cloud Smart – formerly known as Cloud First) have recently updated their guidance on adoption of cloud services. The Australian Government has also recently updated its Cloud Computing Policy.
• AWS and Azure both now claim Full FedRAMP (Federal Risk and Authorization Management Program) certification.
• This has not only enabled easy adoption of these core hyperscale cloud service by government but also driven the proliferation of a large ecosystem of FedRAMP-authorized cloud service providers.
• This trend started with government at the federal level but has cascaded downstream to provincial and municipal governments globally, and the same model seems likely to be adopted by other governments and other institution types over time.

Info-Tech Insight

The ecosystem of platforms and tools has grown significantly and examples of best practices, especially in government, are readily available. Once you’ve defined your brokerage’s value stance, the building blocks you need to deliver often don’t need to be built from scratch.

Address the unique challenges of business-led IT in institutions

With the business taking more accountability and management of their own technology, brokers must learn how to evolve from being gatekeepers to enablers.

Turn brokerage pitfalls into opportunities

The greatest risks in using a cloud broker come from its nature as a single point of distribution for service and support. Without resources (or automation) to enable scale, as well as responsive processes for supporting users in finding the right services and making those services available through the brokerage, you will lose alignment with your users’ needs, which inevitably leads to disintermediation, loss of IT control, and broken compliance

Info-Tech Insights

Standardization and automation are your friend when building a cloud brokerage! Sometimes this means having a flexible catalog of options and configurations, but great brokerages can deliver value by helping their users redefine and evolve their workloads to work more effectively in the cloud. This means providing guidance and facilitating the landing/transformation of users’ workloads in the cloud, the right way.

Validate your cloud brokerage strategy using Info-Tech’s approach

Value Definition

• Define your brokerage type and value addition

Capabilities Mapping

• Understand the partners and capabilities you need to be able to deliver

Measuring Value

• Define KPIs for both compliant delivery and frictionless intermediation

Provide Cloud Excellence

• Move from intermediation to enablement and help users land on the cloud the right way

Define the categories for your brokerage’s benefit and value

Depending on the type of brokerage, the value delivered may be as simple as billing consolidation, but many brokerages go much deeper in their value proposition.

Define the categories of brokerage value to add

• Purchasing Agents save the purchaser time by researching services from different vendors and providing the customer with information about how to use cloud computing to support business goals.
• Contract Managers may also be assigned power to negotiate contracts with cloud providers on behalf of the customer. In this scenario, the broker may distribute services across multiple vendors to achieve cost-effectiveness, while managing the technical and procurement complexity of dealing with multiple vendors.
  • The broker may provide users with an application program interface (API) and user interface (UI) that hides any complexity and allows the customer to work with their cloud services as if they were being purchased from a single vendor. This type of broker is sometimes referred to as a cloud aggregator.
• Cloud Enablers can also provide the customer with additional services, such as managing the deduplication, encryption, and cloud data transfer and assisting with data lifecycle management and other activities.
• Cloud Customizers integrate various underlying cloud services for customers to provide a custom offering under a white label or its own brand.
• Cloud Agents are essentially the software version of a Contract Manager and act by automating and facilitating the distribution of work between different cloud service providers.

Info-Tech Insights

Remember that these categories are general guidelines! Depending on the requirements and value a brokerage needs to deliver, it may fit more than one category of broker type.

Brokerage types and value addition

Info-Tech Insights

Each value addition your brokerage invests in delivering should tie to reinforcing efficiency, compliance, frictionlessness, or enablement.

Start by delivering value in these common brokerage service categories

Security & Compliance

• Reporting & Auditing
• SIEM & SOC Services
• Patching & Monitoring

Cost Management

• Right-Sizing
• Billing Analysis
• Anomaly Detection & Change Recommendations

Data Management

• Data Tiering
• Localization Management
• Data Warehouse/Lake Services

Resilience & Reliability

• Backup & Archive
• Replication & Sync
• DR & HA Management
• Ransomware Prevention/Mitigation

Cloud-Native & DevOps Enablement

• Infrastructure as Code (IaC)
• DevOps Tools & Processes
• SDLC Automation Tools

Design, Transformation, and Integration

• CDN Integration
• AI Tools Integration
• SaaS Customizations

Activity: Brokerage value design

Who are you and who are you building this for?

• Internal brokerage (i.e. you are a department in an organization that is tasked with providing IT resources to other internal groups)
  • No profit motivation
  • Primary goal is to maintain compliance and avoid disintermediation
• Third-party brokerage (i.e. you are an MSP that needs to build a brokerage to provide a variety of downstream services and act as the single point of consumption for an organization)
  • Focus on value-addition to the downstream services you facilitate for your client
  • Increased requirement to quickly add new partners/services from downstream as required by your client

What requirements and pains do you need to address?

• Remember that in the world of cloud, users ultimately can go around IT to find the resources and tools they want to use. In short, if you don’t provide ease and value, they will get it somewhere else.
• Assess the different types of cloud brokerages out there as a guide to what sort of value you want to deliver.

Why are you creating a brokerage? There are several categories of driver and more than one may apply.

• Compliance and security gating/validation
• Cost consolidation and governance
• Value-add or feature enhancement of raw/downstream services being consumed

It’s important to clearly understand how best you can deliver unique value to ensure that they want to consume from you.

Understand the ecosystem you’ll require to deliver value

GCB

• Enabling Effectiveness
• Cost Governance
• Adoption and User Satisfaction
• Security & Compliance

Whatever value proposition and associated services your brokerage has defined, either internal resources or additional partners will be required to run the platform and processes you want to offer on top of the defined base cloud platforms.

Info-Tech Insights

Remember to always align your value adds and activities to the four key themes:

• Efficiency
• Compliance
• Frictionlessness
• Cloud Enablement

Delivering value may require an ecosystem

The additional value your broker delivers will depend on the tools and services you can layer on top of the base cloud platform(s) you support.

In many cases, you may require different partners to fulfil similar functions across different base platforms. Although this increases complexity for the brokerage, it’s also a place where additional value can be delivered to end users by your role as a frictionless intermediary.

Base Partner/Platform

• Third-party software & platforms
• Third-party automations & integrations
• Third-party service partners
• Internal value-add functions

Build the ecosystem you need for your value proposition

Leverage partners and automation to bake compliance in.

Different value-add types (based on the category/categories of broker you’re targeting) require different additional platforms and partners to augment the base cloud service you’re brokering.

Security & Config

• IaC Tools
• Cloud Resource Configuration Validation
• Templating Tools
• Security Platforms
• SDN and Networking Platforms
• Resilience (Backup/Replication/DR/HA) Platforms
• Data & Storage Management
• Compliance and Validation Platforms & Partners

Cost Management

• Subscription Hierarchy Management
• Showback and Chargeback Logic
• Cost Dashboarding and Thresholding
• Governance and Intervention

Adoption & User Satisfaction

• Service Delivery SLAs
• Support Process & Tools
• Capacity/Availability Management
• Portal Usability/UX

Speed of Evolution

• Partner and Catalog/Service Additions
• Broker Catalog Roadmapping
• User Request Capture (new services)
• User Request Capture (exceptions)

Build your features and services lists

Incorporate your end user, business, and IT perspectives in defining the list of mandatory and desired features of your target solution.

See our Implement a Proactive and Consistent Vendor Selection Process blueprint for information on procurement practices, including RFP templates.

End User

• Visual, drag-and-drop models to define data models, business logic, and user interfaces
• One-click deployment
• Self-healing application
• Vendor-managed infrastructure
• Active community and marketplace
• Prebuilt templates and libraries
• Optical character recognition and natural language processing

Business

• Audit and change logs
• Theme and template builder
• Template management
• Knowledgebase and document management
• Role-based access
• Business value, operational costs, and other KPI monitoring
• Regulatory compliance
• Consistent design and user experience across applications
• Business workflow automation

IT

• Application and system performance monitoring
• Versioning and code management
• Automatic application and system refactoring and recovery
• Exception and error handling
• Scalability (e.g. load balancing) and infrastructure management
• Real-time debugging
• Testing capabilities
• Security management
• Application integration management

Understand the stakeholders

Depending on the value-add(s) you are trying to deliver, as well as the requirements from your institution(s), you will have a different delineation of responsibilities for each of the value-add dimensions. Typically, there will be at least three stakeholders whose role needs to be considered for each dimension:

• Base Cloud Provider
• Third-Party Platforms/Service Providers
• Internal Resources

Info-Tech Insights

It’s important to remember that the ecosystem of third-party options available to you in each case will likely be dependent on if a given partner operates or supports your chosen base provider.

Define the value added by each stakeholder in your value chain

A basic table of the stakeholders and platforms involved in your value stream is a critical tool for aligning activities and partners with brokerage value.

Remember to tie each value-add category you’re embarking on to at least one of the key themes!

Cost Governance → Efficiency

Security & Compliance → Compliance

Adoption & User Satisfaction → Frictionlessness

New Service Addition Responsiveness → Frictionlessness, Enablement

End-User Cloud Effectiveness → Enablement

Info-Tech Insights

The expectations for how applications are consumed and what a user experience should look like is increasingly being guided by the business and by the disintermediating power of the cloud-app ecosystem.

“Enabling brokers” help embrace business-led IT

In environments where compliance and security are a must, the challenges of handing off application management to the business are even more complex. Great brokers learn to act not just as a gatekeeper but an enabler of business-led IT.

Business Empowerment

Organizations are looking to enhance their Agile and BizDevOps practices by shifting traditional IT practices left and toward the business.

Changing Business Needs

Organizational priorities are constantly changing. Cost reduction opportunities and competitive advantages are lost because of delayed delivery of features.

Low Barrier to Entry

Low- and no-code development tools, full-stack solutions, and plug-and-play architectures allow non-technical users to easily build and implement applications without significant internal technical support or expertise.

Democratization of IT

A wide range of digital applications, services, and information are readily available and continuously updated through vendor and public marketplaces and open-source communities.

Technology-Savvy Business

The business is motivated to learn more about the technology they use so that they can better integrate it into their processes.

Balance usability and compliance: accelerate cloud effectiveness

Move to being an accelerator and an enabler! Rather than creating an additional layer of complexity, we can use the abstraction of a cloud brokerage to bring a wide variety of value-adds and partners into the ecosystem without increasing complexity for end users.

Manage the user experience

• Your portal is a great source of data for optimizing user adoption and satisfaction.
• Understand the KPIs that matter to your clients or client groups from both a technical and a service perspective.

Be proactive and responsive in meeting changing needs

• Determine dashboard consumption by partner view.
• Regularly review and address the gaps in your catalog.
• Provide an easy mechanism for adding user-demanded services.

Think like a service provider

• You do need to be able to communicate and even market internally new services and capabilities as you add them or people won't know to come to you to use them.
• It's also critical in helping people move along the path to enablement and knowing what might be possible that they hadn't considered.

Provide cloud excellence functions

Enablement Broker

• Mentorship & Training
  • Build the skills, knowledge, and experiences of application owners and managers with internal and external expertise.
• Organizational Change Leadership
  • Facilitate cultural, governance, and other organizational changes through strong relationships with business and IT leadership.
• Good Delivery Practices & Thinking
  • Develop, share, and maintain a toolkit of good software development lifecycle (SDLC) practices and techniques.
• Knowledge Sharing
  • Centralize a knowledgebase of up-to-date and accurate documentation and develop community forums to facilitate knowledge transfer.
• Technology Governance & Leadership
  • Implement the organizational standards, policies, and rules for all applications and platforms and coordinate growth and sprawl.
• Shared Services & Integrations
  • Provide critical services and integrations to support end users with internal resources or approved third-party providers and partners.

Gauge value with the right metrics

Focus your effort on measuring key metrics.

Determine measures that demonstrate the value of your brokerage by aligning it with your quality definition, value drivers, and users’ goals and objectives. Recognize that your journey will require constant monitoring and refinement to adjust to situations that may arise as you adopt new products, standards, strategies, tactics, processes, and tools.

Activity Output

Ultimately, the goal is designing a brokerage that can evolve from gatekeeping to frictionless intermediation to cloud enablement.

Maintain focus on the value proposition, your brokerage ecosystem, and the metrics that represent enablement for your users and avoid pitfalls and challenges from the beginning.

Appendix

Related blueprints and tools

Document Your Cloud Strategy

This blueprint covers aligning your value proposition with general cloud requirements.

Define Your Digital Business Strategy

Phase 1 of this research covers identifying value chains to be transformed.

Embrace Business-Managed Applications

Phase 1 of this research covers understanding the business-managed applications as a factor in developing a frictionless intermediary model.

Implement a Proactive and Consistent Vendor Selection Process

This blueprint provides information on partner selection and procurement practices, including RFP templates.

Bibliography

“3 Types of Cloud Brokers That Can Save the Cloud.” Cloud Computing Topics, n.d. Web.

Australian Government Cloud Computing Policy. Government of Australia, October 2014. Web.

“Cloud Smart Policy Overview.” CIO.gov, n.d. Web.

“From Cloud First to Cloud Smart.” CIO.gov, n.d. Web.

Gardner, Dana. “Cloud brokering: Building a cloud of clouds.” ZDNet, 22 April 2011. Web.

Narcisi, Gina. “Cloud, Next-Gen Services Help Master Agents Grow Quickly And Beat 'The Squeeze' “As Connectivity Commissions Decline.” CRN, 14 June 2017. Web.

Smith, Spencer. “Asigra calls out the perils of cloud brokerage model.” TechTarget, 28 June 2019. Web.

Tan, Aaron. “Australia issues new cloud computing guidelines.” TechTarget, 27 July 2020. Web.

The European Commission Cloud Strategy. ec.europa.eu, 16 May 2019. Web.

“TrustRadius Review: Cloud Brokers 2022.” TrustRadius, 2022. Web.

Yedlin, Debbie. “Pros and Cons of Using a Cloud Broker.” Technology & Business Integrators, 17 April 2015. Web.

Secure Your Hybrid Workforce

SASE as a driver to zero trust.

Analyst Perspective

Consolidate your security and network.

Remote connections like VPNs were not designed to be security tools or to have the capacity to handle a large hybrid workforce; hence, organizations are burdened with implementing controls that are perceived to be "security solutions." The COVID-19 pandemic forced a wave of remote work for employees that were not taken into consideration for most VPN implementations, and as a result, the understanding of the traditional network perimeter as we always knew it has shifted to include devices, applications, edges, and the internet. Additionally, remote work is here to stay as recruiting talent in the current market means you must make yourself attractive to potential hires.

The shift in the network perimeter increases the risks associated with traditional VPN solutions as well as exposing the limitations of the solution. This is where zero trust as a principle introduces a more security-focused strategy that not only mitigates most (if not all) of the risks, but also eliminates limitations, which would enhance the business and improve customer/employee experience.

There are several ways of achieving zero trust maturity, and one of those is SASE, which consolidates security and networking to better secure your hybrid workforce as implied trust is thrown out of the window and verification of everything becomes the new normal to defend the business.

Victor Okorie
Senior Research Analyst, Security and Privacy
Info-Tech Research Group

Executive Summary

Your Challenge

CISOs are looking to zero trust to fill the gaps associated with their traditional remote setup as well as to build an adaptable security strategy. Some challenges faced include:

• Understanding the main principles of zero trust: never trust, always verify, assume breach, and verify explicitly.
• Understanding how to achieve a zero trust framework.
• Understanding the premise of SASE as it pertains to a hybrid workforce.

Common Obstacles

The zero trust journey may seem tedious because of a few obstacles like:

• Knowing what the principle is all about and the components that align with it.
• Knowing where to start. Due to the lack of a standardized path for the zero trust journey, going about the journey can be confusing.
• Not having a uniform definition of what makes up a SASE solution as it is heavily dependent on vendors.

Info-Tech's Approach

Info-Tech provides a three-service approach to helping organizations better secure their hybrid workforce.

• Understand your current, existing technological capabilities and challenges with your hybrid infrastructure, and prioritize those challenges.
• Gain insight into zero trust and SASE as a mitigation/control/tool to those challenges.
• Identify the SASE features that are relevant to your needs and a source guide for a SASE vendor.

Info-Tech Insight

Securing your hybrid workforce should be an opportunity to get started on the zero trust journey. Realizing the core features needed to achieve this will assist you in determining which of the options is a good fit for your organization.

Turn your challenges into opportunities

Hybrid workforce is the new normal

The pandemic has shown there is no going back to full on-prem work, and as such, security should be looked at differently with various considerations in mind.

Understand that current hybrid solutions are susceptible to various forms of attack as the threat attack surface area has now expanded with users, devices, applications, locations, and data. The traditional perimeter as we know it has expanded beyond just the corporate network, and as such, it needs a more mature security strategy.

Onboarding and offboarding have been done remotely, and with some growth recorded, the size of companies has also increased, leading to a scaling issue.

Employees are now demanding remote work capabilities as part of contract negotiation before accepting a job.

Attacks have increased far more quickly during the pandemic, and all indications point to them increasing even more.

Scarce available security personnel in the job market for hire.

Reality Today

The number of breach incidents by identity theft.
Source: Security Magazine, 2022.

IT security teams want to adopt zero trust.
Source: Cybersecurity Insiders, 2019.

Reduce the risks of remote work by using zero trust

Source: IBM, 2021.

Network + Security = SASE

What exactly is a SASE product?

The convergence and consolidation of security and network brought about the formation of secure access service edge (SASE – pronounced like "sassy"). Digital transformation, hybrid workforce, high demand of availability, uninterrupted access for employees, and a host of other factors influenced the need for this convergence that is delivered as a cloud service.

The capabilities of a SASE solution being delivered are based on certain criteria, such as the identity of the entity (users, devices, applications, data, services, location), real-time context, continuous assessment and verification of risk and "trust" throughout the lifetime of a session, and the security and compliance policies of the organization.

SASE continuously identifies users and devices, applies security based on policy, and provides secure access to the appropriate and requested application or data regardless of location.

Current Approach

The traditional perimeter security using the castle and moat approach is depicted in the image here. The security shields valuable resources from external attack; however, it isn't foolproof for all kinds of external attacks. Furthermore, it does not protect those valuable resources from insider threat.

This security perimeter also allows for lateral movement when it has been breached. Access to these resources is now considered "trusted" solely because it is now behind the wall/perimeter.

This approach is no longer feasible in our world today where both external and internal threats pose continuous risk and need to be contained.

Determine the suitability of SASE and zero trust

The Challenge:

Complications facing traditional infrastructure

• Increased hybrid workforce
• Regulatory compliance
• Limited Infosec personnel
• Poor threat detection
• Increased attack surface

Common vulnerabilities in traditional infrastructure

• MITM attack
• XSS attack
• Session hijacking
• Trust-based model
• IP spoofing
• Brute force attack
• Distributed denial of service
• DNS hijacking
• Latency issues
• Lateral movement once connection is established

Candidate Solutions

Proposed benefits of SASE

• Access is only granted to the requested resource
• Consolidated network and security as a service
• Micro-segmentation on application and gateway
• Adopts a zero trust security posture for all access
• Managed detection and response
• Uniform enforcement of policy
• Distributed denial of service shield

Proposed benefits of zero trust

• Identify and protect critical and non-critical resources in accordance with business objectives.
• Produce initiatives that conform to the ideals of zero trust and are aligned with the corresponding pillars above.
• Formulate policies to protect resources and aid segmentation.

Info-Tech Insight

Securing your hybrid workforce should be an opportunity to get started on the zero trust journey. Realizing the core features needed to achieve this will help you determine which of the options is a good fit for your organization.

Measure the value of using Info-Tech's approach

IT and business value

PHASE 1

Short-term benefits

• Gain awareness of your zero trust readiness.
• Embed a zero trust mindset across your architecture.
• Control the narrative of what SASE brings to your organization.

Long-term benefits

• Identified controls to mitigate risks with current architecture while on a zero trust journey.
• Improved security posture that reduces risk by increasing visibility into threats and user connections.
• Reduced CapEx and OpEx due to the scalability, low staffing requirements, and improved time to respond to threats using a SASE or SSE solution.

Determine SASE cost factors

IT and business value

Info-Tech Insight

IT leaders need to examine different areas of their budget and determine how the adoption of a SASE solution could influence several areas of their budget breakdown.

Determining the SASE cost factors early could accelerate the justification the business needs to move forward in making an informed decision.

Info-Tech's methodology for securing your hybrid workforce

Consider several factors needed to protect your growing hybrid workforce and assess your current resource capabilities, solutions, and desire for a more mature security program. The outcome should either address a quick pain point or a long-term roadmap.

The internet is the new corporate network

The internet is the new corporate network, which opens the organization up to more risks not protected by the current security stack. Using Info-Tech's methodology of zero trust adoption is a sure way to reduce the attack surface, and SASE is one useful tool to take you on the zero trust journey.

Current-state risks and future mitigation

Securing your hybrid workforce via zero trust will inevitably include (but is not limited to) technological products/solutions.

SASE and SSE features sit as an overlay here as technological solutions that will help on the zero trust journey by aggregating all the disparate solutions required for you to meet zero trust requirements into a single interface. The knowledge and implementation of this helps put things into perspective of where and what our target state is.

The right solution for the right problem

It is critical to choose a solution that addresses the security problems you are actually trying to solve.

Don't allow the solution provider to tell you what you need – rather, start by understanding your capability gaps and then go to market to find the right partner.

Take advantage of the RFP template to source a SASE or SSE vendor. Additionally, build a zero trust roadmap to develop and strategize initiatives and tasks.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Zero Trust and SASE Suitability Tool
Identify critical and vulnerable DAAS elements to protect and align them to business goals.

Zero Trust Program Gap Analysis Tool
Perform a gap analysis between current and target states to build a zero trust roadmap.

Key deliverable:

Secure Your Hybrid Workforce With Zero Trust Communication deck
Present your zero trust strategy in a prepopulated document that summarizes the work you have completed as a part of this blueprint.

Phase 1

Current state and future mitigation