Amore agile, reliable and automated IT asset management program can help organizations proactively manage risk and cost.
The pressure to drive business performance, coupled with increasing economic uncertainty, cyber risk and regulatory mandates, challenge organizations to focus on maximizing opportunities and minimizing risk. Clients are taking notice that one domain addresses both: how best to manage their IT estates.
EY clients are accelerating the migration of applications to the cloud and spreading complex workloads across multi-cloud, multi-tenant environments, amplifying the need for robust cloud-enabled information technology asset management (ITAM) services. Companies often do not have a clear view of what assets they own or are in their environment, many of which may be at the end of their useful lives. Lacking a single source of truth hinders the ability to understand which assets are end of life (EOL) and also which assets may pose serious risk.
Many organizations had some form of IT asset management in place prior to the start of the pandemic, but when companies pivoted quickly into remote working arrangements, most did not have the processes and policies established to effectively manage their assets. New assets were assigned to employees without the necessary processes in place to track and maintain them. In addition, now that some employees are returning to offices, organizations are struggling to reconcile their assets, justify their IT estate to reflect what is truly required to run their business, identify those IT assets at EOL and address those assets that pose a security risk.
Several prominent organizations have experienced major security breaches and reputational punches, resulting from immature capabilities in tracking the asset lifecycle. Without reliable real-time insights, businesses are faced with substantial security and financial risk exposure.
Managing EOL assets
EOL assets, in particular, have been a significant pain point for organizations. While many companies have a configuration management database (CMDB) and an asset management database (AMDB), they often lack the governance policies and processes to keep this data current, impacting business decisioning across the organization. An inability to tie assets to their related contracts prevents insights identifying which assets are approaching EOL status, impacting replacement and/or disposal, financial decisioning, cyber support, compliance and more.
IT finance relies on accurate data around EOL assets to plan for expenditures to replace assets. Without such data, planned expenditures can far exceed actual replacement needs and, alternatively, budgeted funds may not adequately meet replacement needs. This leads to a reactionary and undisciplined approach to funding IT expenditures each fiscal year. In addition, organizations may face substantial financial penalties for improper asset retirement and disposal.
Maintenance contracts also need to be tied to both the hardware and the software applications deployed. Staying compliant with your contracts and paying only for what you need is critical to fiscal predictability. Software contracts document criteria for use of the software in an associated timeframe, including support provided by the software publisher. If critical EOL and end of support dates are not carefully managed, an organization may find itself noncompliant with this software and also without support to provide security patches and overall support of the use of the software.
Knowing which assets are approaching EOL status impacts which assets require an organization’s cyber function support and, without reliable insights, your cyber function cannot protect what it does not know exists.
Program maturity approaches – triage or transform?
Does your organization continue with a reactive approach to EOL assets, or do you establish the governance, process and supporting technology to drive proactive insights?
Effective ITAM is the key to managing EOL assets
Establishing and running an ITAM program provides the data necessary to identify and make informed decisions around EOL assets.
- Make the process repeatable: Identifying all of the assets in your environment through reliable, repeatable and automated processes is critical to linking key contract data to individual hardware and software assets to identify the asset’s warranty and maintenance contract renewal dates and end of service dates. But managing EOL dates alone does not drive comprehensive cost and risk business outcomes. Related decisioning on support for hardware and/or software drives fiscal responsibility, as extended support can sometimes be more costly than initial support. Effective ITAM also establishes IT asset refresh schedules. While many organizations have refresh schedules more aggressive than the EOL dates tied to their IT assets, accurate install dates for these assets will provide core data needed to establish the refresh schedule for each fiscal year. IT finance can then use this data to delay a refresh should EOL dates exceeds the refresh schedule date to optimize costs.
- Automate where you can: Leveraging technology to support your ITAM program processes allows you to drive consistent outcomes. In addition to housing disciplined data repositories, these technologies support ITAM governance and processes, and streamline the work effort to effectively manage the IT estate from purchase to disposal. Integration with ITAM-adjacent technologies, such as contract management repositories and IT finance tools, allow purchase, maintenance and warranty data to be captured and drive better business decisioning, particularly when linked. These tools introduce automation to allow practitioners within organizations to proactively manage their estates by initiating action prior to warranty period expirations, or when nearing a critical EOL date.
- Dispose and retire carefully: Once assets have been pulled from service and segregated from operational assets, all data should be wiped. Third-party disposal vendors are a great option to facilitate asset disposal, however, before engaging, organizations should confirm they are accredited and perform a thorough review of the vendor’s data destruction methodology to ensure that it meets their requirements and mitigates any concerns regarding possible data exposure. Typically, third-party vendors receive assets targeted for disposal, destroy the hard drives and provide a Certificate of Destruction (COD) back to the organization so that this can be attached to the asset records of the disposed assets. Some disposal vendors then strip the assets of any usable parts for resale, in which case the disposal vendor should furnish a portion of the proceeds back to the organization. Should organizations offer EOL assets for resale to their associates or donate them, there must be a documented asset transfer, outlining the responsibility of the new owner to properly dispose of the asset once the asset is truly EOL. This indemnifies the organization should the asset be improperly disposed of in the future.
As organizations face hybrid working arrangements indefinitely and evaluate their own ability to manage EOL assets, they must consider the people, processes and technologies involved in identifying what is in the environment, its posture in the IT asset lifecycle and the supporting processes to manage its retirement. Managing EOL assets is merely one domain within the ecosystem of IT asset management, but one that presents an opportunity for organizations to mitigate risk and drive immediate and future cost optimization.