What is IT Asset Management?
You can imagine IT Asset Management or ITAM as a set of IT/business practices that amount to something similar to Inventory Management but with financial and contractual components. Whereas inventory management is only concerned with the assets you have, where they’re located, and who owns them, ITAM further expands on those concerns.
With ITAM, you would typically answer questions like: How much did a particular asset cost? What is its current accumulated depreciation? What contracts and maintenance agreements are associated with it? Is it still under warranty? If it’s a software asset, what are the license details? What is its current version? Which endpoints are running it?
IT asset management tracks and manages assets throughout each asset’s lifecycle – from the moment the asset is requested, through its procurement, deployment, installation, while it’s being provided support, up to the moment it’s retired and ultimately disposed.
Because the coverage of IT asset management is quite broad, it consequently overlaps with, involves and integrates with other processes like request management, inventory management, procurement, financial management, and others – including configuration management. This enables businesses to gain a comprehensive view of the organization’s assets as well as a detailed picture of each asset, especially from a financial and contractual standpoint.
By leveraging on the information generated in ITAM-based business practices, organizations who implement IT asset management are more capable (than companies who don’t) of:
● Reducing their assets’ TCO (Total Cost of Ownership);
● Maximizing the utilization of each asset;
● Enabling IT resources to meet the demands of business units;
● Maintaining business continuity;
● Meeting compliance requirements; and
● Achieving better business-IT alignment.
Why CMDB is critical to effective IT Asset Management
First, let’s put things in the right context. A CMDB can only be immensely useful (or critical) to IT asset management for as long as the CMDB can be tightly integrated with ITAM processes. If IT asset management processes can’t easily retrieve configuration data when they need to, the CMDB won’t be as valuable to ITAM.
Fortunately, most modern day CMDBs now either act as a central repository of configuration data that’s also accessible to other processes or one that can be easily integrated with the datastores of other processes. Some CMDBs, for instance, store information about the devices on a network (which are usually associated with configuration management) as well as software contracts and licenses (which are typically associated with ITAM).
These CMDB architectures enable information generated in one process to be easily seen by other associated processes. In turn, this tight integration can greatly enhance each associated process. Let me give you a couple of examples.
Hardware and software usage information is normally gathered by configuration management applications. However, this information can also be used to support an IT asset management process like procurement. If the ITAM software can easily retrieve usage data, that data can be used to inform and streamline purchasing decisions.
Tight integration of CMDB and ITAM can also reduce risks. Let’s say a server is originally deployed at a particular business unit. As per IT asset management practices, that server is recorded into the CMDB under the ownership of that business unit. Shortly after, a configuration management solution’s automated scanning tool gathers information regarding that server’s CPU, RAM, IP address, MAC address, etc. and then stores these configuration data into the CMDB.
Incidentally, after a couple of months, the same scanning tool discovers the same CPU, RAM, and MAC address (essentially the same server) at another IP address. This could raise red flags and require further investigation if no change of ownership (presumably via an ITAM process) is recorded in the CMDB.
On a slightly different note, if another scanning tool discovers an application that never went through the proper channels, i.e. it was never requested, procured, or installed, as per CMDB records, then it could be a rogue application. Rogue applications can introduce vulnerabilities or can be outright threats themselves. Both can have an adverse effect on business continuity, so these applications need to be dealt with accordingly.
As these few examples show, IT asset management and configuration management don’t have to operate independently all the time. In fact, there are many situations when practitioners of these two disciplines can gain better insight when information is shared between an ITAM system and a configuration management system. The best way to do that, as stated earlier, is a centralized or tightly integrated CMDB.