Information technology is inherently polyglot. While none seek complexity for its own sake, an overhead view of any sizable insurance operation will reveal dozens of different types of desktops, servers and networking equipment running various iterations of Windows, Linux and Unix and a dizzying array of packaged and custom software applications.
It is the job of the IT asset manager to step into the breach in order to standardize and streamline this environment. Historically, the emphasis for IT asset management was software asset management undertaken to ensure enough licenses were in place in case of audit by a software vendor. Companies also had a need to be cognizant of what was running in their environment to comply with regulatory statutes such as the Sarbanes-Oxley Act and HIPAA. However, more recently, asset management is increasingly being used for strategic and planning purposes.
TOOLS OF THE TRADE
At Moncton, New Brunswick-based Medavie Blue Cross, Lynn Barbour took on the task of implementing an asset management regime. Serving all of Eastern Canada, health insurer Medavie has a large, complex IT footprint. It needs one. In addition to serving as its own backbone, the company provides IT services to government organizations such as the Canadian military, which uses Medavie’s system to track insurance for service members. “Our IT infrastructure is the envy of Eastern Canada,” Barbour says, noting that with an IT staff comprising 230, Medavie builds much of its applications in house. “We have application developers, architects and project managers.”
Barbour, formerly Medavie’s corporate technology trainer and, currently, its coordinator of configuration and asset management, convinced upper management to allow her to launch a comprehensive asset management program. She began the undertaking in 2004 by venturing into a closet in the company’s IT department. What she found — a good deal of obsolete hardware and unused programs, some of it dating back a decade—underscored the enormity of the task ahead of her.
Although all the company’s IT infrastructure came under her purview, she decided to first tackle the issue of software compliance on the company’s desktops. Her first step was to create a definitive software library (DSL) of all the applications used within the organization.
After that, Barbour sought a discovery tool to help her audit ongoing software usage and gauge whether any software within the company was unlicensed or underused. She also wanted to identify instances where the company was over-licensed and wasting money by paying for licenses that were not necessary for certain employees. The need to guard against over licensing is especially germane in the instance of software suites, where a given employee may not need all the functionality found in a product, such as Microsoft Office.
While Microsoft makes its own systems management software product—System Center Configuration Manager—for managing large groups of Windows-based computers, Barbour instead selected a point solution from Express Metrix, a Seattle-based maker of IT asset management software. “I rely most heavily on Express Metrix for the bread and butter, asset management portion of my job,” she says, noting the product enables her to generate software usage reports down to the minute and, if need be, to shut down unauthorized or noncompliant programs remotely.
Likewise, Barbour uses two products from Palo Alto, Calif.-based Hewlett-Packard Development Company LP, HP OpenView and HP Systems Insight Manager, to keep an eye on servers. “The whole focus of IT asset management in our perspective is about collecting and analyzing information in a such a way that it facilitates decision making,” says Kris Barker, CEO of Express Metrix.
Barbour’s efforts have earned her the sobriquet “the software police,” and she doesn’t seem to mind. Especially since she was able to show upper management that, within the first few months, her efforts averted $400,000 in possible fines for running unauthorized software. Moreover, by jettisoning licenses for unused software, the company saves approximately another $100,000 per year.
Getting buy-in from all parts of the enterprise, upper management included, is critical, says Mark Horn, organizational effectiveness specialist, at Madison, Wisc.-based American Family Insurance Group. Presenting at the 2008 Software Asset Management Summit in Chicago, Horn said it’s also important to educate end users about the software they use, and remind them that their use has implications for the entire corporation.
For example, an employee who buys boxed software at Best Buy on his lunch hour and installs it on his workstation needs to be aware of the ramifications, Horn said. Indeed, while a computer user in the claims department may not bother to read the license agreement while installing software, it’s a good bet the lawyers of the software company have. “When the [non-compliance] letter comes from the vendor, it doesn’t go to claims, it shows up at corporate legal,” Horn said. “People need to realize that you purchase licenses, not software.”
It is concerns such as these that may entice companies to consider draconian options such as locking down workstations entirely, allowing software to only be changed centrally as on a server. Another option is to create a culture of compliance, allowing users to alter their computers as they see fit, but maintaining some centralized control. This is the path Medavie chose. While pushing responsibility out to its end users, they centralized purchasing under Barbour, who now negotiates deals with the vendors of the 300 different applications the company runs.
After four years, Barbour’s asset management efforts have paid off handsomely, and she is shifting her focus to what she calls the next level-configuration management. While asset management primarily concerns the number and price of assets, configuration management takes a wider view. It views assets not just as physical pieces of hardware or software, but also seeks to define the relation of assets to the services they engender.
“We’re just in the infancy of configuration management,” she says, noting the company in the process of building a configuration management database, which will house the authorized configuration of the significant components of the entire IT environment. “We got little pockets of information all over the corporation that we’re pulling it together and plan to have it implemented later this summer.”
If asset management pays dividends on the desktop, configuration management, which also includes incident, release and change management, can help with servers. While server software is slightly easier to manage because there is much less access to servers than desktops, few would say managing servers is a simple task.
“The way we built out the last expansion in IT was with a lot of cheap servers,” says Joseph Pucciarelli, an analyst at Framingham, Mass.-based IDC, a provider of global market intelligence and advisory services for the IT, telecommunications and consumer technology markets. While this ad hoc manner of adding inexpensive servers made initial sense in the short run, it also led to increasingly complex data centers that began to resemble—and consume energy like—city blocks. “This worked better when we had capacity and energy was cheap,” Pucciarelli says. “Now you are seeing a “build up” strategy instead of a “build out” strategy for servers. As the data center becomes more efficient in its use of resources, it becomes more important to put good resources on the floor of the data center. It’s no longer a matter of walking through a data center and sprinkling server seeds.”
Central to the build-up strategy is running virtualized machines on fewer, more expensive servers, he says. This makes change management — a process that confirms you are not putting anything in the environment at risk by adding something — all the more vital. No one touches a server without a change management process. “If you’re running 25 server images on that machine, it becomes much more critical than if it was just one of 100 servers in a row of a data center,” he says.
Peter Greis, a principal in the financial services business for New York-based IT consultant Capgemini, agrees that in this increasingly complex environment, change management and release management are critical. “It’s important to do releases and changes in a consistent and robust manner so you don’t break what’s already out there,” he says. “That’s just the nature of increased complexity. It forces you to acknowledge that it can no longer just be a programmer dropping a patch in on a Saturday night to fix a problem. You can’t afford to do that anymore because the risks are too high if it doesn’t work.”
In a similar vein, incident management, which uses the wealth of data in trouble-ticket systems and help desk systems to manage the flow of incidents and fix problems, is important. Pucciarelli advises asset managers to go to the trouble tickets and do an analysis by model of machine. “You’ll find that certain models are, by nature, problem children,” he says. “This way you don’t have to boil the ocean.”
NOT NEW, BUT IMPORTANT
Configuration management is the core of the information technology information library or ITIL processes. A series of frameworks and guidelines that provide a common language and help clearly define and improve asset management processes, ITIL has been around for a considerable amount of time. Long established in Europe, the methodology has become more prevalent in North America in recent years.
“ITIL is of great interest now because it does help IT organizations get a handle on, and standardize the world of, service management,” Greis says. “People realize that having a standard way to do things makes a lot of sense. There’s no value in being unique here.”
As ITIL has grown in popularity, many of the tools vendors are creating to support asset and configuration management claim to follow ITIL guidelines. Greis notes much of this may have to do with marketing as no standardizing body exists at this time to certify whether or not a tool is ITIL compliant.
Barbour points out that ITIL is not dependent on tools, but they help. “It’s possible to do it with no tools at all,” she says. “It’s not tool-dependent in a real small world, but once your world starts to get big, it’s virtually unmanageable without the correct tools in place that will help you discover what’s there as opposed to having to do a physical audit.”
Greis says the true value of ITIL is that it forces its adherents to assess their environments much more broadly to include all the elements in the IT environment such as applications, modules and data. “Most of what you see in ITIL are best practices that have been around a long time — it’s just that people got carried away with system deployment and forgot about them,” he says. “As we moved to a more distributed environment, a lot of them were de-emphasized and now, as we create these very complex environments, people are realizing that these best practices need to be resurrected. It’s nothing new, but it’s important.”
Another trend Pucciarelli sees is that carriers can manage their IT portfolio in much the same manner they would manage a financial one. “IT asset management by itself is an absolutely critical foundation, but what we are seeing is that the next stage in the maturity cycle is a move to IT financial management, which connects the operational and cost data,” he says.
One area in which such an approach can pay dividends is in determining the lifecycle of products. Carriers need to use both the tools of IT asset management and financial management in order to establish a rational, quantitative measure of what constitutes obsolete.
Too often, Pucciarelli says, purely financial considerations will distort judgments about when to replace systems. Systems that are fully depreciated on the balance sheet may be viewed as free or “paid for” by accountants but, as IT knows, operational costs, which amount to 70% of a system’s of cost footprint, will linger. This mean replacing a fully depreciated system may save you money in the long run, he says, noting that companies should have a well-managed upgrade cycle for their servers, in much the same manner as they did for mainframes throughout the history of IT. “You don’t see mainframes lying around unused — you see companies managing them in a more disciplined manner because of the importance of that device to the overall IT infrastructure.”
Similarly, replacing systems for purely technical reasons and hewing to a rigid replacement cycle without regard to financial considerations is not recommended. For desktops, while Barbour likes to keep hardware on a five-year replacement cycle, she says the company is currently taking a pass on the latest Windows operating system, Vista, despite the fact that their current OS, Windows XP, is seven years old. “We’ll hold back a version and wait and see how it’s accepted,” she says. “We’ve been stung before by things like that.”
Thus it seems that while neither technology nor methodology can relieve asset managers from fundamental questions about the makeup of their IT infrastructure, they can help.
(c) 2008 Insurance Networking News and SourceMedia, Inc. All Rights Reserved.
Cost-Cutting Options Abound
A simple way for IT asset managers to trim software license fees is to avoid them altogether by opting for open source software or freeware when feasible.
At Moncton, New Brunswick-based Medavie Blue Cross, Lynn Barbour, coordinator of configuration and asset management, investigates open source alternatives to proprietary applications the company employs. In the fall, the company will launch a pilot program for Open Office, an open source alternative to Microsoft Office. “We’re a Microsoft shop,” she says. “All 1,500 of our desktops have Office installed. That’s costs us a fair chunk of change.” Depending on the results of the pilot program, Open Office may be given serious consideration during the company’s next upgrade cycle. “Money talks, and if we can find [open source] products that fit our requirements, we use them. It doesn’t happen often but, when it does, we take advantage of it.”
Yet, IT asset managers need to be cautious with open source applications, because many that are free to home users are not free in corporate environments. “You still have to manage your environment,” cautions Capgemini’s Peter Greis, principal in the New York-based financial services business. “Open source doesn’t change the approach of how you manage system and deployment. It may change how you do development and licensing, and it may give you more flexibility, but it doesn’t change the nature of how you run IT.”
Another cost-cutting avenue for asset managers is leasing hardware. Leasing can mitigate upfront implementation costs, and allow companies to shorten replacement cycles, says IDC’s Joseph Pucciarelli, an analyst with Framingham, Mass.-based IDC. “Leasing can be a proxy for your product lifecycle management,” he says.
(c) 2008 Insurance Networking News and SourceMedia, Inc. All Rights Reserved.
Register or login for access to this item and much more
All Digital Insurance content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access