The 2023 Gartner® Magic Quadrant for SAM Managed Services is now available. Get the Report

In regards to an ITAM program, many critical components can be missed, lowering the program’s efficiency and cost savings. To help programs achieve the highest success, people, processes, and technology must be focused on the right priorities.

Rory Canavan, Owner at SAM Charter, joins the show to discuss in-depth strategies and focus areas to help improve ITAM programs.

What we talked about:

  • Missed Critical Components of ITAM Programs
  • Challenges of People, Process, & Technology 
  • Specific Metrics For ITAM Experts to Focus On
  • System Integration & Cultural Alignment
  • Advice for Listeners

To hear more interviews like this one, subscribe to the The ITAM Executive Podcast on Apple Podcasts, Spotify, or your preferred podcast platform.

Episode Transcript

Pete Larkin:

Welcome back to another episode of the ITAM Executive. I’m your host, Pete Larkin, and today I’m joined by Rory Canavan, owner of SAM Charter and longtime ITAM expert with over 15 years of experience in the ITAM industry. Rory brings a lot of experience to the space. I’m excited to speak with you today, Rory.

I’m excited to hear some of your thoughts. Recently, we had a really great discussion about what makes a successful ITAM program. You had talked about some of the critical components that are often missed when really trying to build up a successful program. I’d love to talk more about this. I’d love to for you to share some of your insights with our audience.

Tell me what are these critical components that are often missed?

Rory Canavan:

Firstly, Pete, thanks very much for giving me the opportunity to catch up. It’s always good to catch up with you. So those critical components really is, first off, we start with the direction, what is the North Star for SAM or ITAM?

And often as not SAM programs kick off with being off the backend of the wrong edge, I should say, of a vendor audit. So straight away, lots of organizations are, get the blinkers on and make an assumption that we’ve got to produce ELPs on mass, we’ve got to get those compliance reports. That’s the focus.

That’s the focus. And I think we need to take a step back and actually ask why does it exist in the first place and it exists to serve the business. So what I would always advocate is if we can start to think about software asset management from the point of view of not looking at the IT estate.

From a vendor perspective, but rather look at it from a services perspective. And this is where we need to offer a, an olive branch, if you will, to service management then in that respect. So if you can imagine that we have a dart board and right in the center, the bullseye, that’s where we would capture our business goals, the outer ring to that bullseye, then we would capture our IT goals.

And then if you imagine the numbered sections that come out from that, they would be the services and they would represent the technology stacks that support those services. Then at that point, so as you go round the board with the rings, potentially they could be software vendors. And I think if you have that view in mind, all of a sudden you start to pay attention to aspects like business continuity and disaster recovery Also.

Because we’re taking a service led approach or view of the IT estate. So having set that North Star through some sort of ITAM policy that we’re looking to create or promote, we should be looking at future proofing as well. We should be looking at capacity management. We should be looking at business continuity management and disaster recovery, as I mentioned already.

And we should be looking to run a lean IT estate as well. So if at all possible, don’t wait for an ELP. To be produced before you start thinking about recycling software, that’s potentially one of the first things you do. You want to get if you’ve got dead wood on the IT estate, you need to get rid of it from the get go.

What other things to thrash out? Then again, if we go down the ISO 19770 route, which is the ISO standard for IT asset management processes, and there are other dash standards of the 19770 number, because it is a management system standard, we should be looking to consider the scope.

What is the boundary of SAM or ITAM that we are being asked to implement? And there are three things that influence our scope then, and it is strangely enough that old chestnut of people processing technology. How far does our technology reach? So potentially how far are our agents going out there?

Are there any areas of the business that actually do not want to plug into our SAM or ITAM efforts? That’s equally a valid concern. And if you are operating in a federated environment. It’s actually worth calling those out as out of scope in the policy as well. I mentioned the technology reach there, there’s and we’ve got the potentially the geography reach as well.

So if we are truly international, there may be certain countries that want to operate in their own way, the process reach as well. So if we determine that, say for example we are international or very large in scale and we’ve set up a request process as an example, is that going to be the same request process if that we plug into in China, that we might do in the UK or in the US?

Possibly not. So making sure that we account for things like language, things like time zones, things like different IT domains, those things are absolutely vital. We can’t just create one document or one routine and expect it to go around the world. And finally, the, then we have the reach of our people.

Again, if we’re in that international scenario, people are going to be working to specific time zones. They’re going to be expert in certain areas. They may not be all things to all men. And that’s increasingly, one thing I find about software asset management is that it’s a nerdy schism of it at the best of times, but then when it comes to really zoning in and being an expert in SAM, you find it splinters again, so people get really specific on licensing. They get really specific on the technology or maybe they even get specific on the process. Then of that side of life, what are the aspects I find that often get missed as well?

Projects and programs, they are one step away from development in how they’re viewed in it as well. And what I would always advocate is if you are setting up your company hierarchy in the SAM suite to represent where the software actually sits, where your purchases actually sit, make sure you’ve got a folder for the programs projects section as well, and the programs folder can open out and then you can have all your individual projects there.

So that you’ve got some means or method of actually onboarding technology as it comes onto the IT estate. And it also gives you the ability that if a project or a program advanced purchases entitlement to ring fence licenses, so they don’t get mixed into a license pool, and then everybody has at them, and then when the project actually goes and looks to retrieve those licenses for its project.

They’ve not disappeared into the ether or be consumed by other areas of the business. So that’s always a, an important aspect that I feel is missed and speak enough. I was talking today about something as fundamental as setting up a catalog, a supported software catalog. So, we’ve talked about scope and about reach, but in regards to management, we want to be a little more laser-like as well in in SAM Charter.

Cause if those processes aren’t working together, then potentially you set yourself up for the perfect storm of a vendor audit. And I think as well adopting some sort of plan, do check and act attitude. So, respect for the Deming cycle. Again, if you’re setting up a sound program, you are not going to be dashing off at a hundred miles an hour to meet a, a finish line.

This is going to be a program of work and it’s going to achieve hopefully some degree of a steady state moving forward. But there will be an increase or an uptick, hopefully, in curve of maturity also. And that’s going to need KPIs assigning to various levels of performance, be it technological, be it sound-based, be it people-based even as well.

So having that eye on metrics that support improved maturity is equally vital.

Pete Larkin:

Are there any specific metrics that you really recommend that ITAM experts should really be focusing in on here?

Rory Canavan:

In terms of metrics, I would say the frequency with which you refresh your supported software catalog, that’s absolutely vital.

If you think back to that concept of scope, okay. And what we’re prepared to put our arms around. You are never going to be in the position where you treat Oracle with the same regard as you might WinZip and vice versa. It’s a risk-based approach. With regards to compliance and management of software, that means if you do have numerous instances of every flavor of version and iteration of software across the IT estate, you’re going to be spreading yourself thinner and thinner.

So having some sort of a plan by which you can filter that sprawl if you like, that proliferation of software titles is going to stand you in great stead because it gives you a better chance of managing the software estate too. So keeping that list well pruned on a frequent basis is really important.

And there’s a number of ways you can do that. Also, yeah, think about what you are doing with the license pool potentially as well. So if you are I appreciate everybody seems to be moving to the cloud, but there’s still a healthy residual amount of software that is onsite that is on-prem from a service management point of view, the software request process, we might view a healthy KPI as being the time taken to honor a request, and that’s true.

Nobody wants to be waiting weeks for software. From a SAM point of view, we might be saying that actually a good KPI would be the number of requests or the cost of software that have been honored by the license pool through the request process in the last 30 days. And I think that’s a demonstration that you’re managing shelfware.

Because that’s, that is literally money on the shelf. Yeah, so that’s a fairly healthy KPI. There also as well, that management of change, so creating your item policy through a corporate governance process that should be refreshed annually. Your operations plan, the next process down that should be refreshed annually.

You should also have what we call a SAM QA process at SAM Charter, so that actually examines the KPIs of all the processes that you’ve decided you’re going to have in your SAM solution. So that if a process trips above or exceeds acceptable levels of performance, you do something about it real time.

You don’t wait for the ELP to generate, be generated, to see that you’ve got a glaring error there. So if we go back to our software request process as an example, we might say in the business in, any given 30 days, we expect to burn down $7,000 worth of software. In the request in 30 days, if all of a sudden that tails off or it even runs down to zero, then all of a sudden it’s alarm bell time.

We, something is wrong. Either people are taking their personal cards and they’re going down to Best Buy and buying all their software. Or potentially it could be that actually we’ve exhausted the shelfware, we’ve exhausted the license pool. Anything that is left is no longer really wanted. Now I’m going to get you guys in the US a bit jealous here.

Because in the EU, if we get to that point and we find that we’re not using software in over 12 months that’s been in the license pool, we can resell it. We should be thinking about reselling that software.

Pete Larkin:

Time is definitely money as we’re talking about this, right?

Rory Canavan:

Absolutely. So as we transform to the cloud as well, that whole idea of recycling as well really kicks into the, for.

So whereas onsite or on-premise or premises software is bought, typically through CapEx budgets, your cloud software is treated as a utility, rather like the heating or the electricity bill, and therefore is considered an operational expenditure. And as an operational expenditure, it’s on your profit and loss sheet.

So it’s demonstrating as impacting the bottom line. So every day you don’t use software in the cloud. You are burning money, so that could be another KPI I would always suggest. Wherever possible, get the KPIs to be financially relatable because that is the one language that everybody speaks.

Everybody speaks money.

Pete Larkin:

Yeah, absolutely. And on this topic about how to create a successful ITAM program, right? One of the most important things is to be able to show the impact of your program on the bottom line, Rory I sidetracked you from the bigger discussion that we were having to focus in a minute on KPIs, which I appreciate you sharing some more insights there getting a little deeper on the KPIs. I want to go back to that bigger discussion. If we want to pick up where you were.

Rory Canavan:

Somebody asked me today is, it was quite fortuitous actually, what order would I put the processes in? So I think perhaps That’s an equally good way of rejoining that, that train of thought.

So corporate governance process to create your policy, your right HAM or SAM policy, create and maintain a SAM plan process to create your operations plan. At that point, then I would also in tandem kick off some sort of recycling activity as well. Next step down would be to get your request process sorted, then your procurement process, then your deployment or software release process, depending if you are an and that gives you then hopefully that trustworthy data. Then in and amongst all of that, you’ve got a technical stream as well. So I’m approaching this from a Greenfield, so the sound tool will be going in at some point as part of a project, you will have some sort of vendor onboarding process taking place too.

So that will necessitate the creation and maintenance of an entitlement importation process, an inventory importation process, and then also our software assets data verification process. Cause one thing you’re going to find is that, it takes enough work and effort and time to get data into a SAM suite, but then once it’s in the SAM suite, making sure it represents what you want it to represent is equally important.

So that’s where the software asset data verification process comes in. We also have what we call an orphan data process as well, and that’s equally important because that reinforces the relationship between the recognition data, the entitlement data. And the inventory data as well. So if anything seems to be bouncing around or is loose in the SAM suite, it means then that your ELP isn’t going to be as drum tight as it possibly could be, so you look to correct that.

So that would then mean that the next process potentially would be your license compliance or ELP generation process as well. So I think we’re getting on for sort of 13 or 14 processes right there. Yes. Easy peasy. Oh, hey. Yeah. It’s just, wave the magic wand and it happens.

Absolutely. Absolutely. But the joy of all this as well, of course, is that what you’re going to find too, is that a lot of the data that we require to generate these reports isn’t the preserver of Sam or itam. It’s owned by other people. It’s owned by the departments. It’s owned in other systems as well.

And I had a particular situation in Saudi Arabia where I think the Nirvana state was sold to senior management, and it was just a case of plugging all these systems in together and you are going to have seamless reports and it’s going to be push button and life is easy and life is good. What they hadn’t actually figured out was that people look after these systems.

And we need to go to those people and get permission to set up those connectors and that we can’t just suck data on mass from certain systems. They have to be quality. The data has to be quality assured and made sure that it does sit within the SAM suite as we believe it should do. So the politics is absolutely massive.

And that’s just the technical aspects of making systems integration and connectors and APIs actually happen. Then you’ve got the cultural thing as well, because if you are then going into an organization and saying, we’ve got a new way of working, we’ve got a new way of requesting software, we’ve got a new way of joiners, movers, leavers, we’ve got a new way of reporting lost and stolen devices.

If you dictate people or treat it as a defacto plea and just say, that’s how we’re working guys. Suck it up. Then people’s backs are going to get up. They’re going to get upset. They’re going to say, dig their heels in and say, you know what, we’re going to stick to the old ways of working because that’s what we’re comfortable with and that’s what we know and you are just a consultant and you don’t know anything.

The joy of doing process engineering is to, I would always argue, take in templates, start off with a couple of primary and secondary objectives around those given processes, and then turn to the people who are going to be doing the work on a daily basis and say, we need your help.

We need your help. We need to achieve these primary and secondary objectives within this given process. This is what we want to do. How do we actually achieve it? And then, because they are nearer to the doing, if you will. It’s very difficult to argue with the logic at the top because the logic at the process and the generation of the data that supports the KPI should support a higher IT or business goal.

So we link back that KPI generation to an IT goal, to a business goal, and that makes SAM or ITAM relevant, not just in the short term, but potentially in the medium to long term as well.

Pete Larkin:

Yeah, and I think that the, that right there, especially for some of our newer listeners or specifically newer to the industry, not necessarily newer to, to the podcast but those who are getting started, that is some great advice on how.

To really make ITAM be more relevant in your organization. So if you miss that, I definitely recommend going back about a minute or so listening to that piece again and to learn more about that advice that Rory sharing here with us on how to create more relevancy. That’s a gold nugget. So thanks for sharing that with us, Rory.

I appreciate that. That’s good stuff.

Rory Canavan:

Oh, you’re very welcome. Very welcome.

Pete Larkin:

We’ve talked about a lot of different topics. There is, there’s a lot to do and a lot to learn. I’m curious, what other advice might you give to some of our audience members who may be new to the space? Any other tips or tricks that you might recommend?

Rory Canavan:

Okay. Definitely clamp down or if you’re looking for a driver to take SAM into the, into an organization or around or IT asset management into an organization. People get, and people understand the joiners, movers, leavers process. I don’t know about you, Pete, but my LinkedIn feed is full of people hosting photos of laptops, phones, PDAs monitors, swag, t-shirts, et cetera, on their first day of joining.

Everybody loves to celebrate that first day and absolutely thumbs up to them. It’s a new start. It’s a new world, it’s a new job and life is good. And that demonstrates that an organization has given the time and attention to focus on. From day one, we stand up that individual and we make them productive, but we demonstrate that we know why they’re here, we know why they’re here, and we give them the tools to be able to do their jobs, and that’s fantastic.

Where some organizations fall down is if 6, 12, 18 months down the line, that particular individual moves to a different job and do, does that new job necessarily dictate a different software profile or even a different hardware profile potentially. And we fast forward another 12, 18 months, two years on the whatever it may be, and they’re leaving whatever do we make to get that equipment back, whatever do we make to actually shut down those as a service software titles as well.

And it’s not, again, the licensing is important, absolutely, but equally from a data protection perspective, it’s twice, if not three times more important. We don’t want to leave people with access to company resources after they’ve left the organization. Now HR are typically very good at telling payroll, don’t pay somebody after a certain date.

I suspect what they’re not so hot at in they better be good at that conversations tell yeah. You’d it’s a kind of a given, it’s an understood, but they’re not so hot necessarily at saying, oh, by the way, shouldn’t we tell it to recover the equipment? And I’ve actually worked in some sort of public sector institutions here in the UK where IT equipment is viewed as a pseudo leaving present. That’s an area there is that is always going to be quite visible in an organization and it’s just good to get right.

What are the areas as well? ELPs, of course, are the lifeblood of a software vendor audit, so make sure you have an ability or a capacity to deal with software vendor audits moving forward.

There’s always a value in being able to generate an ELP or a compliance report. Absolutely there’s internal drivers that will, or personnel who will absolutely plug into the results of that and make good on it. But from an audit perspective to, there’s great playbooks out there. Just make sure that if you are dealing with a larger vendor, I’ll not know.

I’ll do my best not to name any names. A specific individual may approach you from a software vendor and say, sorry, Mr. Customer, it’s time for an audit. We’re invoking our audit clause in the contract, and that’s what they should be doing. To say this is a formal audit, but then having other members of a sales team or another department from that software vendor.

Quarterback that effort and reach out to the contact in the IT team of the client and say, oh, can you just run that script? Can you just provide us with that data that should be kiboshed from the day the audit is declared? All communication pertaining to the audit should come through a single point of contact.

It should be funneled and it needs to be appropriately managed as well. Don’t feel that just because a software vendor asks for data, you’ve just got to bend over backwards and provide it to that point. When it comes to, shall we say more, more traditional or regular routines of dealing with software vendors we have our contract renewal process.

Make sure that’s supported by a compliance process so that the procurement team know in plenty of time what’s installed, what’s in reserve. And also a quick duffing of the caps as to where the business is going as well. What do we want in the future? Are we actually going to sign our lives away to what’s presented to us by the sales team of the software vendor?

Or are we actually going to think, no, we want title D, E, and F, we don’t want title A, B, and C as it’s being presented to us because there’s a huge discount on offer thanks, but maybe not. So having that ELP and that strategy is absolutely vital to help procurement out there. Again, on the recycling side, and this is really getting quite nerdy and reasonably technical.

I think what you are going to find in the service space is like a lot of it and the IT estate and viewing it changes the enemy. Okay. What we don’t want to have is surprises. There are certain products out there. SCCM has this capability, puppet is bought for it, and that’s to reinforce configuration integrity, particularly in the service base or the data center so that if a tweak or a change that is unexpected.

Auto happens or occurs for whatever reason, on given devices. If a puppet is determines that is not an authorized change, it will revert back to the previous configuration or the trusted golden source of a configuration. So be careful. On one hand you could be recycling and then in the next day find that actually all your efforts around recycling.

Have been reverted back to the day before, and this software is reinstalled again. So make sure if you do have that sort of exercise in a data center or in a server environment that tools like Puppet features like SCCM are switched off for that activity or accommodated accordingly.

Pete Larkin:

Rory, this is, this has been incredible.

Your insights have been very hopeful, and I’m sure that our audience is going to derive a lot of value from this. As we wrap up here, are there any final statements or things that you wanted to wrap up with to end off the podcast?

Rory Canavan:

I’m sure if you’re here, you are already plugged into a world of experts in Anglepoint, already quality guys, I wouldn’t be here if they weren’t up to the task.

Absolutely reach out to your Anglepoint colleagues there. Any other lasting tips yet? Change is the enemy. So regardless of whether it’s a business change, an IT change, a SAM change, licensing terms and conditions change. If we could shrink, wrap the IT estate and keep it away from the humans, life would be great, but unfortunately we can’t.

So we’ve got to, we’ve got to live with the change. And so

Pete Larkin:

Dang humans, man,

Rory Canavan:

Just messing on up, I’ll tell ya. So that’s a fair indicator of where there is great sort of data change is where you need to apply some degree of SAM, right time overhead.

Pete Larkin:

Rory, thank you so much for your time. The insights have been incredible.

I’ve appreciated the expertise. That you’ve shared with us. I’ve enjoyed hearing some of, the case studies inside of those hard not lessons that you’ve learned over the years. I can tell that you’ve done just so much work and accumulated so much experience. I appreciate your time with us today, Rory.

How can our listeners get ahold of you? Where can they reach you best if they want to ask any questions or learn more about what you do?

Rory Canavan:

Yeah, by all means reach out to me on LinkedIn. I don’t think there are many Rorys on there. But equally to the SAM Charter website would be the best way.

Pete Larkin:

And that’s Rory Canavan on LinkedIn?

Rory Canavan:

Yes, it is. It’s a black and white photo, so go with my gray hair.

Pete Larkin:

All right, Rory, thank you again for your time and thank you for sharing your insights. This has been another episode of the ITAM Executive, brought to you by Anglepoint. Thank you for listening and make sure to, if you enjoying these episodes go give us a rating and you don’t necessarily need to leave a review unless you want to, but for sure.

Give us a rating. Let us know what you think.

You’ve been listening to the ITAM Executive brought to you by Anglepoint. Make sure to hit subscribe in your favorite podcast player and give us a rating. Thanks for being a part of the ITAM community. Until next time.