Is your ITAM function ready for Coronavirus?

Home / Expert Advice / Is your ITAM function ready for Coronavirus?

Matt Fisher, Chief Storyteller, Certero

While we don’t want to contribute to any hysteria or misinformation, with organizations around the world preparing contingency plans for how to continue operations in the event of a widening coronavirus emergency, we thought it might be worth quickly exploring some of the implications for IT and software asset management professionals.

Just as colleagues across HR and IT teams will be refreshing their business continuity plans right now, SAM and ITAM leaders would be well-advised to be doing the same.

Employees self-isolating or working from home

BYOD, Secondary Use Rights & Licensing

Organizations with highly-mobile workforces will probably be reasonably well-prepared for deserted offices and staff taking their laptops home. However, for organizations that don’t routinely issue workers with laptops, there may be an increase in staff using personally-owned devices to access corporate applications such as email, productivity suites and collaboration platforms over the internet.

If your organization is using modern cloud-based applications like G Suite, Office 365 or Salesforce, this shouldn’t cause any licensing issues that you need to worry about, as long as your licensing is tied to users not devices (or, if the latter, that secondary use rights are in place). Users of older applications that are not licensed under schemes designed to support home or remote working, however, might face issues with giving employees enough access to remain productive.

EDIT:  Since drafting this blog only 24 hours ago, it seems a lot of productivity suite and collaboration platform vendors have upped their promotion of free trials, in anticipation of more organizations adopting remote working practices.  This is potentially great news, but remember a ‘free trial’ is just that.  Continued use after the trial may automatically incur cost or may leave you open to costs you were not planning for.  We’re definitely not saying you should avoid free trials, but we are advising anyone taking a vendor up on the offer to plan ahead financially.

When personal devices are being used to access corporate systems, it introduces new security risks as these devices might not have the usual levels of protection afford by anti-virus software or corporate firewalls. Access to data and sensitive systems will need to be scrutinized and risk assessments revised in line with the increased likelihood of employees using unsanctioned devices or insecure connections.

It’s worth also considering whether there would be an increase in the use of mobile devices to access email and other productivity applications. Again, most modern apps will accommodate different devices being used by licensed users, but it’s worth checking that this in the case for your organization and ensuring you have assessed any increased risks around data integrity and privacy.

You’ll also want to keep a comprehensive record of any changes to systems made in the short term to facilitate home-working, so that these can be reviewed and rolled-back after the emergency.

Changing User rights

With some large organizations planning for absence rates as high as 60%, it makes sense that some contingency plans include staff in technical or administrative roles being able to backfill for sick colleagues, or to temporarily take on additional responsibilities so that the impact on business operations is minimized.

With enterprise systems like IBM, Oracle and SAP, this could create additional licensing worries as users may need to be granted additional rights or have their license types changed so that they have the necessary privileges to support mission-critical systems in the event of sickness on the team.

If this applies to your organization, it’s very important to keep tabs on the situation so that any license or rights changes are tracked and can be reversed as soon as it is practical to do so. Granting additional rights in preparation for an emergency, and then forgetting to reverse the decision when the all-clear is sounded, could end up costing the organization millions.

Hoping for a special ‘coronavirus’ dispensation on your next software license audit might be wishful thinking. 

New software and hardware requests

It’s not unreasonable to expect coronavirus to have some level of impact on how teams work together and the technologies they use to facilitate this.

For organizations that have pre-existing investments in modern collaboration platforms, they should be well-equipped to cope (technologically speaking) with increased staff numbers working remotely, using virtual meeting spaces, sharing files and managing tasks. In fact, it could finally be the (unfortunate) event that was needed to force the adoption of systems that have been costing money but under-used for years.

However, for organizations that don’t have well-established collaboration platform in place, it could create both IT and software asset management headaches if teams either clamor for access to software that they had previously ignored, or go their own way and start adopting non-sanctioned platforms outside IT’s visibility or control.

We’d strongly recommend heading this off before it becomes an issue and making sure that department leads are aware of the software options open to them and their teams and are equipped to use them before everyone starts self-isolating!

As for hardware, we might expect a double-whammy. We’re already seeing the production of mobile and laptop devices being hit across Asia as a result of sickness and factory shutdowns. It’s not beyond imagination that what stock is currently available will soon be snapped-up as organizations either prepare their workforce to ‘go mobile’ or stockpile in anticipation of supply shortages.

Maintaining visibility of devices off-network

Our technology governance responsibilities don’t lessen just because the office is empty. If anything, they increase. So visibility of all the IT assets being used is critical.

If your ITAM tool is predicated on having your organization’s computers directly on the network at the time of audit, you could be in for a difficult time ahead, as you risk not getting any updated audits from laptops in the near future. It can surprising how quickly inventory information degrades in just a matter of weeks and months.

From a licensing perspective, this might cause a huge immediate issue, but when those remote users start calling into the help desk with problems, it could be difficult to resolve if you can’t see the current configuration of the device, what software is installed etc.

Impacts on the ITAM and SAM functions directly

Let’s suppose the ITAM and SAM teams aren’t immune to the effects of the coronavirus and you have team members that themselves need to self-isolate away from the office. Will they still be able to be productive or will the ITAM and SAM functions grind to a halt.

Assuming staff are self-isolating as a precautionary measure, you still want them to be able to access the tools and data they need to work on a daily basis. Is your ITAM or SAM toolset set up to allow that? Can users get to both the reporting and the administrative functions they need remotely?

It’s worth planning for the worst-case scenario. What happens if one or more of the SAM / ITAM team are taken ill? Can you afford for the function to lose productivity? Will that have an adverse impact on the wider business projects you are supporting? If a loss of productivity isn’t an option, do you have staff that are sufficiently skilled and trained to backfill for team members off sick? If not, do you have services agreement in place with a provider than can offer short-notice access to skills on-demand?

I’m sure we are all hoping that Coronavirus doesn’t affect our organizations badly. But as ITAM and SAM professionals, key guardians of our organizations’ technology governance programs, I think it is our responsibility to plan for the worst.