I was part of a Forrester Team that recently completed a multi-country rollout tour with Emerson Network Power as they formally released their Trellis DCIM product, a comprehensive DCIM environment many years in the building. One of the key takeaways was both an affirmation of our fundamental assertions about DCIM, plus hints about its popularity and attraction for potential customers that in some ways expand on the original value proposition we envisioned. Our audiences were in total approximately 500 selected data center users, most current Emerson customers of some sort, plus various partners.
The audiences uniformly supported the fundamental thesis around DCIM – there exists a strong underlying demand for integrated DCIM products, with a strong proximal emphasis on optimizing power and cooling to save opex and avoid the major disruption and capex of new data center capacity. Additionally, the composition of the audiences supported our contention that these tools would have multiple stakeholders in the enterprise. As expected, the groups were heavy with core Infrastructure & Operations types – the people who have to plan, provision and operate the data center infrastructure to deliver the services needed for their company’s operations. What was heartening was the strong minority presence of facilities people, ranging from 10% to 30% of the attendees, along with a sprinkling of corporate finance and real-estate executives. Informal conversations with a number of these people gave us consistent input that they understood the need, and in some cases were formerly tasked by their executives, to work more closely with the I&O group. All expressed the desire for an integrated tool to help with this.
I recently went for coffee with a very interesting gentleman who had previously been responsible for threat and vulnerability management in a global bank – our conversation roamed far and wide but kept on circling back to one or two core messages – the real fundamental principles of information security. One of these principles was “know your assets.”
Asset management is something that many CISO tend to skip over, often in the belief that information assets are managed by the business owners and hardware assets are closely managed by IT. Unfortunately, I’m not convinced that either of these beliefs is true to any great extent.
Take, for example, Anonymous’ recent hack of a forgotten VM server within AAPT’s outsourced infrastructure. VM "sprawl" is one of the key risks that Forrester discusses, and this appears to be a classic example – a virtual server created in haste and soon forgotten about. Commonly, as these devices fall off asset lists, they get neglected – malware and patching updates are skipped and backups are overlooked – yet they still exist on the network. It’s the perfect place for an attacker to sit unnoticed and, if the device exists in a hosted environment, it can also have the negative economic impact of monthly cost and license fees. One anecdote I heard was of a system administrator who, very cautiously and very successfully, disabled around 200 orphaned virtual servers in his organisation – with no negative business impact whatsoever.
The IT infrastructure and operations (I&O) organization is no different from any other business function. It employs a multitude of assets to create corporate value. Traditionally, however, I&O’s ability to manage its IT assets has been weak, from both a financial control and an IT asset life-cycle (ITALM) perspective.
Far too often, an I&O organization lacks the necessary controls to avoid IT wastage or remain compliant with software licensing or regulatory requirements. Thankfully (or unfortunately), to date most I&O organizations have been able to get by. But the-times-they-are-a-changing, as do-more-with-less efficiency mandates are prioritized, vendor software audits increase, and the business places greater focus on what IT costs and the value that internal IT delivers. Something has got to give and I&O leaders can step up their game and respond to these internal and external pressures by improving asset management processes to ensure that IT assets are leveraged to maximize the value generated for their parent business.
“I remember when I lost my mind” … oops that’s Gnarls Barkley. I should have started with … I remember when software asset management (SAM) was on my radar as an IT service management (ITSM) practitioner. It was circa 2003, and my then employer was scared to death of the implications of non-compliance. We did some ground work but IMO it somewhat “died a death” when we realized that we had no idea where all the purchase records were – let’s assume they are all compliant now. Since then I have viewed SAM as just being on the to-do list for far too many organizations, never quite making it into the realms of actual “doing.” Sad but true.
Thankfully, however, my first three months at Forrester is changing this opinion – as 30% to 40% of my client inquiries relate to IT asset management (ITAM) and SAM (if you are interested the other 60% to 70% relate to ITIL adoption, process improvement, and ITSM tool selection – there’s a lot of tool replacement going on). SAM is rising from the ashes of its compliance era, in many ways this time “it’s all about the Benjamins.”
Smoke and fire is all around you, the sound of the alarm makes you dizzy and people are running in panic to escape the inferno while you have to find your way to safety. This is not a scene in the latest video game but actually training for e.g. field engineers in an exact virtual copy of a real world environment such as oil platforms or manufacturing plants.
In a recent discussion with VRcontext, a company based in Brussels and specialized since 10 years in asset virtualization, I was fascinated by the possibilities to create virtual copies of real world large, extremely complex assets simply from scanning existing CAD plans or on-site laser scans. It’s not just the 3D virtualization but the integration of the virtual world with Enterprise Asset Management (EAM), ERP, LIMS, P&ID and other systems that allows users to track, identify and locate every single piece of equipment in the real and virtual world.
These solutions are used today for safety training simulations as well as to increase operational efficiency e.g. in asset maintenance processes. There are still areas for further improvements, like the integration of RFID tags or sensor readings. However, as the technology further matures I can see future use cases all over the place – from the virtualization of any kind of location that is difficult or dangerous to enter to simple office buildings for a ‘company campus tour’ or a ‘virtual meeting’. And it doesn’t require super-computing power – it all runs on low-spec, ‘standard’ PCs and the models are only taking few GBytes storage.
So if you are bored of running around in Second Life or World Of Warcraft, if you ever have the chance, exchange your virtual sword for a wrench and visit the ‘real’ virtual world of a fascinating oil rig or refinery.