The Zombie Apocalypse: an IT Asset Manager’s Survival Guide

Zombie Response Van

Zombie Response Van

IT Asset Management is not a profession commonly associated with the undead peril.  Little do their colleagues know, that the beleaguered ITAM specialist faces an ever-increasing horde of mysterious, shambling, moaning zombies.

Here, we detail some of the most common zombie types, and tell you how to spot them…

 

1) The Iron Zombie

Physical zombie server. Trip hazard, vermin house, dust collector...

This increasingly rare zombie species is nevertheless still found in forgotten corners of IT offices, blinking its faded LEDs in sinister fashion, and blowing dust out of its 3.5″ disk drive.

In its laptop variant, this is where your Visio licenses go to die.

Typical Habitats:

  • The footwell under sysadmins’ desks.
  • Corners of network switch rooms.
  • Third drawer down in the filing cabinet (laptop subspecies)

Hazards:

  • Ancient support contracts.
  • Last resting place for expensive developer tool licenses.
  • Heat output overwhelming air conditioning.
  • Incoming malware easily able to overcome unpatched 8 year old Operating System
  • Support or lease payments for an expensive paperweight
  • Broken toes.
  • Mice.

Ways to find them:

  • Trip over them.
  • Follow the sound of dust-clogged fan bearings.
  • Invite a software license auditor into the building.
  • Physical audit of technical office locations.

2) Virtual Zombies

Zombie virtual machiene. You can't photograph these, so here's a diagram.

This modern zombie species is increasingly prevalent, both on-site and off.  As well as simply being untidy, they can have all manner of impacts on the business: one forgotten major-vendor database instance, for example, can suddenly make every processor core on the entire physical backend entirely licenseable (including backdated support. At full list price. Scared yet?).

Gartner analyst Philip Dawson, at the Gartner Datacenter Summit in London, in November 2013, stated that 40% of VMs are over 3 years old, with 20% at least 5 years old.

Typical Habitats:

  • The company virtual farm.
  • Amazon Web Services.

Hazards:

  • Invisibility (or frustratingly visible opacity).
  • Tendency to be service critical without anyone realising. If you turn it off, who is going to scream?
  • You know all that careful capacity optimization you did on the server farm?
  • You can’t patch what you can’t see.

Ways to find them:

  • Invite a software license auditor onto the company network with their own discovery scripts.  This may be expensive.
  • Trawl credit card records for Amazon spend.
  • Agentless discovery, preferably with good quality application and dependency mapping.

3) Bring-Your-Own-Zombie

Bring your own zombie will eat your MDM licenses.

A recently discovered zombie species, the Bring Your Own Zombie is typically created when a user acquires a shiny new device, and either forgets or declines to deregister the old one.  It’s early days for BYOD, of course, so stats are hard to come by, but Amtel estimate a 10% rate of zombification for mobile devices. Okay, they’re an MDM vendor, but even at half that rate, a company with 10,000 BYOD refreshing hardware on a two year cycle will build up up a zombie army of a thousand devices over the next four years. That’s a lot of risky data, and a five- or six- figure excess MDM spend.

With many Mobile Device Management applications being paid for on a per-device subscription basis, the gradual buildup of BYODZ’s can steadily increase your bills, to no actual benefit.  And what of the device itself?  With no clean deregistration, and cleansing of corporate data, your data can become very viral, very quickly.

Typical Habitats:

  • Odd drawers in employees’ houses.
  • Ebay.

Hazards:

  • Will eat your MDM licenses.
  • Software Auditor: “So you’re licensing this software by device? Excellent, can I just take a look at your list of registered tablets and smartphones?”.
  • Never underestimate the corporate-data bandwidth of a padded envelope.

Ways to find them:

  • Amnesty.
  • Ask Joe in Accounting if he’s really still using a Nokia N85.

4) Zombie.bat

Zombie script file

This broad category of zombie includes all scripts, undocumented file imports, complex spreadsheets, mysterious VBA code, and the like, that get created in a productive afternoon by a sysadmin, intern or helpful hobbyist, and which embed themselves into nondescript but rather important tasks like starting up the directory server, or producing billable timesheet reports.
Gartner, at their 2013 Datacenter Summit, expressed a concern in one keynote that undocumented code is on the rise even as IT departments look increasingly to industrialise infrastructure.

Typical Habitats:

  • The finance department. In fact, any department.
  • Microsoft Access.
  • Arcane startup scripts on important servers.

Hazards:

  • Easy to create, difficult to support.
  • Undocumented, unattributed, unseen.

Ways to find them:

  • Have a major outage, trace it back to a six year old Perl script.
  • Wait for a call to the Helpdesk about the important and complicated Excel sales spreadsheet that was written by an intern several years ago, and which has broken.
  • Work with sysadmins to catalog critical code, and preferably built it into a solid CMDB with critical service dependencies

The serious points

Zombie assets are a genuine and growing issue. At best, the problem means that the return on investment in IT infrastructure is not what it should be. With IT budgets squeezed and the increasing demand on CIOs to run their functions as an effective business unit, this is an unnecessary impact on the bottom line, arising directly from IT Assets.  IT Asset Managers should never ignore that.

Additionally, there are plenty of additional circumstances where a lack of control over assets at the end of their lifecycle can lead to unforseen and even dramatic negative consequences:

  • Zombie hardware may still be under support contract.  Leased hardware, if not returned, can incur significant penalties and additional costs.
  • Uncontrolled end-of-life can mean uncontrolled disposal, with the associated risks of data loss, environmental damage and penalty, and negative publicity events arising from either.
  • The relative ease of deploying VMs in the datacenter inevitably risks sprawl.  Datacenters end up “fragmented” in the same way that a PC’s hard drive can, with pockets of unused capacity walled off around badly optimised server images.  “Lost” VMs in particular are a big threat: even if you can’t find them, a hacker or a software auditor might be able to.

What can be done?

At the 2013 Garter IT Financial, Procurement and Asset Management summit, research VP Patricia Adams recommended an “Action Plan for IT Asset Managers”.

  • From “next Monday”, Adams advised, IT Asset Managers should ensure their team is part of the process for staging a VM, focusing on collection of data prior to deployment (as this is easier than doing it reactively.
  • In the “next 90 days”, define an end of life process for virtual applications, and ensure that data on assets and software is accurate.

A recent CIO Asia guest article recommends adopting the ecological principle of “Reduce, Re-use, Recycle” in managing VMs.  Reduction, in this case, by controlling the VM request process and ensuring that each request receives appropriate review and authorisation. Re-use, through control of unused VMs, e.g. by archiving permanently or temporarily, to allow their underpinning architecture to be repurposed. Recycling, by identifying and releasing stranded capacity, where other bottlenecks in the system mean that resources sit unused.

Emerging challenges like BYOD sprawl need new initiatives to reduce risk. Last week I attended a seminar held by members of the software compliance industry (in other words, auditors), and BYOD was a headline presentation topic. Compliance teams are establishing ways to audit these devices, so software consumers need to develop processes to keep them in check.

If Asset Management is accountable for the optimised use of IT assets, then the IT Asset Manager needs to consider their own accountability, even where these functions are directly controlled by other teams.  Get involved, work cross functionally, and ensure that the risks are communicated clearly and vigorously.

Photo credits:
Zombie Response Van: Author’s own photo. The van belongs to Zed Events who hold “Zombie Apocalypse” events in a disused shopping centre in my home town of Reading, UK. I’ve not been, but it looks awesome, and I imagine it’s actually very good practice for the IT Asset Manager faced with a particularly gnarly, uncontrolled Amazon account.
Iron Zombie: From Flickr, used/modified under Creative Commons license, thanks to Vinny Malek.
Virtual Zombie: Author’s own diagram.
Bring-Your-Own-Zombie: From Flickr, used/modified under Creative Commons license, thanks to magic_quote
Zombie.bat: From Flickr, used/modified under Creative Commons license, thanks to *n3wjack’s world in pixels.
Advertisements

itSMF UK and the mysterious case of the missing Asset Managers

logo of the ITSM13 conference

Something is bothering me.

When I first looked at the agenda for the 2013 itSMF UK conference in November, what stood out for me was a glaring omission: where is the IT Asset Management content?

First, let me state: It’s a really good agenda, full of really interesting speakers, and I will certainly aim to be there. I’ve been privileged to work in the the UK ITSM sector for the thick end of two decades, and many of the names on the agenda are people i feel lucky to have worked and interacted with.

If you can, you should definitely go.

However, the lack of any ITAM focus, across more than 40 presentation sessions, is strange. If we want to understand our business services, we have to have a grasp on the assets underpinning them. The nearest this agenda appears to get to that is an interesting looking session on Supplier Management – important, but only part of the picture, and again, something that doesn’t really work without a good knowledge of what we are actually buying.

It took ITIL a while to come to the realisation that an asset is relevant in more ways than being just a depreciating item on a balance sheet, but version 3 finally got there, and then some:

“Service Asset”, according to ITIL v3: Any Capability or Resource of a Service Provider. Resource (ITILv3): [Service Strategy] A generic term that includes IT Infrastructure, people, money or anything else that might help to deliver an IT Service. Resources are considered to be Assets of an Organization Capability (ITIL v3): [Service Strategy] The ability of an Organization, person, Process, Application, Configuration Item or IT Service to carry out an Activity. Capabilities are intangible Assets of an Organization.”

So… we consider our service-underpinning capabilities and resources to be our assets, but we don’t discuss managing those assets at the premier conference about managing the services? More importantly, we offer nothing to its increasingly important practitioners?

As long as ITAM is only discussed at ITAM conferences, and ITSM keeps up the habit of excluding it (this isn’t universal, mind: this presentation by Scott Shaw at Fusion 13 seems to hit the perfect message), then we risk looking disjointed and ineffective to CIOs who depend on the complete picture. To me, that’s pretty worrying.

(Footnote: I did submit a speaker proposal, but this isn’t about my proposal specifically – I’m sure lots of proposals couldn’t make the list)

Gartner’s London summit message: Make ITAM important!

Gartner’s IT Financial, Procurement and Asset Management rolled into London last week (11th and 12th September 2013), and promptly kicked off on an ominous note: Stewart Buchanan’s opening keynote warning that certain roles in IT, including that of the IT Asset Manager, risk becoming obsolete.

As the two day event progressed, however, it became increasingly clear that Gartner’s analysts don’t see ITAM as a complete anachronism. It is important, however, that it evolves with the technology and practices around it. Asset Management needs to become a key strategic tool to the business. For those of us who have been blogging on this theme for some time, and who have witnessed the best ITAM professionals in the industry delivering huge results from this approach, it is great to hear Gartner emphasising it so strongly.

Research Director Victoria Barber stressed the power of a strong “symbiotic relationship” between the Asset Management function, and IT’s financial controllers. “Finance needs to understand how it can leverage the data from Asset; Asset Management needs to understand how to support it”.

Barber’s fellow Research Director Patricia Adams described the evolving role of the IT Asset Management team in an increasingly virtualised environment. By Monday morning, she advised, the ITAM team should ensure that it is part of the process for spinning up a virtual machine.

Moving forward, Adams continued, they need to be aware of emerging technologies and preparing for potential adoption. This needs good awareness of what is going on in the business: “You want to make sure the asset team has the skills to work with the config team, to work with the virtualisation team, to understand what those teams are doing”.

As Buchanan concluded in a later session, companies should “use ITAM to continually improve and optimise both IT operations and the business use of IT”.

To this audience, at least, Gartner’s message is an encouraging one.

Gartner’s 2013 ITAM Repository MarketScope raises the bar for vendors… again

A pole vaulter, silhouetted against the sun, vaults over a high bar
Raising the bar: An athlete pole vaults over a bar, silhouetted against the sun
Gartner’s 2013 MarketScope for the Asset Repository raises the bar again for toolset vendors.

This month, Gartner have released their latest MarketScope for the IT Asset Management repository.

For those of us involved in manufacturing ITAM tools, the MarketScope report is important. It reflects the voice of our customers. It has a very wide audience in the industry. Perhaps most importantly, it shows that standing still is not an option.  Over the last three reports, published in 2010, 2011, and 2013, several big-name vendors have seen their ratings fall. The bar is set higher every year, and rightly so.

IT Asset Management has been undergoing an important and inexorable change over recent years.  Having often been unfairly pigeon-holed as custodians of an merely financial or administrative function, smart IT Asset Managers now find themselves in an increasingly vital position in the evolving IT organization. The image of the “custodian of spreadsheets” is crumbling.  Gartner Analyst Patricia Adams’s introduction to this new MarketScope report gets straight to the point:

The penetration of new computing paradigms, such as bring your own device (BYOD), software as a service (SaaS), infrastructure as a service (IaaS) and platform as a service (PaaS), into organizations, is forcing the ITAM discipline to adopt a proactive position.

Last year, I was fortunate to have the chance to speak at the Annual Conference and Exhibition of IAITAM, in California. It’s an organization I really enjoy working and interacting with, because the people involved are genuine practitioners: thoughtful, intelligent, and doing this job on a day to day basis. I’d just finished my introduction when somebody put their hand up.

“Before we start, please could you tell us what you mean when you say ‘IT Asset'”?

It’s a great question; in fact it’s absolutely fundamental. And different people will give you different answers. It took the ITIL framework – influencer of so much IT management thinking – more than a decade to acknowledge that IT Assets were anything other than simple items needing basic financial management. My answer to this question was much more in line with ITIL’s evolved definition of the Service Asset): It’s might include any of the components that underpin the IT organization, whether they’re physical, virtual, software, services, capabilies, contracts, documents, and numerous other items. IT Assets are the vital pieces of IT services.

If it costs money to own, use or maintain; if it could cause a risk or liability; if it’s supported by someone; if we need to know what it’s doing and for whom; if customers would quickly notice if it’s gone… then it’s of significant importance to the IT Asset Manager.  Why? Because it’s probably of significant importance to the executives who depend increasingly on the IT Asset Manager.

One simple example of evolved IT Asset Management: A commercial application might be hosted by a 3rd party, running in a data centre you’ll never see, on virtual instances moving transparently from device to device supported by a reseller, but if you can’t show a software auditor that you have the right to run it in the way that you are running it, the financial consequences can be huge.  To provide that insight, the Asset Manager will need to work with numerous pieces of data, from a diverse set of sources.

The role of Asset Management in the new, service-oriented IT organization, is summed up by Martin Thompson in the influential ITAM Review:

“ITAM should be a proactive function – not just clearing up the mess and ensuring compliance but providing a dashboard of the costs and value of services so the business can change accordingly.”

Asset Managers are needing to redefine their roles, and we need to ensure our products grow with them.  We need to continue to provide ways to manage mobility, and cloud, and multi-sourcing, and all of the other emerging building blocks IT organizations.  Our tools must integrate widely, gather information from an increasing range of sources, support automated and manual processes, and provide effective feedback, insight and control. Our goal must be continually to enable the Asset Manager to be a vital and trusted source of control and information.

Gartner’s expectations are shaped by the customers, practitioners and executives with whom they speak. In their words, the old image of an ITAM tool as a simple repository of data is evolving “… from “What do I have?” to “What insight can ITAM provide to improve IT business decisions?”.

I’m very proud that we have held our “Positive” rating over the last three MarketScope reports in this area. Gartner’s message ITAM vendors is clear: You have to keep moving and evolving. The bar will continue to rise.

Image courtesy of Sebastian Mary on Flickr, used with thanks under Creative Commons licensing.

ITAM 2015: The evolving role of the IT Asset Manager

In a previous post, we discussed the fact that IT Asset Management is underappreciated by the organizations which depend on it.

That article discussed a framework through which we can measure our performance within ITAM, and build a structured and well-argued case for more investment into the function.  I’ve been lucky enough to meet some of the best IT Asset Management professionals in the business, and have always been inspired by their stories of opportunities found, disasters averted, and millions saved.  ITAM, done properly, is never just a cataloging exercise.

As the evolution of corporate IT continues at a rapid pace, there is a huge opportunity (and a need) for Asset Management to become a critical part of the management of that change.  The role of IT is changing fundamentally: Historically, most IT departments were the primary (or sole) provider of IT to their organizations. Recent years have seen a seismic shift, leaving IT as the broker of a range of services underpinned both by internal resources and external suppliers. As the role of the public cloud expands, this trend will only accelerate.

Here are four ways in which the IT Asset Manager can ensure that their function is right at the heart of the next few years’ evolution and transition in IT:


1: Ensure that ITIL v3’s “Service Asset and Configuration Management” concept becomes a reality

IT Asset Management and IT Service Management have often, if not always, existed with a degree of separation. In  Martin Thompson’s survey for the ITAM Review, in late 2011, over half of the respondents reported that ITSM and ITAM existed as completely separate entities.

Despite its huge adoption in IT, previous incarnations of the IT Infrastructure Library (ITIL) framework did not significantly detail IT Asset Management as many practitioners understand it. Indeed, the ITIL version 2 definition of an Asset was somewhat unhelpful:

“Asset”, according to ITIL v2:
“Literally a valuable person or thing that is ‘owned’, assets will often appear on a balance sheet as items to be set against an organization’s liabilities. In IT Service Continuity and in Security Audit and Management, an asset is thought of as an item against which threats and vulnerabilities are identified and calculated in order to carry out a risk assessment. In this sense, it is the asset’s importance in underpinning services that matters rather than its cost”

This narrow definition needs to be read in the context of ITIL v2’s wider focus on the CMDB and Configuration Items, of course, but it still arguably didn’t capture what Asset Managers all over the world were doing for their employers: managing the IT infrastructure supply chain and lifecycle, and understanding the costs, liabilities and risks associated with its ownership.

ITIL version 3 completely rewrites this definition, and goes broad. Very broad:

“Service Asset”, according to ITIL v3: Any Capability or Resource of a Service Provider.   Resource (ITILv3):    [Service Strategy] A generic term that includes IT Infrastructure, people, money or anything else that might help to deliver an IT Service. Resources are considered to be Assets of an Organization  Capability (ITIL v3): [Service Strategy] The ability of an Organization, person, Process, Application, Configuration Item or IT Service to carry out an Activity. Capabilities are intangible Assets of an Organization.”

This is really important. IT Asset Management has a huge role to play in enabling the organization to understand the key components of the services it is providing. The building blocks of those services will not just be traditional physical infrastructure, but will be a combination of physical, logical and virtual nodes, some owned internally, some leased, some supplied by external providers, and so forth.

In many cases, it will be possible to choose from a range of such options, and a range of suppliers, to fulfill any given task. Each option will still bear costs, whether up-front, ongoing, or both. There may be a financial contract management context, and potentially software licenses to manage. Support and maintenance details, both internal and external, need captured.

In short, it’s all still Asset management, but the IT Asset Manager needs to show the organization that the concept of IT Assets wraps up much more than just pieces of tin.


2: Learn about the core technologies in use in the organization, and way they are evolving:

A good IT Asset Manager needs to have a working understanding of the IT infrastructure on which their organization depends, and, importantly, the key trends changing it. It is useful to monitor information sources such as Gartner’s Top 10 Strategic Technology Trends, and to consider how each major technology shift will impact the IT resources being managed by the Asset Manager.  For example:

Big Data will change the nature of storage hardware and services.  Estimates of the annual growth rate of stored data in the corporate datacenter typically range from 40% to over 70%. With this level of rapid data expansion, technologies will evolve rapidly to cope.  Large monolithic data warehouses are likely to be replaced by multiple systems, linked together with smart control systems and metadata.

Servers are evolving rapidly in a number of different ways. Dedicated appliance servers, often installed in a complete unit by application service providers, are simple to deploy but may bring new operating systems, software and hardware types into the corporate environment for the first time. With an increasing focus on energy costs, many tasks will be fulfilled by much smaller server technology, using lower powered processors such as ARM cores to deliver perhaps hundreds of servers on a single blade.

Image of Boston Viridis U2 server
An example of a new-generation server device: Boston’s Viridis U2 packs 192 server cores into a single, low-power unit

Software Controlled Networks will do for network infrastructure changes what virtualization has done for servers: they’ll be faster, simpler, and propagated across multiple tiers of infrastructure in single operations. Simply: the network assets underpinning your key services might not be doing the same thing in an hour’s time.

“The Internet of Things” refers to the rapid growth in IP enabled smart devices.
Gartner now state that over 50% of internet connections are “things” rather than traditional computers. Their analysis continues by predicting that in more than 70% of organizations, a single executive will have management oversight over all internet connected devices. That executive, of course, will usually be the CIO. Those devices? They could be almost anything. From an Asset Management point of view, this could mean anything from managing the support contracts on IP-enabled parking meters to monitoring the Oracle licensing implications of forklift trucks (this is a real example, found in their increasingly labyrinthine Software Investment Guide). IT Asset Management’s scope will go well beyond what many might consider to be IT.

SF parking meter - an example of an IP enabled "thing"
A “thing” on the streets of San Francisco, and on the internet.

3: Be highly cross functional to find opportunities where others haven’t spotted them

The Asset Manager can’t expect to be an expert in every developing line of data center technology, and every new cloud storage offering. However, by working with each expert team to understand their objectives, strategies, and roadmaps, they can be at the center of an internal network that enables them to find great opportunities.

A real life example is a British medical research charity, working at the frontline of research into disease prevention. The core scientific work they do is right at the cutting edge of big data, and their particular requirements in this regard lead them to some of the largest, fastest and most innovative on-premise data storage and retrieval technologies (Cloud storage is not currently viable for this: “The problem we’d have for active data is the access speed – a single genome is 100Gb – imagine downloading that from Google”).

These core systems are scalable to a point, but they still inevitably reach an end-of-life state. In the case of this research organization, periodic renewals are a standard part of the supply agreement. As their data centre manager told me:

“What they do is sell you a bit of kit that’ll fit your needs, front-loaded with three years support costs. After the three years, they re-look at your data needs and suggest a bigger system. Three years on, you’re invariably needing bigger, better, faster

With the last major refresh of the equipment, a clever decision was made: instead of simply disposing of, or selling, the now redundant storage equipment, the charity has been able to re-use it internally:

We use the old one for second tier data: desktop backups, old data, etc. We got third-party hardware-only support for our old equipment”.

This is a great example of joined-up IT Asset Management. The equipment has already largely been depreciated. The expensive three year, up-front (and hence capital-cost) support has expired, but the equipment can be stood up for less critical applications using much cheaper third party support. It’s more than enough of a solution for the next few years’ requirements for another team in the organization, so an additional purchase for backup storage has been avoided.

bigdata

4: Become the trusted advisor to IT’s Financial Controller

The IT Asset Manager is uniquely positioned to be able to observe, oversee, manage and influence the make up of the next generation, hybrid IT service environment. This should place them right at the heart of the decision support process. The story above is just one example of the way this cross-functional, educated view of the IT environment enables the Asset Manager to help the organization to optimize its assets and reduce unnecessary spend.

This unique oversight is a huge potential asset to the CFO. The Asset Manager should get closely acquainted with the organization’s financial objectives and strategy. Is there an increased drive away from capital spend, and towards subscription based services? How much is it costing to buy, lease, support, and dispose of IT equipment? What is the organization’s spend on software licensing, and how much would it cost to use the same licensing paradigms if the base infrastructure changes to a newer technology, or to a cloud solution.

A key role for the Asset Manager role in this shifting environment is that of decision support.  A broad and informed oversight over the structure of IT services and the financial frameworks in place around them, together with proactive analysis of the impact of planned, anticipated or proposed changes, should enable the Asset Manager to become one of the key sources of information to executive management as they steer the IT organization forwards.

Parking meter photo courtesy of SJSharkTank on Flickr, used under Creative Commons license

Of course there is value in BYOD, and users know where to find it.

A pile of smartphones and tablets

Analysis of the advantages and disadvantages of BYOD has filled countless blogs, articles and reports, but has generally missed the point.

Commentators have sought to answer two questions. Firstly, if we allow our employees to use their own devices, will it save us money?  Secondly, will it make them more productive?

The answer to the first question was widely assumed, early on, to be yes.  An early adopter in the US government sector was the State of Delaware, who initiated a pilot in early 2011. With their Blackberry Enterprise Server reaching end-of-life, the program aimed to replace it altogether, getting all users off the infrastructure by mid-2013, and replacing it with monthly payments to users to cover the costs of working on their own cellular plans:

The State agreed to reimburse a flat amount for an employee using their personal device or cell phone for state business. It was expected that by taking this action the State could stand to save $2.5 million or approximately half of the current wireless expenditure.

The State evaluated the cost of supplying its own Blackberry devices at $80 per month, per user. The highest rate paid to employees using their own devices (for voice and data) is $40 per month.

At face value, this looks like a big saving, but many commentators – and practitioners – don’t see it as typical. One of the most prominent naysayers in this regard has been the Aberdeen Group. In February 2012, Aberdeen published a widely-discussed report which suggested that the overall cost of a BYOD program would actually be notably higher than a traditional, centralized, company-issued smartphone program:

The incremental and difficult-to-track BYOD costs include: the disagregation of carrier billing; an increase in the number of expense reports filed for employee reimbursement; added burden on IT to manage and secure corporate data on employee devices; increased workload on other operational groups not normally tasked with mobility support; and the increased complexity of the resulting mobile landscape resulting in rising support costs.

http://blogs.aberdeen.com/communications/byod-hidden-costs-unseen-value/

Aberdeen reported the average monthly reimbursement paid to BYOD users as $70, higher than the State of Delaware’s $40. And reimbursement is an important term here: to avoid the payments being treated as a “benefit-in-kind”, employees had to submit expense reports showing proof of already-paid mobile bills.

The State had to ensure that it was not providing a stipend, but in fact a reimbursement after the fact… This avoids the issue associated with stipends being taxable under the IRS regulations.

http://www.whitehouse.gov/digitalgov/bring-your-own-device

As Aberdeen pointed out, there is a cost to processing those expense reports. They reckon the typical cost of this to be $29. Even with the State’s $40 reimbursement level, that factor alone would wipe out most of the difference in cost compared to that $80 monthly cost of a State-issued Blackberry, and that is before other costs such as Mobile Device Management are accounted for (another US Government pilot, at the Equal Employment Opportunities Commission, reported $10 per month, per device, for their cloud-based MDM solution). Assuming this document is genuine, it’s clearly an important marketing message for Blackberry.

Of course, there are probably ways to trim many of these costs, and perhaps a reasonable assessment would be that many organizations will be able to find benefits, but others may find it difficult.

So if the financial case is not a slam-dunk, then BYOD needs to be justified with productivity gains.  And this is a big challenge: how do we find quantifiable benefits from a policy of allowing users to work with their own gadgets?

The analysis in this regard has been a mixed bag. The conclusions have often been ranged from subjective to faintly baffling (such as the argument that BYOD will be a “productivity killer” because employees will no longer log in and work during their international vacations.  Er… perhaps it’s just me, but if I were a shareholder of an organization that felt that productivity depended on employees working from the beach, I’d be pretty concerned).

One of the best pieces of analysis to date has been Forrester’s report, commissioned by Trend Micro, entitled “Key Strategies to Capture and Measure the Value Of Consumerization of IT”:

More than 80% of surveyed enterprises stated that worker productivity increased due to BYOD programs. These productivity benefits are achieved as employees use their mobile devices to communicate with other workers more frequently, from any location, at any time of the day. In addition, nearly 70% of firms increased their bottom line revenues as a result of deploying BYOD programs.

A nice positive message for BYOD there, but there’s arguably a bit of a leap to the conclusion about bottom-line revenue increase. It’s not particularly clear from the report how these gains have resulted directly from a BYOD program. A critic might be justified in asking how believable this conclusion is.

However, when we look at how people use their personal devices through their day, surely it’s perfectly credible to associate productivity and revenue increases to their use of consumer technology at work? Even before the working day has started, if an employee has got to their desk on time, there’s a pretty strong chance this was assisted by their smartphone. The methods, and the applications of choice, will vary from person to person: perhaps they are using satellite road navigation to avoid delays, or smoothly linking public transport options using online timetables, or avoiding queues using electronic ticketing. On top of that, if they’re on the train, they’re probably online, which can mean networking and communication has been going on even before they arrive at the building.

This reduction of friction in the daily commute, as described by BMC’s Jason Frye in two blog posts here and here, is a daily reality for many employees, and it’s indicative of the wider power of harnessing users’ affinity with their own gadgets. But how can this effectively be measured?  It’s difficult, because no two employees will be doing things quite the same – everybody’s journey to work is different. The probability of finding the same collection of transport applications on two employees’ smartphones is near zero, yet the benefits to each individual are obvious.

Equally, every knowledge worker’s approach to their job is different, and the selection of supporting applications and tools available through consumer devices is vast. Employees will find the best tools to help them in their day job, just as they do for their commute.

Now, perhaps we can also see some flaws in the balance-sheet analysis we’ve already discussed. As employees work better with their consumer devices, they rely less on traditional business applications. The global application store is proving to be a much better selector of the best tools than any narrow assessment process, ensuring that the best tools rise to the top. Legacy applications don’t need to be expensively replaced or upgraded in the consumer world: they die out of their own accord and are easily replaced. BYOD, done well, should reduce the cost of providing software, as well as hardware.

Some commentators cite incompatibility between different applications as a potential hindrance to overall productivity, but this misses the point that the consumer ecosystem is proving much better at sharing and collaboration than the business software industry has been. Users expect their content to be able to work with other users’ applications of choice, and providers that miss this point see their products quickly abandoned (imagine how short-lived a blogging tool would be if it dropped support for RSS).

The lesson for business? Trust your employees to find the best tools for themselves. Don’t rely on over-rigid productivity studies that miss the big picture. Don’t over-prescribe; concentrate on the important things: device and data security, and the provision of effective sharing and collaboration tools that join the dots. And ask yourself whether that expense report really needs to cost $29 to process through traditional business systems and processes, when your employees are so seamlessly enabled by their smartphones…

Image courtesy of Blakespot on Flickr, used under Creative Commons license.