Several weeks ago I was in discussion with the CIO of one of our customers. Some of his comments made me think. He said to me, “I don’t know where the value is in SAM and the Snow toolset. Whenever I ask my SAM team (and they are an experienced team) a question they can’t give me a straight answer.”
Unfortunately, the second part of that statement is one that is all too familiar. Regardless whether your organisation has had a SAM function for 1 year or 5 years it crops up time and time again. So why is that?
Suppose the CIO asks the SAM team the following seemingly straight forward question; “What is my financial risk exposure for vendor X?”. The CIO is expecting a black or white answer. However, for the SAM team answering this simple question it means a lot of other questions need to be asked first and lots of data needs to come together.
What products make up the vendor’s portfolio?
Which of these products are installed on our network?
Who is using these products?
Where are they using them from?
Are they full-time employees or contractors?
Do we have visibility of the whole of the network?
How are these products procured?
How are these products packaged?
Do we have a contract?
What are we entitled to use?
What is the entitlement for each product?
What is the compliance metric for each of these products?
Are there maintenance contracts?
Are the software costs OPEX or CAPEX?
Is the CIO expecting to see purchase cost or running cost?
Does the CIO need to see potential audit fine cost?
Do we need to split the risk across the organisation?
What does the organisation look like from an IT or business perspective?
This is to name but a few of the possible questions!
A lot of these questions can be automated and answered by toolsets, however only if the data is accurate. We have all heard of People, Process and Technology. One can’t do without the others. Very true, however I would like to see Data broken out of the Technology piece. If the underlying data is not accurate or incomplete then the People Process and Technology will inevitably fail. The old adage of you don’t know what you don’t know comes to mind.
I notice that more and more of our customers are starting to use SAM data in different parts of their organisations to answer non-SAM related questions. This means augmenting automatically discovered information with additional metadata from other systems, of course this augmented data needs to be accurate as well so identifying the ‘golden’ source of truth is crucial.
The other lesson we can learn from the above questions relates to transparency and clarity. Make sure you have a clear communication plan in place and you know what it is the CIO is actually asking for. What is he/she expecting to see? Have a clear understanding of what is cost to them? If your system is set up to produce apples but your CIO is expecting pears, then you will never satisfy the CIO.
Ultimately, the CIO and any other functions in the business that are consuming your data are your customers and customer satisfaction is based on knowing and fulfilling their expectations.