CIOs (Chief Information Officers) spend serious sums of money each year on IT. And each year they are asked to do more with less, so getting the most bang for the buck from IT projects is critically important. Because IT is typically a cost center (meaning it doesn’t sell its services and bring in revenue), measuring the value that IT projects bring to the business has always been tricky. Metrics such as ROI (Return on Investment), time to market, and compliance statistics come close but don’t quite cut it. One way to measure value for an IT project is to quantify the dollars it saves the business. To measure this, you need to analyze the time, money or effort that were not spent because the project made those expenditures unnecessary. If you automate Enterprise Mobility Management (EMM) provisioning, for example, employees, administrators and the help desk will spend less time fixing problems with iPads and spend more time being productive. Armed with this data, managers can turn time saved into dollars saved, and demonstrate the value of the EMM project to the business.
The problem with this scenario is that it’s much easier said than done. Automating one simple IT process is hard enough, but automating a critical process that requires multiple isolated systems is a challenge, indeed. Fortunately, this is where ForeScout shines. ForeScout CounterACT® does two things for you:
- It ties multiple systems together to automate business processes. For example, the ForeScout platform integrates with AirWatch™ (EMM provider), Microsoft Active Directory™, ServiceNow (CMDB) and Splunk™ (SIEM).
- It logs data for not only each step of the workflow, but it also pulls relevant data from each of the other systems involved in the process.
#1 is the actual automation work performed and #2 is the paper trail. The latter is critical because it means that all the data you need to measure value is in one place. Generally, measuring value tends to be difficult either because the required data doesn’t exist or it’s spread out over so many systems that it’s impossible to bring together for analysis. For instance, if you deployed McAfee® ePO™ company-wide last week, you can be pretty confident it’s running properly on 100 percent of your systems. But in a few months, how much will that percentage have declined after a Microsoft update has broken the agent, remote employees’ laptops haven’t phoned home in weeks, and employees with admin rights have disabled the scans because they slow their systems to a crawl?
Let’s look at EMM, another popular deployment project for 2016. If you wanted to measure the business value of this project in terms of the increased productivity of your users, you would try to measure the person-hours saved by automating mobile-device-related business processes. To measure this, at a minimum you would need to know how many guests used your EMM solution to gain Internet access, how many employees self-enrolled their devices, the average time these processes took, the number of help desk hours saved by not having mobility issues to fix, and a host of other data points. This requires gathering data from the EMM servers, user directory, trouble-ticket system, and guest portal system, then dumping all that data into a spreadsheet while praying someone in your organization is a wizard with Excel.
In fact, there’s a better way.
ForeScout CounterACT profiles devices that attempt to join the network, allowing or denying access to resources based on your corporate security policy. It can also integrate with your existing IT tools, automating many of the tasks that normally require manual labor. A benefit of this profiling and automation is the creation of a very detailed paper trail that spells out who accessed what, using which device and when. By integrating the ForeScout platform with other technologies in your environment and, in effect, using it as middleware for your business processes, you capture a wealth of data that lets you precisely measure:
- User adoption (For example, if 83 percent of users auto-enrolled their phones and tablets with MobileIron™, CounterACT could determine that)
- Efficiency gains (Through orchestration with ServiceNow data, CounterACT could determine the number of hours of help desk work that were eliminated this month by automated policy enforcement
- Security improvements (If 100 percent of non-compliant laptops and mobile devices were restricted from accessing HIPAA (Health Insurance Portability and Accountability Act) networks, CounterACT could determine that, too)
International Data Corporation (IDC) recently released a compelling report on the business value and IT impact of visibility and control. Check it out here. Also, feel free to contact me at firstname.lastname@example.org.