Nov 15, 2018 - 01:17 AM
I think your other stakeholders are;
If you are EU-based, or have EU customers, your Chief Privacy Officer or similar role. For GDPR there is a need to keep track of where data is stored and what has processed it. ITAM can help with that.
Internal Audit. Linked the above there may be controls such as PCI-DSS or SOX that require inventory of assets processing payment card & financial information.
That handles the compliance side of the table. Now what about the value-add? I'm guessing that there is a business case for the software-defined network. How is it going to benefit revenue? Which departments benefit most from that increase in revenue? Engage with them as stakeholders to support your proposal.
From personal experience in responding to a PCI-DSS compliance audit it is sometimes surprising what ends up in scope. We were asked to find and remove certain brands of wireless mice because they weren't certified as secure for example. There was no inventory and the only way we achieved it was to do a floor-walk alongside checking records of who had requested rechargeable battery packs.
Once the articles are published I'll link to this thread for future reference.
Nov 16, 2018 - 12:13 AM
Nov 16, 2018 - 07:46 AM
In your case, a full physical audit sounds like it would provide a plethora of data you may not have known you needed.... today you inventory and manage only what is required for licensing.... what about systems with maintenance and support? Are you paying these recurring invoices for physcial devices? What are the chances your paying for maintenace/ support on systems that arent in use, or have been retired permanently?
If this is the case in your organization you may find that your list of stakeholders could increase to include anyone with a budget impacted by support maintenance.