Hello.  I wonder if anyone has guidance on which IT Tower & Sub-tower to use for security software tools and appliances (such as firewalls).  The Security tower definitions focus on resources, so I am not sure that it is appropriate to place software and hardware there.  The Application tower Business Software subtower focuses on business-facing software, and many of the security tools are IT-facing.  The firewalls could be considered network devices, but none of the sub-towers seem to fit.  Could you please share your perspectives on where to put these things?

In my experience I've mapped this spend to Security & Compliance>>Security.

Audrey

On Wed, Mar 6, 2019 at 10:05 AM awelch@dollargeneral.com <

We have mapped the major part to Security & Compliance -> Security.

Specific line costs for internet connection are mapped to Network -> Transport.

We keep them in Security under Security & Compliance Tower. Information security has to be treated separately from other IT Resource Towers much like a business unit. We have a direct mapping of security cost center to Security & Compliance Tower which include all security infrastructure purchases. However, there are some overlap between network and security & compliance towers. In this case who made the purchase and/or is going to be managed determines whether to go to network or security & compliance tower. 

We put firewall costs to Network.  Palo and F5 are considered networking for us.

Thanks, Neda.  Which sub-tower under Network?

We put it to Transport.  

If you have "firewalls configuration items" registered in your IT Software Inventory... Why not  move the cost towards the software registered.

We have 'FIREWALL - PALO ALTO' registered as an IT Application. I am not sure if it is correct... but it is not up to me as TBMA to decide that. If I find PALO ALTO cost... I map it to the Application tower and let the product owner taste the cost. 

For "security software tools" Security & Compliance teams, we map them to Application in order to see Application TCO (generally, anything that has a software license or app support team is considered application, regardless of the function it provides.  We roll these costs back together at the Service level.  However, this  has recently come up as a topic of discussion (whether or not this particular software should sit in the Security tower).  Is anyone else representing these tools as application related expense?

We also have a plan to map more of the projects (in general (not limited to security)) to applications. It is easier for the Apptio users and analyst in the IT Function to gather the cost when most of it is gathered in the application dimension.