If you were to build a fence around your house to keep out the wild animals, it would not make sense to leave a portion of that fence incomplete. In fact, any gap in your fence would invalidate the purpose of entire fence. A partial fence would not make sense, much like a partial IT security solution would not make sense. Without a complete security solution, you really don’t have “security” at all. When it comes to IT asset management, many organizations continue to operate with a partial solution.
IT Asset Management does not have the same meaning for everyone
I have come to learn from my years of experience working in technology that IT administrators often interpret terminology differently. For example, the word “security” can be interpreted several ways. For some administrators, the word security means virus protection and encryption, for other administrators, it’s about firewalls, secure authentication, and physically securing the assets behind a locked door. The reality is that all of these interpretations are correct and need to be applied when building a complete security solution.
Much like security, IT asset management has different meanings for different IT administrators. For some administrators, asset discovery is asset management. For others, asset lifecycle tracking using bar code scanners is asset management. So, what is a complete asset management solution?
Understand your asset management objectives before you define your asset management requirements.
Although every organization will have unique requirements for their asset management project, there are some common challenges that every organization faces when managing IT assets. To understand the components required to build a complete IT asset management solution, let’s begin by analyzing the most common IT asset management objectives shared by most organizations.
Common IT Asset Management Objectives
1. Control IT asset inventory
Although it is important to collect IT asset inventory information, it is just as important to control asset inventory so that software and hardware assets are not added to the network without the knowledge of IT asset managers. Without controls in place, IT asset reports might not reflect everything on the network. This can be an expensive mistake if software is not in sync with software license entitlements. Furthermore, IT assets that go unnoticed introduce a security risk to the organization.
2. Control IT asset costs
By controlling asset inventory, asset managers are able to control costs by avoiding unnecessary hardware and software acquisitions. When asset managers see all their assets, they are able to map the asset to the features it provides. Many organizations purchase IT assets not knowing that their requirements can be met by existing software and hardware assets that have already been acquired.
IT inventory management helps organizations manage their systems more effectively and saves time and money by avoiding unnecessary asset purchases and promoting the harvesting of existing resources.
3. IT asset budget planning
IT asset managers might not be directly involved in the organization’s budget planning meetings, but in reality, they provide critical information required for building an efficient budget.
Dr. Barbara Rembiesa, President & CEO of IAITAM addressed IT asset managers stating that “Regardless of your specific role in budgeting, we are responsible for how IT Asset Management is viewed by the CIO, the CFO, and all of the other executives leading teams that use IT services.”
It is important for asset managers to provide accurate asset information through business value dashboards to the organizations’ executives. This information is required to create a budget that can properly support IT requirements needed to support business objectives.
Dr. Rembiesa went on to explain that “Unless presented with information about the value delivered as well as the costs of executing the management of assets, executives are left to draw their conclusions without sufficient information.”
4. Software Asset Management (SAM)
I have not met an organization that does not want to track the software licenses they own, so this objective is something every organization is looking to do; however, without the proper tools, many organization struggle with keeping the software information up-to-date.
Gartner defines SAM as “a process for making software acquisition and disposal decisions. It includes strategies that identify and eliminate unused or infrequently used software, consolidating software licenses or moving toward new licensing models”
It is important to know how many licenses you have and how many licenses are used. Without this information, it is not possible to make intelligent decisions regarding software acquisitions and software renewals. Also, without a SAM solution, an organization could be at risk for unexpected costs if they are audited by the software vendor.
5. Lifecycle Management
It is important to know what assets you have, where they are, how they’re used, and how they perform, so that better decisions can be made during any lifecycle stage. For example, IT administrators should be able to see how many PCs were ordered, how many of those PCs arrived at the loading dock, how many PCs are available, and how many PCs are up for a refresh. This is accomplished through a lifecycle management process.
Asset management on its own is not a security solution; however, it does play an important role in an organizations overall security strategy.
Many organizations have recently been hit with ransomware attacks such as WannaCry. On March 14, 2017, Microsoft released a critical patch that protected IT assets from WannaCry ransomware; however, on May 12, 2017, at least 230,000 computers in more than 150 countries were paralyzed by the ransomware. Why? Many organizations that were hit with the ransomware were running unsupported operating systems like Windows XP and Windows 2003, which Microsoft no longer supports.
Asset management reports can help security teams identify older outdated software and hardware that puts an organization at risk. This information is critical when fighting against ransomware attacks such as WannaCry, which targeted outdated operating systems that are still running on many networks today.
Components Required to Satisfy Common Asset Management Objectives
There are three key components that every IT asset management solution should have in order to meet these common asset management objectives:
- Ensures It assets are discovered and documented
- Provides insight to security managers showing them older, outdated systems and applications. This is important when determining risk to the organization
2. Asset Intelligence
- Normalizes IT asset data for accuracy which is needed for software asset management and IT asset reports
- Maps IT assets to other IT assets, to people/owners/cost centers, and to supporting resources such as contracts, warranties, and software vendors
3. Asset Lifecycle Management
- Provides automation to help enforce company procedures in addition to automating business processes.
- On-boarding and off-boarding users
- Inventory control and cost control – also important from a security perspective
- Provides notifications to asset managers about upcoming warranty expirations, software renewals, and changes made to IT assets
In the next installment of this series, I will explore the first component of a complete IT asset management solution: Discovery