Discovery: Do You Take the Blue or Red Pill to Ease the ITAM Woes?
A great quote from one of my favourite movies and despite the fact it is used a lot in different contexts, I like how relevant it is to the topic of Discovery:
“You take the blue pill - the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill - you stay in Wonderland, and I show you how deep the rabbit hole goes. Remember: all I'm offering is the truth. Nothing more.”
Back on topic, we can take the blue pill and stay in the dark, blissfully unaware that we lack visibility into the IT landscape which leaves us exposed to license audits, financial accountability, as well as security risk and compliance. We are hampered from a finance perspective as we are not empowered to make informed decisions on future spend, and budgets. In addition the ability of IT to be proactive when delivering services to its customers is reduced.
Enter the red pill, (Discovery), now this is no magical red pill, it won’t solve all your problems (it did after all introduce all sorts of other problems for Neo) but it will start you on a journey to Wonderland, towards visibility, accurate security compliance and proactive service delivery and the nirvana that many customers want - Enterprise Fiscal Accountability, the ability to cross charge within the organisation.
Discovery is seen as too hard because the fact is to obtain meaningful data, proactive discovery of your network and devices needs certain access to the network and endpoints which means allowing exceptions for the discovery tool to be effective, but the benefits this returns to the organisation are many, four such areas that directly benefit are:
- ITAM (SAM) - proactive discovery ensures you have accurate data to feed into the SAM tool, meaning correct license position, reduced exposure of non-compliance and identification of cost savings.
- ITAM (HAM) - accurate data also supports hardware life cycle management and allows you to forecast and budget future spend when you know warranty or maintenance end dates.
- Service Management - knowing what devices are in use / assigned to users can speed up troubleshooting or request fulfillment when users contact the Service Desk.
- Security - ensuring accuracy of security posture reporting, reducing risks, and increasing compliance because “you know what you have”.
Another important aspect is what the experts say, at Ivanti we follow the Australian Signals Directorate (ASD) Essential 8 framework when we talk about Security. As far as Discovery goes, there are several professional organisations we reference:
- IAITAM (International Association of Information Technology Asset Managers), identify discovery as the first tool that organisations should invest in when starting an ITAM program.
- ASD (Australian Signals Directorate) is also very relevant to discovery, they say before even starting to implement mitigation strategies, organisations need to “Identify their assets”.
- NDB (Notifiable Data Breach) laws, introduced this year under Australia’s Privacy Act. Organisations need visibility over the devices in the organisation to know if/when a data breach affects them, for example if someone leaves their laptop in a café or it is stolen.
- GDPR (General Data Protection Regulation) came into effect this year in the EU and the relevance to Discovery is similar to the NDB and can certainly affect Australian organisations if they are storing data on EU citizens.
- ISO (Internal Organization for standardization) developed ISO 19770-1 specifically describing for an IT Asset management system, this maps quite closely to ISO 27001 and both standards reference the fact that “you can’t manage what you don’t know” which you cannot do without Discovery!
“You can’t secure (or manage) what you don’t know about” is a sentence you’ve no doubt heard many times, because it is a (not so) well-known fact, businesses need to be aware of what they are trying to manage, secure and support. Someone once said to me that monitoring of IT environments is the lowest priority in organisations (which at the time due to my background I found odd as I’d always felt like Service Desk was given the lowest) but I think that Discovery is actually seen as the lowest priority, yet it provides huge return on investment!
So, which pill do you choose? Blue or red? If you are keen in the adventures of the red pill, read more about Ivanti Discovery here and jump on in.