Discovery, do you take the blue or red pill?

A great quote from one of my favourite movies and despite the fact it is used a lot in different contexts, I like how relevant it is to the topic of Discovery.

“You take the blue pill - the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill - you stay in Wonderland, and I show you how deep the rabbit hole goes. Remember: all I'm offering is the truth. Nothing more.”

Take the blue pill and you stay in the dark, you lack visibility into the IT landscape which leaves you exposed from a Security and compliance perspective. You are hampered from a finance perspective as you are not empowered to make informed decision on future spend and budgets and finally the ability of IT to be proactive when providing service to its customers is greatly reduced.

Enter the red pill, (Discovery), now this is no magical red pill, it won’t solve all your problems (it did after all introduce all sorts of other problems for Neo) but it will start you on a journey to Wonderland, towards visibility, accurate security compliance and proactive service delivery and the Nirvana that many customers want - Enterprise Fiscal Accountability, the ability to cross charge within the organisation.

Achieving success with IT Service Management

At Ivanti’s local Interchange Unplugged events, I presented a session on “It starts with Discovery”, I talked a lot about why Discovery is important and why it is the foundation for success in several areas of IT, for example:

  • Security - ensuring accuracy of security posture reporting, reducing risks, and increasing compliance
  • ITAM (SAM) - proactive discovery ensures you have accurate data to feed into the SAM tool, meaning correct license position reduced exposure of non-compliance
  • ITAM (HAM) - accurate data also supports hardware life cycle management and allows you to forecast and budget future spend when you know warranty or maintenance end dates.
  • Service Management - knowing what devices are in use / assigned to users can speed up troubleshooting or request fulfillment when users contact the Service Desk.

Complying with the Australian Signals Directorate

Another important aspect is what the experts say, at Ivanti we follow the Australian Signals Directorate (ASD) security controls when we talk about Security. As far as Discovery goes, there are several professional organisations we reference:

  1. IAITAM (International Association of Information Technology Asset Managers), identify discovery as the first tool that organisations should invest in when starting an ITAM program.
  2. ASD (Australian Signals Directorate) is also very relevant to discovery, they say before even starting to implement mitigation strategies, organisations need to “Identify their assets”.
  3. NDB (Notifiable Data Breach) laws, introduced this year under Australia’s Privacy Act. Organisations need visibility over the devices in the organisation to know if/when a data breach affects them, for example if someone leaves their laptop in a café or it is stolen.
  4. GDPR (General Data Protection Regulation) came into effect this year in the EU and the relevance to Discovery is similar to the NDB and can certainly affect Australian organisations if they are storing data on EU citizens.
  5. ISO (Internal Organization for standardization) developed ISO 19770-1 specifically describing for an IT Asset management system, this maps quite closely to ISO 27001 and both standards reference the fact that “you can’t manage what you don’t know” which you cannot do without Discovery!

In future blogs I will explore each of these professional organisations in more detail and their relevance to Discovery and more broadly IT Asset Management.

So, which pill do you choose? Blue or red?