IT Asset Management, or ITAM, is above all else an exercise in effective governance. ITAM is the practice of managing software and hardware as assets to prevent costly risks and improve performance.
What is ITAM in terms of tangible benefits? Well, ITAM has numerous benefits to the data center.
- Reduce maintenance costs
- reduce unused assets
- limit security risks and prevent data leaks
- Identify root cause issues more quickly
- Be compliant and prepared for audits
- make better procurement decisions
- use licenses more efficiently
As beneficial as effective ITAM practices can be, ineffective ones can be equally costly.
What Happens With Improper ITAM
The following two examples are from real companies. One had an effective ITAM system in place, and the other did not.
A Government institution lost over $200,000 to fines by failing to enable encryption on its hard drives. They didn’t have a system in place for hardware maintenance or monitoring, compromising the health and security of their sensitive data.
A Pacific United States Corporation’s building, and its storage equipment, were both destroyed during an earthquake. They hired a company called securedatarecovery, and because the corporation had an ITAM inventory tool, securedatarecovery was able to retrieve all of the server configurations and replicate the backup server to retrieve all of the data.
Have an ITAM Plan In Place
Before you begin with all the nuances of discovery and compliance, it’s important to have a strategy for all the ITAM tools available to you. Many ITAM strategies revolve around a bottom-up approach: exhaustively categorizing everything and anything within the environment, compiling every purchase since the stone ages, and then reconciling. This is impractical for most enterprises, and generally unnecessary.
Take a Top Down Approach
A Top down approach analyzes where the key assets, risks, and objectives lie, and then works towards handling those before anything else. What it sacrifices in total asset knowledge redundancy, it more than makes up for in efficiency.
Dominate Your Discovery
One of the key aspects of ITAM is the function of discovery. The first priority should be discovery for any priority devices on your home network. Depending on the devices in your network, you may use two different scans:
Windows domain scan
ITAM outside the Network
Scanning relevant devices in the network is crucial, but the devices outside the network can’t be forgotten either. The next step will be discovery for any important assets that are not in your home network. The traditional and effective way to do this is to use agents to scan workstations’ machine information and send it back to the main server. Follow up agent data transfers can be limited to the disparate data that has been added on since the last visit to save resources.
- Agent based discovery:
- Can more effectively monitor specific workstations that have undergone changes
- Plays a role in helping an enterprise define its Infrastructure network from scratch
- Effective for evaluating incident impacts and finding the core cause of problems
- Reduce unnecessary procurement and more optimally prepare for IT asset disposition
- Agentless discovery
- Lower Time investment
- Quick implementation
- No authentification needed
- Requires devices to be connected to the network to be visible
BYOD – Device Overload
The Bring Your Own Device trend is huge. Modern companies typically have hundreds of mobile devices using the network which may or may not be tracked in asset management systems. These devices bring a significant amount of risk. In fact, at a recent black hat hacking conference, 36% of the hackers in attendance agreed that mobile devices were a critical blind spot. Because these devices are constantly shifting between on and off network, static discovery techniques will not cut it. If the resources can be spared, securing this aspect of the network merits doing.
MDM tracking – Mobile device ITAM solution
Whether or not you have a BYOD policy already in place, you can start requiring your workers to register their devices through MDM tracking to allow for dynamic discovery monitoring techniques.
Secure Your Software in One Place
Typically the process for software ITAM goes something like this:
Scan and determine each existing software license and deployment
Determine software expirations and their linked contracts
Reconcile existing licenses
Delete unnecessary software and purchase new licenses for those retained
Of these, reconciling and deleting software take up the most time, as they are mostly just tedious manual labor. While many other manual projects within ITAM can be limited to main priorities, compliance should always be a primary consideration. After first scanning your software and reconciling, you may find that many of the licenses don’t match up; don’t panic, very few companies are perfectly in compliance at first.
Life Cycle Management for ROI management
Assets within a data center have many different life cycle phases, and it’s important to keep track of which asset state your assets are in at any given time to reap the benefits of ITAM.
One of the more important benefits in a world of rapidly expanding IT networks is the potential for scalability.
Be Prepared for Procurement
By having the relevant data on your asset states, you are more prepared for procurement by knowing best when to upgrade hardware. For example, if you know that in the coming months your business will be expanding, your data can tell you how many surplus or reserve servers you have, as well as what your maximum workload potential could be if all systems were running to capacity. ITAM allows for a smooth transition into scalability.
The rest of the ITAM guide will be covered in part two of this series next week!