One of the most important IT business practices that every company large and small should engage in is IT asset management. To ensure your various software and hardware assets are both visible, and measurable over their useful life – generally the use of automated tools to manage the discovery of these types of assets is very important. The ability to establish a complete and accurate picture of your current base of information technology assets not only will have an impact on your ability to properly support your current base of users, but it will also have a direct impact your ability to identify and remediate any type of previously unidentified vulnerabilities.
One of the key steps that necessary to take relative to the implementation of a good IT asset management methodology is the ability to define a measurable process to manage these assets from acquisition through final disposition. This process should include the following components:
Item 1 – Establish a clear set of policies around the acquisition and appropriate use of these type of assets. This process should include a means of tracking existing software and hardware assets, capturing, at a minimum, product name, version, and manufacturer. Additionally, this information can be used to proactively determine software license compliance – which should be measured annually.
Item 2 – Once the asset(s) (software or hardware) have been acquired, you’ll need to implement some form of automation to track their status – from their initial deployment to their disposition. Considering the frequency by which systems and applications change, this type of “best practice” will help optimize the use and performance of these assets throughout their useful life.
There was an excellent article published recently titled, “Back to Basics: 5 Things IT Could Do Better in 2010” – that does an excellent job touching on the importance of asset inventory management. The author and I agree – we both firmly believe that asset inventory management is important security best practice.
Other advantages that can be realized from a well throughout IT asset management program centers around:
Help Desk / Support Reduction – The asset management information you able to garner is invaluable in terms of diagnosing individual system problems, as well as minimizing end-user downtime. Help Desk or Client Support should have access to individual system details directly from whatever system you put into place – which will certainly help improve support levels via a more accurate diagnosis of the problem.
Risk Reduction – These days, with the sheer number of vulnerabilities on the rise, the ability to accurately assess your inventory of both software and hardware go a long way towards helping you reduce risk. It’s very difficult to protect yourself from things that your unaware of…thus (again) the importance of good automation to assist with the process.
In summary…by better understanding the types of assets you currently manage, you’ll quickly realize a much greater level of efficiency, as well as reduce your potential for risk.