There has been a wake-up call to IT asset management (ITAM) tools vendors to help create a shift change in how IT (and data) assets are seen in the enterprise.
Lack of information security from the endpoints throughout the infrastructure can impact the core business of an organization. Cyber threats can quickly lead to serious damage, including reputational damage, loss of customers, financial loss or disruption to business operations.
To date, ITAM has been about asset management, as to who has it, where it is, software licensing, and asset depreciation. Now it needs to be about asset management to protect the enterprise, not just the asset.
Why? Because previously, the goal of ITAM has been to improve visibility into the firm’s IT assets at every point in the lifecycle to reduce costs and fulfill compliance initiatives.
The lifecycle of an IT asset has included its procurement, usage, retirement and disposal, and has covered location, configuration, deployed versions, relationships, and historical information. What is missing here is a wider view of cost reduction in the reduction of risk, both of the asset and its data.
When IT operations are more efficient, security is enhanced for both the assets and the enterprise.
Here are some examples of what you can do in your enterprise to change this:
Asset behavior modeling
IT departments should consider installing behavior-based analytics tied to the IT asset management tools, and then they can measure against environmental baselines and have incident response plans in place if an asset is given results outside of the functioning norms.
Proper asset inventory
Older IT assets are not as well documented as the newer ones. It is great to start a policy with new assets entering the enterprise, but many mistakes happen with assets already in use and not accounted for on the inventory.
A good inventory provides information that is useful to daily system management, business office asset tracking and security incident response.
This is a must going forward in IT asset management with baked-in security policies. It is necessary that an IT department has an encryption plan to provide reasonable assurance that all enterprise owned devices, such as laptops, can be identified and encrypted.
Encryption is at the heart of a complete endpoint security solution. When you safeguard the data, you reduce the risk of compromising sensitive customer or employee information, confidential files and your company’s reputation.
Organisations need to make it easier to identify and activate new devices as they come on the network for their usage of encryption, as well as to find the older devices as they log back in for software updates into the network.
Cyber security programs need to be included in IT asset management and need to have strong protocols and policies in place, enabling awareness, knowledge and getting everyone working together so that your organisation can be quick and nimble to react to new threats.
Firms are always trying to innovate to keep ahead of their competitors, but there needs to be an awareness of how such changes in IT asset management tools can help positively impact your technology protection.
I would even suggest that we change the abbreviation to ITARM, which is IT asset risk management. IT asset management is critical for preserving security and ensuring IT resources are used in a cost-efficient and risk reduced manner.
About the Author: Dr. Alea Fairchild is an Entrepreneur-in-Residence at Blue Hill Research. As a technology commentator, she has a broad presence both in the traditional media and online. Alea covers the convergence of technology in the cloud, mobile, and social spaces, and helps global enterprises understand the competitive marketplace and to profit from digital process redesign. She has expertise in the following industries: industrial automation, computer/networking, telecom, financial services, media, transport logistics, and manufacturing. Her clients are both commercial, government / public sector, NGO and trade associations.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Title image courtesy of ShutterStock