A government agency in Washington, D.C. was informed of a hard drive recall because a certain type of hard drive in their new PCs’ could overheat and potentially start a fire. The PC vendor had three hard drive suppliers and only one of them reported hard drive issues. As a result, the government agency had to open 3,000 PCs to replace 1,000 hard drives.
If you figure it took 10 minutes every time a PC was opened to verify the type of hard drive being used, then 20,000 minutes (333 hours) was wasted opening PCs that did not actually have a hard drive issue. With asset management tools in place, the agency could have created a report that displayed the names of all the PCs with the defected hard drive.
After replacing all hard drives, asset discovery tools would also have discovered the new hard drives as soon as they connected to the network. Remember, just because an asset was added to the management database does not mean it is being tracked. An ongoing asset inventory process is needed to track an asset.
Asset discovery should not be a one-time event. It should be a continuing process that runs on your network. Asset discovery tools provide details about your IT assets by taking inventory of all the asset components on a regular basis, then reports the information back to a central database. Without tracking, assets are easily misplaced or lost.
In one study, laptops were reported to have a 5-10 percent chance of going missing during their lifecycle. Theft accounted for 25-40 percent of those missing laptops. The rest were simply missing. Ongoing inventory processes with most asset management systems will flag assets that stop communicating on the network.
IT Asset Management starts with choosing the right asset discovery tools. To make sure you have a tool that can discover and track the asset for its entire lifecycle in your organization, use the following checklist to define your IT Asset Discovery tool requirements.
The IT Asset Discovery Tool Checklist
Discovers Hardware Details
Choose discovery tools that give you detailed information about your devices. Information, such as part numbers and serial numbers for all the components that make up an IT asset, is not too much to ask. This type of information will come in very handy in the event of a hardware recall.
Discovers Software Details
Choose a discovery tool that can tell you about the Firmware, Drivers, Operating System, and the Software installed on all your PCs and laptops. At face value, you may not think that having this information is important for your security requirements. In actuality, having the ability to verify versions of your software is directly related to your security baselines.
Many older versions of software do not meet current security requirements. Security tools that keep software applications updated often do not account for additional installations of older versions of that same software on the same machine.
Also, do not forget about those software audits, which can cost your organization lots of money. It is important your discovery tools have the ability to give you an accurate inventory of all installed software. You need to know the version installed and the name of the PC or laptop where it is installed. I will discuss software audits in much more detail in an upcoming blog.
Checks-in Often
The asset information in your database is a snapshot in time. The accuracy of your asset information deteriorates over time. For example, imagine it has been a week since your PCs and laptops have checked into the asset management database. If you run a report today to see how many installations you have of a software application, your report will be a week old based on when the asset data was last updated.
Asset Management tools need to “monitor” the assets and report back on a regular basis. It is important to have a report that tells you how long it has been since an asset has checked in. Assets that have not checked in for several days should be flagged and investigated. The asset data should be in question and investigated until the asset is recovered.
Tracks Assets over the Internet
Many organizations allow their users to take their laptops with them for business travel or to work at home. When asked, many IT administrators feel confident about the accuracy of their IT asset information, including the security posture of those assets with one caveat, the remote users. It is important to have asset discovery tools that continue to monitor assets even when off the internal network.
Choose tools that can use the internet to connect to those assets to get any updates or changes. Many IT asset monitoring agents can be configured to “call home” using the internet. Make sure the discovery tools you choose meets this requirement. Simply waiting for the end-user to VPN on to the network so that you can get any asset updates is inefficient and unreliable. Tools that connect and update the asset management database each time the user connects to the internet should be the requirement.
Tracks Asset Changes
Choose asset management tools that can detect changes to your hardware or software. To minimize network traffic, only changes should be sent over the network to the asset management database.
Avoid tools that send ALL of the asset’s information each time the asset checks in to the asset management database. This can cause additional network traffic.
Tracks Location
Choose asset discovery tools that have the capability to provide the location of the asset. Determining the location of the asset can be done by looking at the IP address and mapping the address to the actual location. You could also track the asset location by the associated end user.
No matter how you locate the asset, choose an asset discovery tool that can provide a way for you to locate the asset you are managing. If the asset is off the network, then you should at least know who has it and that the asset is “remote.”
Eliminates End User Disruption
Choose a tool that prevents the end user from interrupting the ongoing processes and communication with the asset management database. The best way to prevent users from interrupting the asset management procedures is to make the solution transparent. If the local agent software is interrupted or removed, the asset tool should have the ability to detect and repair the local agent so that it can continue to report on the state of the asset.
Summary
The foundation of IT Asset Management is collecting all the asset information. Choose discovery tools that detect both hardware and software. Utilize discovery tools that keep the asset management database up-to-date by monitoring the assets for any changes to hardware and software. Above all, you need to be sure that your pcie is adequately providing connections from your computer processors and supplying memory to other components and peripherals. Make sure the tools you choose work on the internal network and over the internet. To ensure accuracy, implement measures to prevent users from interrupting the asset discovery tools. Remember, not only is it important to know the asset exists, it is also important to know where it is located.
Follow me on Twitter @marcelshaw