Working from home (WFH) has meant adjusting to a ‘new normal’ for organizations and their employees wanting to weather the COVID-19 crisis and sustain long-term economic viability. However, WFH has also added to the existing challenge IT teams have, that of keeping track of all assets in use. WFH/remote devices can present a new security risk if they do not adhere to access and privilege protocols. Visibility into these assets will be essential as businesses move forward post-crisis.
The expectation is that more employees will continue working from home, at least part-time, after COVID-19. The recovery phase will demand a closer look at an organization’s asset management and a determination of where improvements in visibility and controls need to be made. It is also an opportunity to find inefficiencies. Enterprise Management Associates (EMA) notes 50% of organizations have 12 or more discovery and/or inventory tools and 11% have more than 30 tools. Worse, IT spends an average of 10 hours a week resolving data accuracy issues, according to the EMA report. And that was before work-from-home orders were in place.
An effective asset management strategy can give IT operations the elements needed to achieve not only thorough visibility and control but better ROI. Consider these best practices:
Visibility begins with a solid foundation.
Organizations are working with inadequate asset tracking and management tools, leading to risky activities like adding unauthorized applications into the network or unlicensed software out of compliance. Too often, organizations rely solely on Active Directory or basic inventory information from endpoint management solutions. A recent survey of IT professionals revealed 43% are still using spreadsheets, 50% are using an endpoint management solution and 45% use inventory tools as one of their resources for tracking. They’re working with disparate sources of information, unable to get one clear view of all assets in use.
Step one of building an effective asset management system is deploying a solution that enables IT to import and combine data from all sources to arrive at a single source of truth – comparing
actual data against discovered data and reporting on discrepancies. It will enable IT to capture all assets in use by remote/home workers, integrating any new data to arrive at a complete asset picture across the organization.
Optimization requires efficient asset management.
Once IT has installed a solution that can bring all asset data into one repository, IT service management (ITSM), IT asset management (ITAM) and software asset management (SAM) now have a central repository of asset information from which to spot previously unsecured assets and to better manage asset lifecycles.
Improved visibility through an integrated solution enables IT to identify when assets need to be replaced and more accurately gauge the impact of switching out assets on workforce productivity. For example, IT can determine the health and performance of a particular laptop, how many laptops are involved, which employees may be impacted, what potential issues would be created, and how much budget it would save. Visibility enables IT to determine if the laptop can be optimally used for another year or more, saving the organization’s budget without impacting service quality.
Effective license governance needs visibility.
IT teams must have insight into the complete inventory of licensed assets to prevent applications from being used that are out of compliance. Rogue applications that are not properly licensed can put an organization at financial risk. Software audits will seek to identify these unlicensed assets in use, resulting in additional costs to an organization. The solution is an asset management system that efficiently tracks licenses by monitoring contracts, purchase and warranty data.
As more employees want to continue working at home, the environment for unauthorized and/or unlicensed assets entering the network presents additional challenges. With a centralized asset management system, IT can avoid more compliance headaches.
Security depends on accurate asset data.
Understanding asset lifecycles, performance, compliance, and cost implications are particularly important for business enterprises operating in highly regulated industries. The medical device industry and the governmental Mobile Device Regulation (MDR) and associated European Database on Medical Devices (EUDAMED) regulations in the European Union are examples of such industries.
Visibility through a centralized, integrated asset management solution is essential to protecting against threats and data breaches that can quickly put an organization out of compliance, and/or cause a devastating loss in business disruption.
Asset management also affects other aspects of the organization’s security posture. Knowing which hardware assets are authorized for use and which software is approved for install and use is essential to ferreting out rogue devices and containing risk. Having a complete asset picture also enables IT to execute all patching updates for relevant assets. IT can’t patch an asset if it doesn’t know the asset even exists within the organization. Further, patching timeliness is critical to stopping vulnerabilities that can put the organization at greater cyber risk.
Asset Management Supports Recovery
Once organizations start bringing more employees back on-site, it will be a time to take a collective breath and think about transitioning to the future and a company’s unique path to long term stability. Some employees may desire a mix of remote/on-site work as their new normal. It is up to IT teams to help make these changes a secure and productive one for the organization. Deploying an asset management system capable of handling these diverse environments, and of corralling data from disparate sources, will give IT the gift of efficiency and order the business needs during this post-crisis time.