Americas

  • United States

Asia

Oceania

Contributor

Three reasons you should care about technology asset management

Opinion
May 10, 20165 mins
Endpoint ProtectionIT LeadershipSecurity

I am a frequent visitor to the busy outlet of Jason’s Deli (in my mind, one of the best-managed chains in the food business). A few months ago, I came in at lunch and tried to use the automated kiosk to order the salad bar. The kiosk software was not running, and I was able to see the underlying Windows logo — XP. The idea of processing credit cards on an unsupported XP machine is not one that promotes sound sleep. Fortunately, management resolved the issue in a few days, once the company realized the problem.

Jason’s Deli, despite being well managed, was caught off guard by the same issue that plagues most businesses I have encountered, both large and small: the inability to track and manage the computing assets.

This is not a new issue. The problem began with the deployment of the PC in the business world. In those days, we were installing them as quickly as possible, without any provision for tracking or centralized management. The growing complexity of office networks, and the related deployment of large numbers of network devices to locked closets, has made matters worse.

We got away with poor asset management until the organized hacking world discovered that it could use this inability to its advantage. Thus, even small businesses today have numerous vulnerable computing devices and software packages, and most have no means of tracking either the hardware or software, or assessing the related risks. We pay the price via network penetrations and data breaches.

Most companies I talk to today understand that they have created an asset monster, but they are not sure just how to tame it. This is understandable, given that it is not an easy problem to solve.

I learned this first hard when I took a job with a well-run software company a few years ago. At my arrival, Microsoft had discovered via audit that it had accidentally under-purchased Office licenses. The software company had been compelled to purchase an expensive asset management appliance, which it was getting ready to replace, because it could not get Office to work. Microsoft was also insisting that the software company sign an expensive Enterprise agreement.

I was able to make the company’s asset management system work, and get Microsoft satisfied. What I discovered, however, when all licenses were accounted for, was that, in the process of correcting the issue, the software company had well over-purchased licenses. An expensive proposition either way.

Hopefully you recognize that you probably have an asset management problem. Now, let me suggest the three reasons that solving it should be a priority for you:

1. Unsupported systems, big risks

Windows XP has been unsupported for some time, and 2003 is right behind it. Like Jason’s Deli, most organizations have no way to even quantify their number of unsupported systems. As hard is that is to sort out, however, it seems that the hacking world is not similarly constrained. It seems to have no problem zeroing in on these systems as part of an attack.

While PCs and servers present a major problem, the issue of unsupported network gear may be worse, particularly in the small/medium business world. As I suggested in”The firewall — has the ‘magic’ box lost its mojo?”, network vendors often drop support for a router, firewall or access point model quickly, in favor of a new one. This often leaves the old models unsupported. I have found that it is not uncommon to find network equipment on store shelves that are already unsupported. A network device that no longer receives firmware updates is an invitation to security trouble. Asset management gives you some visibility into these issues.

2. Untracked software

Not many years ago, vendor audits of software licensing was making the news, with many companies ending up in court. While our cybersecurity woes have pushed this news off the front page, vendors are still auditing companies, and finding their licensing practices to be wanting. The financial and legal ramifications remain significant.

These is a deeper issue with software, however: the presence of unsupported software with known vulnerabilities. As a recent example, Apple discontinued support for QuickTime for Windows, just as a major new vulnerability was found. Could you easily figure out if any workstations on your network were running this, or any other unsupported software? You cannot secure your software unless you know what versions are running on each system.

3. Equipment life cycle

We all like to think that systems will run forever, but sooner or later, reality will set in. You arrive at the office one morning to find a key application down, investigate, and find out that the system on which it ran was 8 years old and died overnight. According to an Intel study, older PCs are more expensive to repair or replace than newer systems. Equipment life cycle is something you need to plan, and not something that should suddenly turn into a crisis.

If you are convinced that you need to begin tackling your asset problems, here are some products that can help: 

  • NMAP — This is a good, free tool for discovering equipment on your network.
  • Dell KACE — A good (albeit expensive) asset management appliance, also offered as a service.
  • ManageEngine AssetExplorer — A more affordable software-based asset management system.

Bottom line: You will face your asset problems sooner or later. Why not do it on your terms?

Contributor

Robert C. Covington, the "Go To Guy" for small and medium business security and compliance, is the founder and president of togoCIO.com. Mr. Covington has B.S. in Computer Science from the University of Miami, with over 30 years of experience in the technology sector, much of it at the senior management level. His functional experience includes major technology implementations, small and large-scale telecom implementation and support, and operations management, with emphasis on high-volume, mission critical environments. His expertise includes compliance, risk management, disaster recovery, information security and IT governance.

Mr. Covington began his Atlanta career with Digital Communications Associates (DCA), a large hardware/software manufacturer, in 1984. He worked at DCA for over 10 years, rising to the position of Director of MIS Operations. He managed the operation of a large 24x7 production data center, as well as the company’s product development data center and centralized test lab.

Mr. Covington also served as the Director of Information Technology for Innotrac, which was at the time one of the fastest growing companies in Atlanta, specializing in product fulfillment. Mr. Covington managed the IT function during a period when it grew from 5 employees to 55, and oversaw a complete replacement of the company’s systems, and the implementation of a world-class call center operation in less than 60 days.

Later, Mr. Covington was the Vice President of Information Systems for Teletrack, a national credit bureau, where he was responsible for information systems and operations, managing the replacement of the company’s complete software and database platform, and the addition of a redundant data center. Under Mr. Covington, the systems and related operations achieved SAS 70 Type II status, and received a high audit rating from the Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency.

Mr. Covington also served as Director of Information Technology at PowerPlan, a software company providing software for asset-intensive industries such as utilities and mining concerns, and integrating with ERP systems including SAP, Oracle Financials, and Lawson. During his tenure, he redesigned PowerPlan's IT infrastructure using a local/cloud hybrid model, implemented IT governance based on ITIT and COBIT, and managed the development of a new corporate headquarters.

Most recently, Mr. Covington, concerned about the growing risks facing small and medium business, and their lack of access to an experienced CIO, formed togoCIO, an organization focused on providing simple and affordable risk management and information security services.

Mr. Covington currently serves on the board of Act Together Ministries, a non-profit organization focused on helping disadvantaged children, and helping to strengthen families. He also leads technical ministries at ChristChurch Presbyterian. In his spare time, he enjoys hiking and biking.

The opinions expressed in this blog are those of Robert C. Covington and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author