Cybersecurity Blog | Compuquip Cybersecurity

What is IT Asset Management (ITAM) & Why is It Important?

Written by Eric Dosal | April 9, 2020

Your IT assets come in all shapes and sizes. From the obvious (computers, routers, and other physical equipment) to intangible software assets, most modern businesses couldn’t function if they didn’t have access to these systems. However, the sad truth is that most modern organizations have no clue what IT assets are on their networks, let alone follow the best practices for managing them.

What is IT Asset Management?

If you were to ask three different experts what “asset management” means, you’d get three (or possibly more) answers. The role and purpose of IT asset management (ITAM) may change from one person to the next.

Some might say it’s “getting the most value of out a business’ assets.” This isn’t technically wrong, but it’s not why ITAM is important for your IT network components. Others might say that an ITAM process is “inventorying all of the assets on your network,” which would be a partial answer, at best.

A more complete definition would be an all-encompassing program for tracking what assets are on the network, verifying that each asset is up-to-date with any security or software patches, as well as ensuring that each asset on the network is sufficiently protected and properly configured. It’s also an ongoing process—one requiring continuous vigilance on the part of your IT department (or managed IT/security services provider) as you monitor your asset lifecycle to rotate out old hardware and integrate new equipment.

Basically, IT asset management is a lot of work—which may explain why so many companies fall behind on this critical task. But, the importance of asset management for your company’s IT components cannot be overstated.

Examples of IT Assets

The increasing complexity of network systems can make it difficult to distinguish what counts as IT assets. When organizations confined their technology stack to a single data room that hosted internal servers, the distinctions were easy enough to make. Today, however, seemingly every aspect of a business could potentially fall under the broad umbrella of IT assets. With that in mind, here are a few general examples of what companies generally think of when it comes to inventorying and managing IT assets.

Infrastructure Hardware

This category includes the hardware typically associated with network systems managed by a dedicated IT department. Examples of these assets might include routers and switches, network inspection devices, physical servers, and data centers.

In-House Software or Applications

Any programs written or designed by an internal team that are wholly owned and controlled by the company qualify as IT assets. These programs are distinct from cloud-based software or licensed software.

Software Licenses

This category applies to any program or application a company has purchased a license to utilize. Critically, the asset here is the license, not the software.

Infrastructure Lease Agreements

Much like software licenses, the leasing agreements used to access third party infrastructure (such as a colocation data center) are often treated as IT assets.

Company-Owned Devices

Any computers or other hardware devices that interact with the company’s IT network are considered assets. Employee-owned devices, however, would not fall under this category. A company-issued laptop, for instance, counts as an IT asset, but an employee’s personal smartphone they utilize in the course of their work does not.

Digital Data

Today’s organizations amass and utilize huge amounts of data from a variety of sources. Many companies are treating data as a key IT asset that must be valued, managed, and maintained throughout its lifecycle just like any piece of hardware.

Managing IT Asset Lifecycle

Most assets, whether they’re physical or intangible, are only useful for a limited time before their value begins to diminish. This period is known as its asset lifecycle, and most ITAM practices break it down into a series of stages.

Planning

Assets don’t just appear out of nowhere. Even intangible data assets are obtained after a period of planning that lays out what assets are needed, how they will be obtained, used, and funded.

Acquisition

An asset can be obtained in a number of ways, including building, buying, leasing, and licensing.

Integration

To get the most value out of an asset, it needs to be integrated into an existing IT infrastructure so it can interface with other assets to generate increased value.

Maintenance

Assets require ongoing care and attention throughout their lifecycle in order to deliver ongoing value. Typical maintenance includes repairs, upgrades, and updates that extend their usefulness over time.

Retirement

Sooner or later, assets begin to deliver diminishing value. When the value is no longer greater than the cost of replacing the asset, the time has come to dispose of it and transition to a replacement solution.

6 Reasons Why IT Asset Management is Important

There are numerous benefits of IT asset management software for businesses—and potential pitfalls for failing to have a comprehensive hardware asset management process in place. Some reasons why ITAM is important include:

1. Improperly Managed Assets Can Become Cybersecurity Vulnerabilities

Failing to track what hardware and software assets are on your network means that there may be weak points in your network that you don’t know about. This was the case in the 2014 JP Morgan Chase data breach. According to an article by Reuters following the breach, the breach “JPMorgan’s security team had apparently neglected upgrading one of its network servers with the dual password scheme” that had been applied to other servers. The forgotten server became the entry point for attackers who then stole the data of roughly 83 million JP Morgan Chase customers. Had this hardware been tracked and kept up to date with IT asset management software, the breach could have been prevented.

2. Obsolete Assets Can Negatively Impact Workflows

Not knowing what assets are available to your employees can have a negative impact on their work. Obsolete equipment on the network could be causing slowdowns for critical business apps, or otherwise negatively influencing user experience. Tracking asset lifecycles and finding ways to safely upgrade or replace them can help improve productivity.

3. Not Knowing Your Single Points of Failure

Redundancy is crucial for creating a stable and reliable network where employees and customers alike can get the resources they need from your IT assets when they need them. Without a solid map of your network infrastructure (something you’d create as part of your ITAM process), it can be hard to know what your network-breaking “single points of failure” are and how you can fix them to ensure business continuity.

4. IT Asset Management Can Be Crucial for Regulatory Compliance

Numerous industry regulations are nearly impossible to follow if you don’t have a comprehensive hardware asset management process. Take, for example, the EU’s General Data Protection Regulation (GDPR). Part of GDPR compliance is giving “data subjects” the “right to be forgotten.” If you don’t have a complete picture of all the assets on your network, including the data you hold about people, how can you ensure that you’ve removed any data that you have stored about a person? The truth is that you cannot. There may be a backup, a random workstation, or another asset with that data you aren’t supposed to have on it, and you wouldn’t know without a comprehensive IT audit. This, in turn, could lead to a compliance violation with a massive fine attached.

5. Incoming Assets Need to Be Properly Tracked and Accounted For

Businesses are constantly phasing out obsolete hardware as it reaches the end of its asset lifecycle and introducing new equipment to the network—often far more frequently than they might assume. Failing to keep track of new IT assets or to account for the removal of obsolete ones can lead to inaccuracies in the network architecture map, wasted time/effort spent looking for missing components, and gaps in your cybersecurity protections. Having an IT asset management tool in place helps you keep track of changes so you can avoid these problems.

6. Outgoing Assets Need Proper Disposal

IT asset disposition is a major concern for regulatory standards such as payment card industry data security standard (PCI DSS). If an asset ever held any kind of sensitive information, that hardware’s storage drive needs to be carefully cleansed of any trace of that data—or destroyed beyond any reasonable hope of recovery. IT asset management software can account for the disposal of equipment in a documented process that ensures that your sensitive information cannot be recovered.

Why You (Still) Need an IT Asset Audit

Even when you have a comprehensive and well-executed IT asset management system in place, it’s important to carry out an IT asset audit from time to time as well.

Why?

Because, even the best-laid plans can fail from time to time—letting things such as employees’ mobile devices or other small and frequently-changed items slip through the cracks. IT asset audits can help you identify network components that may have been improperly documented for one reason or another so you can have a complete picture of your network.

Need help setting up IT asset management software in your organization or just want more information? You can contact the experts at Compuquip, or download our guide to IT practices that might be putting your business at risk at the link below: