Security 101

Beginner’s Guide to IT Asset Management

Companies’ IT infrastructures are growing more complex.  With the rise in remote work and bring your own device (BYOD) policies, organizations have a more diverse set of corporate devices and less visibility into how they are being used.  Additionally, mobile devices are increasingly targeted by cybercriminals, making it essential to apply updates and patches for vulnerabilities as quickly as possible.

IT asset management (ITAM) can help organizations to address these concerns.  By tracking and managing IT assets throughout their entire lifecycles, ITAM can identify when action needs to be taken for certain devices (updates, end of life, etc.) and ensure that an organization has full visibility and control over its IT assets.

What is IT Asset Management?

The first step in developing an ITAM strategy is to define what an IT asset is.  An organization’s IT assets include the company’s physical and digital IT systems, such as:

  • On-premise software tools
  • Cloud-based software apps
  • Computers
  • Desktops
  • Monitors
  • Smartphones/Mobiles/Tablets
  • Telephones
  • Routers and servers

ITAM supports these IT assets throughout their entire lifecycle.  From deployment and configuration to monitoring and management to upgrades and disposal, ITAM ensures that these assets are able to do their jobs and support the business.

Value of ITAM

An effective ITAM strategy ensures that a business and its employees have what they need to do their jobs.  Some of the key benefits of ITAM include the following.

Supporting Internal Teams

ITAM covers both the physical devices and software that a company uses every day.  An ITAM program ensures that team members have the tools that they need and that these assets are functional and able to meet business needs.

Without an ITAM program, an organization’s internal teams are likely responsible for managing their own assets.  This approach is inefficient and takes away focus from performing their duties.  By centralizing and streamlining the asset management process, the company achieves better efficiency and lower overhead.

Keeping Devices Safe

ITAM goes beyond ensuring that devices remain functional to securing them as well.  An organization’s IT assets can be exposed to a number of potential threats, and managing these is part of a good ITAM strategy.

For example, companies are increasingly investing in mobile IT assets (laptops, smartphones, etc.) to support expanding remote workforces.  Since these assets can be more easily lost or stolen, IT departments need to have solutions in place to track the locations of these devices and wipe the sensitive data that they contain if they are misplaced or stolen.

Asset Loan Management

Some corporate assets are owned by a certain user throughout their entire lifecycle, but this is not always the case.  In some scenarios, a user may only require temporary use of a particular asset, such as the loan of a corporate laptop for remote work or travel.

An ITAM program enables an organization to provide temporary assets to users, and track loaned assets across their life cycles from issue to return.  By centrally tracking these assets, the organization ensures that it has complete visibility into the assets that it owns.  Additionally, an effective asset loan program can decrease IT expenditures by enabling assets to be effectively shared as needed and eliminating the need to buy unnecessary systems in case they are required.

Minimizing IT Overhead

IT assets can be a source of significant expenditures for an organization.  While some of these assets may be vital to the business, others are not.

An ITAM program helps a company to keep costs low by ensuring that all assets are tracked and used and not wasted.  The visibility that centralized asset tracking provides enables the ITAM program to determine the organization’s actual IT needs and acquire and deploy enough assets to meet those needs without wasting money on systems and software that are never or rarely used.

Support ITIL Processes

The IT Infrastructure Library (ITIL) describes processes for effectively operating IT services.  Implementing ITIl processes helps an organization to streamline its IT operations.

ITAM is an essential component of ITIL.  An effective ITAM strategy and solution can help to support a few different ITIL processes including:

  • Incident management
  • Change management
  • Problem management

ITAM Best Practices

Implementing an ITAM program can seem daunting.  Following these ITAM best practices can help.

  • Establish Baselines: Fixing problems is an important component of any ITAM strategy, and it’s impossible to know if something is “wrong” without knowing what normal looks like.  By establishing baselines for an organization’s IT assets, it is easier to identify and respond to anomalies before they have a significant impact on an organization.
  • Define Metrics: Any ITAM program needs to be able to demonstrate clear value to the business.  A crucial part of accomplishing this is to define measurable assets and goals that you can report on.  A good starting point is the number of assets under management followed by a transition to focusing on improvements in cost, efficiency, etc.
  • Start with Critical Assets: Trying to start managing every one of an organization’s assets at once is overwhelming.  A better strategy is to start with the assets that are most important to the business and expand from there.  Define critical assets and get them under good management, then step down to less and less critical ones until everything is under management.
  • Seek Internal Support: An effective ITAM program provides significant benefits to the organization, but it also requires significant resources.  Before implementing an ITAM strategy, seek executive buy-in and champions to ensure that the program has the support and resources that it needs to be successful.
  • Track Full Lifecycles: IT assets can experience a significant event at any time in their lifecycles, such as the release of a new update or a vendor declaring end of life for a product.  Monitoring IT assets throughout their entire lifecycles puts an organization in a position to detect and respond to these events.
  • Keep It Simple: Managing all of an organization’s IT assets is a huge task, so it’s important to embrace simplicity where possible.  Instead of using a variety of standalone tools to solve different problems, select a solution that has all of the capabilities that you need to effectively manage your IT assets.
  • Conduct Audits Regularly: The longer that a potential problem (such as a lost or stolen device) goes undetected, the greater the possible harm to the organization.  Performing regular audits helps to identify issues and correct them early.
  • Automate Wherever Possible: The average organization has a number of IT assets, and, in some cases, rapid responses to events are critical.  Attempting to manage all of these devices manually is unscalable and unsustainable, making automation essential for effective ITAM.
  • Iterate and Improve: ITAM is a big task, and it’s unlikely that an ITAM strategy will be perfect on the first try.  Treat ITAM as an interactive process, soliciting feedback and improving based upon it.

ITAM Software – What to Look For

One of the most important components of an ITAM strategy is choosing the right ITAM software.  The typical organization’s IT assets are far too numerous to manage manually, making automation essential.  A good ITAM solution will support and streamline every phase of the ITAM process.

Some key questions to consider when evaluating ITAM solutions include:

  • Does it integrate with your service desk solution? Your organization’s service desk software includes a lot of information relevant to ITAM, such as issues raised by users.  These two systems should be integrated to provide a single, comprehensive view into the state of the organization’s IT assets.
  • How is the user interface? ITAM software should be designed to make asset management easy.  Is the user interface clear, concise, and easy to use?  If not, then the software may be causing more problems than it solves.
  • Can it manage software and hardware assets? ITAM includes management of both hardware and software assets.  An ITAM solution should be able to support both types of assets and the types of events that each can be expected to experience such as loss/theft for hardware or a need for a license update for software.

IT hardware asset management

As businesses evolve, their IT assets change as well.  This is most obvious with regard to hardware IT assets.  Over time, companies’ hardware assets have transitioned from mainframes to personal computers to the modern solutions of mobile devices and cloud computing.

An ITAM solution should be capable of managing all IT assets within an organization’s portfolio.  A couple of important questions to ask regarding IT hardware asset management include:

  • Can it manage all mobile devices? Mobile devices are becoming increasingly diverse as laptops are joined by tablets and smartphones.  An ITAM solution should be able to manage and meet the unique needs of all of these different types of mobile devices.
  • Can it manage cloud assets? Organizations are increasingly embracing cloud computing, meaning that assets previously deployed as physical devices may now be implemented as cloud-based services.  An ITAM solution should be able to support this new deployment model for IT assets.
About the author

Norman Gutiérrez

Norman Gutiérrez is our Security Researcher at Prey, one of the leading companies in the security and mobility industry, with more than 8 million users worldwide. In addition to this, Norm is Prey's Content and Communication Specialist, and our Infosec ambassador. Norm has worked for several tech media outlets such as FayerWayer and Publimetro, among others. In his free time, Norman enjoys videogames, cool gadgets, music, and fun board games.