• Search

• Categories

  • Change Management
  • Company News
  • Industry Observations
  • Information Security
  • ITAM (Asset Management)
  • ITIL and Service Management
  • RFID
  • Software License Compliance

• Recently Written

  • Managing mobile assets – making it part of your ITAM program
  • Keep an Eye on the Hardware Lifecycle
  • Managing mobile assets – bills
  • Managing mobile devices – email addresses
  • Managing mobile assets - contracts
  • Managing mobile devices - applications
  • Managing mobile assets - SIM cards
  • Managing mobile assets – risks
  • Retiring software assets
  • Quick tips on keeping software licenses organized & updated

• Blogroll

  • Miro Consulting

• Subscription

  •  Blog Articles
  •  Subscribe by Email
  • 

• Archives

  • July 2010
  • June 2010
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • February 2008
  • January 2008
  • December 2007

• Members

  • Log in

Lifecycle costs and overpaying for assets is a common problem in IT, but one that can be easily solved. Once it is solved, you, the IT Manager often wonder, “Why didn’t we do this sooner?” It’s the same old story - you get this huge bill in the mail and have absolutely no idea why it’s so high, what you are paying for, and whether you actually need everything you’re buying from your limited budget. IT Asset Management seems like such an obvious choice for any organization with more than 10 employees.

Fast forward 6 months to your newly structured organization with ITAM processes in place. You’ve reduced your costs by reusing equipment with useful life remaining instead of buying new.  Maintenance costs are only incurred on equipment being used, not on assets that have been disposed of during the ITAM process. Your organization is also 100% sure that you are in compliance with all of your software vendors and regulatory bodies. In addition to all of these cost savings and reduced risk, you’ve increased security and costs are being charged and tracked accurately, whereas prior to your implementation of ITAM you were paying for assets you didn’t even have.

So, are you asking yourself - why haven’t I thought of this yet?

Enterprise Strategy Group just completed a report called “2008 IT Service and Infrastructure Management Survey” that had some interesting results - most IT Managers expect to deploy more automation technologies and adopt best practices frameworks in response to the growth of virtualization, service-oriented architecture and Web 2.0 technologies. Of the 602 respondents for the survey, three-quarters agreed with this statement.

Even more interesting was that a majority of the respondents that were considered “highly effective” IT organizations have either deployed IT management workflow automation or are planning to. Those with automated IT asset management tools were seen as “highly effective IT environments.”

Surely, this should mean something. With new technologies like Virtualization, IT asset management is only going to get more complex. Putting automated systems in place and getting your assets in order is vital to having a productive IT environment.

Security professionals often face challenges from both ends of the stick — internal audit staff and external auditors. Further straining this relationship is the Qualified Security Assessors (QSAs). Although this sometimes can seem as a threat, my advice is to make nice - it will benefit both your and the QSA’s mission, and make the whole process go more smoothly. When the QSA comes into your organization they are looking for a few things: that each of your controls work as intended, that all risk has been identified with appropriate controls in place, and that you have documentation that all actions were carried out properly.

Additionally, here are some tips about working with auditors for those of you out there who will go through this process:

1.       Document everything - from measures to reduce risk AND when you decide to accept risk

2.       Embed controls and control objectives in the security architecture

3.       Don’t get “cocky” - don’t overstate or underestimate the degree of confidence you have in your controls and mitigations. If you over exaggerate in one instance, the auditor will second guess everything.

← Previous Page — Next Page →