IT asset management (ITAM) risks are common and potentially exhausting. From data security to local legislation compliance, the risks to assets and organizations are widespread.
Similarly, there are also contextual considerations. Political, social and economic issues and changes can present problems for an ITAM team. We can look at the recent US sanctions against Huawei, a whole array of organizations (such as Google and NASA) banning Zoom and concerns over the influences of Big Tech - contextual issues often can affect IT asset management because of security concerns or political challenges.
Businesses need to be better prepared to deal with these problems, manage their assets, optimize lifecycles and achieve secure asset disposition. So what are the current IT asset management risks? What are the risks of our ‘new normal’ - remote working and social distancing? How can ITAM teams prepare themselves?
- Common IT asset management risks and potential solutions
- The impact of COVID-19 on IT asset risk management
Common IT asset management risks and potential solutions
Over time, organizations have been met with many similar challenges to IT risk management. They're general and common enough to be experienced both now and in the future. Below, we’ve compiled several common issues facing ITAM teams.
A lack of visibility
Many organizations, usually at enterprise-level and with countless assets under their control, will have a distinct lack of visibility on these due to the sheer number of assets.
A lack of visibility is like driving while wearing a blindfold. Not only does it leave IT asset management professionals unsure of what they have to protect from risk, leaving endpoints potentially vulnerable, but it also means data management and disposition is much harder to achieve compliantly.
Organizations of any size need to create an accurate list of all assets and develop a physical asset hierarchy that considers the risks associated with each asset type. For example, an LCD monitor is low-risk because it doesn't hold data, but a hard drive will be high-risk because it does. Similarly, assets with data owned by the corporate legal department may be deemed more sensitive than another functional area of the organization.
This kind of risk evaluation can also be approached by determining how a specific risk would affect an asset and the organization as a whole.
A lack of lifecycle optimization
Asset lifecycles are important considerations for IT asset management. Businesses should consider how to get the most from their IT assets before retiring them; not only from an environmental perspective but to also ensure you are able to capitalize on your asset’s full financial potential, by understanding the value recovery ‘sweet spot’ of that particular hardware.
Operating below the full potential of an asset means an organization isn't achieving the full ROI of the software or hardware.
Similarly, when thinking about compliance - is the technology used in a fully compliant manner by end-users? Have they been educated about proper use and data security? Optimization can be seen as holistic, not only targeting how financially viable an asset has been or can be, but how well it is being used. If data breaches are costly, then surely lifecycle optimization should cover risk, best practices and security as well?
Retiring IT assets is also a major part of an asset’s lifecycle. Many professionals assume that once an item is ready to get rid of, that is where the responsibility ends. This isn’t the case, as many data risks and compliance issues happen after an asset has left the premises.
IT asset disposition (ITAD) is a methodology in itself. When businesses utilize it or work with experienced partners that can provide it, they benefit from remaining risk-free even when those assets are no longer in use. You should optimize use within a lifecycle and also end-of-life processes.
Incorrect risk management
Asset management requires four things:
- Operation and optimization of assets
- Asset maintenance
- Management of risks associated with ownership
- Management of risks associated with use
The latter two require asset management professionals to plan for asset assessment and identification, as well as management and control. Essentially, what it is and how it should be used with evaluation completed on an asset-by-asset approach.
When done incorrectly, it means a risk management process might be assigned to the wrong asset or a specific process might not meet the requirements needed by that asset and the data it contains.
To properly manage risk, businesses must assign context to the asset (what it is, what it does, what it contains) and then assess risk based on those parameters. Only then can a proper risk management strategy be put in place.
The impact of COVID-19 on IT asset risk management
When the COVID-19 pandemic first impacted the world, many office-based employees were forced to work from home, which resulted in a huge amount of asset relocation - mainly devices such as laptops, hard drives and monitors.
While the initial rush of bringing countless assets online remotely is over, there are important practices regarding a business’ ability to track, deploy and relocate both hardware and software.
- Asset tracking and identification: With remotely used assets, the ability to track and identify assets, their type and where they're located is more important than ever. It’s also crucial to determine which type of data is available within those assets and how that data is being protected.
- Optimizing end-of-life hardware: In most cases, old laptops and other devices will be disposed of and new hardware provided. However, this is more difficult in remote settings. ITAM teams have been forced to leverage hardware that was potentially at the end of its life, getting extra value from those assets as temporary solutions to the need for hardware. This might include updating operating systems or repairing physical parts that have broken.
- Taking full advantage of tools to secure continued operation: Tools such as software patching, antivirus and other useful processes can help to validate the operational status of assets, maintaining that they’re still under an organization’s ‘net’ of control. ITAM teams can consistently check their inventories against these tools to discover issues that have arisen, which may come about more often when operated outside of a business’ network.
Another key consideration for ITAM teams is asset disposition - what happens when assets reach the absolute end of their lives and must be disposed of?
As people were sent home, questions were raised about data security, vulnerability and theft. Similarly, sensitive information was potentially downloaded to personal devices as some organizations may have been unable to meet the demand for allocating computers.
Other companies have either been forced to downsize or made a switch to using personal devices, meaning they’re left with surplus assets to deal with. Employees may be unsure of what to do with obsolete hardware when working remotely. There were even more immediate concerns with cleanliness, as some companies begin to physically sanitize hardware with cleaning materials such as alcohol wipes - although the risk of COVID transmission was found to be very low by the CDC.
ITAM teams need to delineate a clear process for what should happen with asset disposition to ensure the risks associated with improper data management are dealt with. Similarly, updates should be given to employees quickly and effectively if there are any ITAM or ITAD policy changes.
Another main challenge is in enabling ex-employees to return assets they have been using. It’s not always straightforward returning equipment such as monitors, laptops, mobile and peripherals securely - especially when under local lockdown restrictions. Solving that challenge is something IT logistics companies and ITAD providers can help with.
Underpinning all of this is the relationship between IT asset management and IT asset disposition. To understand this relationship further, watch our informative webinar.
Why ITAD matters for ITAM
What are the long-term drivers for ITAD and ITAM? What’s the current operating environment like? How can you utilize ITAD to expand the realm of ITAM’s influence? Where are the hidden risks?
We answer all of these questions in our webinar, ‘Why ITAD Matters for ITAM’, as well as delving into use cases, alongside ideas regarding sustainable IT and remote working. To register for the webinar, just click the button below.