If you’re anything like most of the population, you have more than a little trouble keeping track of your keys, wallet, and work ID, let alone your tablet, your work device, and your personal cell phone. Now, imagine you’re an IT manager whose job it is to know where every asset in your company is – every cell phone, every lap top, every remaining desktop, innumerable servers, and a few thousand tokens to boot.
The mind boggles, doesn’t it? For most, priority in IT asset management goes to things that move around like tokens, cell phones, and now tablets. Servers get a high degree of protection too, since they are the lynchpin of any organization. But IT managers seem to have classified desktops as fixed assets, like chairs, and unwittingly created a gaping security vulnerability.
Because desktops are always, well, on the desk, and not roaming about Capitol Hill, the perception is that they are sufficiently protected by firewalls. But, as CA’s Nate Rushfinn points out that given the volume of attacks launched against US government networks on a per second basis “unmanaged PCs represent the largest threat to our security. Firewalls simply can’t keep up with the job of protecting our networks. ITAM may not be sexy, but it is the new imperative.”
Rushfinn goes on to elaborate why IT asset management is so vitally important to cybersecurity:
In IT asset management, one thing is not like another. Over time our management systems have evolved in separate silos. The tools that manage routers keep track of the routers. It’s the same with desktops. Desktop management software collects the software and hardware assets, but none of these systems communicate. So, when the CFO asks for a report of all IT assets, the IT manager answers, “It depends.” He asks the CFO, “Do you want the desktops, the servers, or the network devices?” The CFO answers, “Yes!” meaning all of them, not realizing that there isn’t a single source that tracks all the assets.
That is the biggest tragedy of ITAM not being sexy—we miss out on the opportunity to have a management database of all our assets…
In ignoring, quite literally, the furniture, IT organizations are missing the mark in providing comprehensive level of cybersecurity.
Intrigued or ready to refute Rushfinn? Why not hop on over to his blog here… to read his entire argument.