Building a Comprehensive IT Asset Management Strategy
Gartner offers recommendations for reducing audit costs and risk.
Welcome to our three-part blog post series on achieving real-time asset management. Here, in part one of this series, you’ll learn how to build a comprehensive asset management strategy. Next, we’ll explore the role real-time IT asset management plays in driving service innovation and business value. In blog post three, you’ll get a customer perspective about how this new approach solves the age-old problem of managing, tracking and securing IT assets. First up: an interesting perspective from a Gartner Research report, Reducing Audit Costs and Risks with a Comprehensive IT Asset Management Strategy.
More audits are coming. Is your asset management program up to the task?
Asset audits are on the rise. According to Gartner, by 2024, the number of enterprise internal and external hardware and software asset audit requests will increase by 100%, up from approximately two and a half to five requests annually. The reasons for audit requests vary and the requestors can be internal stakeholders or external sources, such as software vendors seeking to validate license compliance and a broad range of government agencies. Here are some of the most common types of audits and sources:
|
Types of Requests |
Types of Audits |
|
Internal |
Finance |
|
Contract Compliance (licensing) |
Vendors |
|
Information Controls |
HIPAA, GDPR |
|
Financial Requirements |
SEC |
|
Security |
PCI, NIST, Local State or Federal Government |
|
Legal |
OSHA |
Source: Gartner (April 2019)
Given all the time it takes to conduct an audit—and all the asset visibility gaps that organizations are dealing with—audits can be a drag on IT resources and morale. But audit noncompliance can be much worse—exposing the enterprise to cybersecurity risks above all, but also to fines, ongoing labor requirements, and lost productivity.
In Reducing Audit Costs and Risks with a Comprehensive IT Asset Management Strategy, Gartner analysts Tim Zimmerman and Ryan Stefani highlight three primary challenges when creating an effective asset management strategy:
- IT asset management programs that only address IT assets on the network are insufficient to enable sourcing, procurement and vendor management leaders to effectively address audits that encompass all IT hardware, regardless of network presence
- Devices installed by the facility management team or a line of business (LOB) organization are not being discovered, properly secured or managed, and are placing the organization in noncompliance
- Organizations waste millions on standalone asset management tools and nonexistent processes that do not provide an end-to-end solution or address what they need if they are audited
Facing asset audits with confidence
A comprehensive asset management strategy can minimize noncompliance and take much of the costs, risks and exasperation out of audits. It can make information gathering much faster and more complete, while minimizing errors and satisfying multiple stakeholders—everyone from finance, lines of business and facilities management to external regulatory bodies.
In that same report, Gartner also offers some key recommendations when it comes to creating a comprehensive asset management strategy:
- Verify regulatory commitments, asset usage terms and licensing conditions are met for internal entities or external agencies that may request an audit
- Define the governance scope of asset management by including line of business technology, facilities, devices and all other data-generating hardware (like IoT devices) that provide value to the organization as part of the total process
- Expand ITAM activities from siloed, incomplete processes to address the complete life cycle of all hardware components and software tools by also addressing non-network-attached and high-risk asset scenarios
What many people are discovering today when deploying the Forescout platform—besides a lot of assets on their networks they didn’t know they had—is that it can be instrumental in fulfilling these recommendations. The Forescout platform can provide the functionality and intelligence to make a comprehensive asset management strategy—and effective implementation—possible.
The platform’s ability to discover and profile 100% of the IP-connected assets on extended enterprise networks and its integration capabilities with leading ITSM solutions such as ServiceNow® go a long way toward automating the process of asset management and audit compliance.
Now, imagine you can move forward with confidence when audit requests come your way. For a solid overview of the importance of working within a comprehensive IT asset management strategy, get the Gartner report.
For more information on the Forescout platform, including what a real-time IT asset inventory and continuous device visibility can do for your organization’s business and security operations, get the Forescout white paper here.
In our next blog post, we’ll expand the discussion beyond asset audits and cover the business benefits of using continuous device visibility for real-time asset management.
