I am a frequent visitor to the busy outlet of Jason's Deli (in my mind, one of the best-managed chains in the food business). A few months ago, I came in at lunch and tried to use the automated kiosk to order the salad bar. The kiosk software was not running, and I was able to see the underlying Windows logo -- XP. The idea of processing credit cards on an unsupported XP machine is not one that promotes sound sleep. Fortunately, management resolved the issue in a few days, once the company realized the problem.
Jason's Deli, despite being well managed, was caught off guard by the same issue that plagues most businesses I have encountered, both large and small: the inability to track and manage the computing assets.
This is not a new issue. The problem began with the deployment of the PC in the business world. In those days, we were installing them as quickly as possible, without any provision for tracking or centralized management. The growing complexity of office networks, and the related deployment of large numbers of network devices to locked closets, has made matters worse.
We got away with poor asset management until the organized hacking world discovered that it could use this inability to its advantage. Thus, even small businesses today have numerous vulnerable computing devices and software packages, and most have no means of tracking either the hardware or software, or assessing the related risks. We pay the price via network penetrations and data breaches.
Most companies I talk to today understand that they have created an asset monster, but they are not sure just how to tame it. This is understandable, given that it is not an easy problem to solve.
I learned this first hard when I took a job with a well-run software company a few years ago. At my arrival, Microsoft had discovered via audit that it had accidentally under-purchased Office licenses. The software company had been compelled to purchase an expensive asset management appliance, which it was getting ready to replace, because it could not get Office to work. Microsoft was also insisting that the software company sign an expensive Enterprise agreement.
I was able to make the company's asset management system work, and get Microsoft satisfied. What I discovered, however, when all licenses were accounted for, was that, in the process of correcting the issue, the software company had well over-purchased licenses. An expensive proposition either way.
Hopefully you recognize that you probably have an asset management problem. Now, let me suggest the three reasons that solving it should be a priority for you:
1. Unsupported systems, big risks
Windows XP has been unsupported for some time, and 2003 is right behind it. Like Jason's Deli, most organizations have no way to even quantify their number of unsupported systems. As hard is that is to sort out, however, it seems that the hacking world is not similarly constrained. It seems to have no problem zeroing in on these systems as part of an attack.
While PCs and servers present a major problem, the issue of unsupported network gear may be worse, particularly in the small/medium business world. As I suggested in"The firewall -- has the 'magic' box lost its mojo?", network vendors often drop support for a router, firewall or access point model quickly, in favor of a new one. This often leaves the old models unsupported. I have found that it is not uncommon to find network equipment on store shelves that are already unsupported. A network device that no longer receives firmware updates is an invitation to security trouble. Asset management gives you some visibility into these issues.
2. Untracked software
Not many years ago, vendor audits of software licensing was making the news, with many companies ending up in court. While our cybersecurity woes have pushed this news off the front page, vendors are still auditing companies, and finding their licensing practices to be wanting. The financial and legal ramifications remain significant.
These is a deeper issue with software, however: the presence of unsupported software with known vulnerabilities. As a recent example, Apple discontinued support for QuickTime for Windows, just as a major new vulnerability was found. Could you easily figure out if any workstations on your network were running this, or any other unsupported software? You cannot secure your software unless you know what versions are running on each system.
3. Equipment life cycle
We all like to think that systems will run forever, but sooner or later, reality will set in. You arrive at the office one morning to find a key application down, investigate, and find out that the system on which it ran was 8 years old and died overnight. According to an Intel study, older PCs are more expensive to repair or replace than newer systems. Equipment life cycle is something you need to plan, and not something that should suddenly turn into a crisis.
If you are convinced that you need to begin tackling your asset problems, here are some products that can help:
- NMAP -- This is a good, free tool for discovering equipment on your network.
- Dell KACE -- A good (albeit expensive) asset management appliance, also offered as a service.
- ManageEngine AssetExplorer -- A more affordable software-based asset management system.
Bottom line: You will face your asset problems sooner or later. Why not do it on your terms?
This article is published as part of the IDG Contributor Network. Want to Join?