Asset-management

How to get started easily with Asset management

Mikael Korsholm

• 10. JUNE 2020 • READ 6 MIN.

Keeping track of all your IT assets in a company can be an overwhelming task. It includes laptop computers, desktop computers, mobile phones, cloud services, and much more. This challenge is precisely what Asset management is trying to deal with. In this blog post we will give you an introduction to what asset management is, followed by a hands on guide on how to get started with asset management in your company. 

What is asset management?

In short, asset management is a system used for keeping track of which IT assets are included in your company. I.e. which computers you have connected, which software applications are installed on these, and which cloud services you are using. This also makes it possible to ensure that only approved services and applications will be used on the employees’ company owned computers. It is important to point out here, that asset management doesn’t involve the employees’ use of these assets, but only whether or not they are connected. Thus, it would be possible to see if the employee has Word installed, but not whether the employees is using this application. If you are interested in such a system, you should have a Log management system instead. 

What do I need that for?

Before proceeding to the implementation of asset management I will give you three good reasons why this initiative should be prioritized: 

  1. It does not take a large resource investment, which makes it a kind of low hanging fruit” for many companies.  
  2. With the implementation of Asset-management you can sleep safely knowing that none of your employees installed a slice of Limewire on their company owned computer.   
  3. You will get a good overview of your IT assets, which can be used to successfully implement a Log management system. 

Having discussed those good reasons, let’s proceed and look at the implementation of Asset management and which role a system like this could play in your IT security setup. 

Asset management vs. log-management

Should you have log management or asset management then? Fortunately, you do not have to choose between them, as these two types of systems complement each other very well. In our experience working with Log management, we’ve found that it is a really good idea to start off this process by implementing asset management, because this is where you find out which sources you want to log data from. Without asset management you run the risk of overlooking some of the sources you want to log data from, when you’re implementing log management, and thereby not log all the relevant data. Log management can enrich asset management in the same way, as the implementation of log management can help identifying the different cloud services that should be registered as assets. 

What does it take?

Now we know that asset management can help keep track of both your physical and digital IT assets, but what does it take? In short, it only takes time. Different systems exist for this task, but the system we will be reviewing in this blog post, which is the one we use ourselves, can be used completely without payment. The price will be the time it takes to implement the system. Before you get started implementing Asset management, it is a good idea to create an initial overview for yourself over which online services your company is using, as the system cannot scan these automatically.

How do I get started?

The first step in this process is of course to create a user on the system we will be recommending in this blog post, which is SpiceWorks Inventory.

This system needs a server to run on, which naturally you may have to handle yourself, but if you want to avoid this, SpiceWorks also has a Cloud solution, where they take care of setting up a server. If you have different locations, these can be set up as “Remote Sites”, which is necessary to run the scannings, that we will be addressing later in this blog post.

Agents

The agent should be installed on the asset, but from there on you can follow the asset outside of your working environment. This means, that it is a good idea to install an agent on mobile devices, such as a laptop computer, that the employee might take home. You can simply download the agent from Spiceworks and install it on the different assets. When the Agent is installed on the device, it will review the applications installed on the computer drive and then add these applications to the SpiceWorks system. Unfortunately, SpiceWorks’ agent only exists for Windows machines, so Mac or Ubuntu machines should be registered using scanning instead.

Scanning

Scanning works quite simply through your network at your workplace. Because of this, it can cover all the assets that does not leave the workplace and those not fit for having an agent installed. This process covers what cannot be registered through an agent. Naturally this type of registration requires a bit less administration, as agents should not be installed on individual devices, but it takes more work identifying the different devices correctly.

Online assets

The registration of which online assets are being used is a bit more challenging than the registration of applications already installed. Installed applications registers automatically by either the agent or the scanning reviewing the computer drive and thereby registering everything installed on it. But finding out which services are being accessed, instead happens by scanning the browser history for URL’s which you can define yourself. If I for instance know that we use Office365 in our organisation, I can ask the system to look for part of the URL, which contains ”Office”. After this I will be able to see if the different assets have visited such an URL. Though this also means that if I, as the IT manager, is unaware of an online cloud service being used and therefore have not input the URL for it in SpiceWorks, I will not be able to see if this service appears on the IT assets of the organisation. This is an example of one of the advantages of having both Asset management and Log managent. In a case like this, you would be able to see in the Log management system, that the unregistered cloud service had been accessed, and then ask our Asset management to look for this, and thereby see which devices have accessed the service.

What now?

When you have registered all of your company’s assets and registered which cloud services to look for as well, you should have an overview of both your companies’ physical as well as digital IT assets. From here on, as mentioned earlier, you will have a nice, transparent overview of whether or not your colleagues are using applications or services that have not been security approved. In the future the maintenance of the system will only consist of installing new agents on new assets as well as registering new cloud services, that you choose to use.  I hope this blog has made Asset management seem like a doable task, can be implemented in your organisation. Often it can be a ”low hanging ” fruit in a way, due to the resource demand being so low, and because you build up an overview through the implementation process, which should be a part of any strong IT security setup anyway.

Do you want to be kept up to date on IT security?

Comments are closed.