As IT practitioners we all understand the importance of high practice levels of asset management for both client hardware and client software. It seems somewhat surprising that as we enter the 2010 technology refresh cycle, the same challenges and issues seem to be coming back as the Windows 7 deployment takes shape.
Before we delve into these details, again I must state that the content and opinions expressed on this blog are mine and does not represent that of my employer.
Client asset management is important for a variety of reasons chief among them - security, compliance, cost, and a host of lifecycle elements. Being in the client business for a while, it seems as though many companies are still struggling with developing the business case to support investments in asset management. I hope to have your thoughts and opinions on this as well. Is Windows 7 deja vue for Y2K in asset management?
Regardless of what industry you are in or markets you serve, we are regulated. Whether it is SOX, HIPAA, consumer protection laws, SEC, you name it - the pressure on our businesses is to protect our information, intellectual property, and our employee information. We implement counter measures ranging from password, dual level authentication, Lojak(TM), DoD three pass wipes to biometrics and encryption. Despite this, many businesses do not relate asset management to security. The risk may not necessarily come from the devices on your network, but from those devices in transit, off the network, lost or stolen that remain unreported because we simply do not know where they are. I often find it interesting that many companies have very good practice levels for patch management, but low(er) levels of practice for asset management.
Windows 7 will once again highlight what we don't know about our installed base. In this technology refresh cycle, will the problem be addressed? I am not sure. When a business case is requested, the warning signal goes up that the logical linkage of asset management as a security issue has not been made. If the counter measures protect only what we know is on the network, and if we know that the trend is for increased mobility, then the problem is a tighter level of asset management, not less. Windows and Intel with VPro are solid examples where as attributes of the platform decisions, lifecycle management can be influenced considerably. The number of mature third party tools are available in the marketplace.
In the past by the way, we blamed the tools and ignored the lack of adherence to process and governance; the regulations should have placed us in a better state of awareness. I am not sure that it has. What has your experience been?
If the dialog is expanded to access devices in general which could then include handheld devices/PDA's, smartphones and home PC's we add complexity to an already significant issue.
Companies have more recently viewed virtualization as one of the technologies which can address client asset management. Virtualizing the desktop will address these types of asset management issues. Certainly, the net books and diskless devices have the virtue of solving the requirement for asset management. Security should be one of the key drivers of adoption in this area.
Other business have explored BYOC (Bring Your Own Computer) as a strategy. My opinion on BYOC is that without virtualization it will add cost and negatively impact security. Businesses must still account for any asset that may have corporate information. It is a "nice try" to pass on the liability, but at the end of the day, it likely does not reduce the risk.
In looking at cost we know a couple of learnings from Y2K and subsequent refresh cycles. Asset management reduces the cost of the refresh for a few reasons. First, understanding the aging of the devices and locations make it easier to secure and return devices. Second, the question used to be- how many PC's per employee, now the question is how many access devices per employee. Asset management will enable user segmentation so that you as a business can manage the portfolio of products, service level, risk and cost.
We have all observed annecdotally in the recession that the number of software audits increased. Software asset management is a must in today's businesses in my opinion. If you believe in ITIL, chances are you endorse the centralization of asset management.
The final point I would like to make is that the trend in this refresh cycle is to centralize many of the practices which includes asset management as well as the PC budgets in many businesses. This is logical since the tight set of economics that we are all dealing with requires a focus on our core competancies. Departments, business units, and other divisions may not and likely do not have the staff, tools or headcount to perform asset management.
Asset management may not be the most exciting topic we discuss in our blogs (and with our management) but it remains the cornerstone upon which most of the lifecycle elements are based. Depending on which industry consultant you embrace, there is a wide range in percentages that asset management will address in terms of costs- it is compelling. However, to focus solely on cost is likely missing the point, my opinion is that asset management is a requirement.
Windows 7 will once again highlight where we as an industry are in our understanding of the implications of this practice.