IT Governance and ITAM
In the world of Enterprise IT, governance is top of mind. Regulations set forth by myriad governing organizations provide guidance to CIOs and CFOs on how to best track and manage digital assets within their organization. And in the wake of COVID-19 shelter-in-place orders, doing so is more critical -- and complicated -- than ever. Enterprises now face increased security risks, as employees use home networks to access work data, files and applications, thereby introducing potential network vulnerabilities via connected home devices. That's why it's important to have an outstanding inventory management system.
According to Roel Decneut, CMO of Lansweeper, not only is IT governance essential to the security of an organization, it has a direct impact on other key priorities including profitability. Without proper IT asset management (ITAM), an organization's IT footprint grows uncontrollably leading to security challenges, cost inefficiencies and management challenges. Unused or outdated devices can add to operational overhead, wasting resources and unduly inflating the cost of software licenses and services.
Nearly 66% of IT managers have an incomplete record of their IT assets, and of all the hardware and software assets in an enterprise, about 30% are considered "ghost" assets -- they're missing and can't be found. What's more, additional "shadow IT" -- IT infrastructure and services implemented without formal approval from the organization's IT department, will increasingly be funded by business units, which means IT governance at the corporate level will be even more critical for tracking and monitoring assets on the network, to protect against security threats and vulnerabilities.
"It's essential that companies have and are able to maintain a centralized, complete view of their IT Assets; or they will become liabilities to an organization's security posture and ultimate financial success"Roel Decneut, CMO of Lansweeper
ITAM is at the Core of IT Governance
Governance bodies that regulate enterprise IT strive to mitigate the risks and costs of neglected, outdated and vulnerable assets, and provide frameworks for defining how organizations implement, manage and monitor their IT infrastructure. Achieving certifications in these frameworks are milestones to organizational maturity. Many larger enterprises won't adopt technology from companies that do not have certain certifications, and failing to comply with data privacy mandates can result in hefty fines.
Some of the most important IT governance frameworks and regulations include:
- The Center for Internet Security (CIS) outlines 20 best practices dubbed CIS Controls™ that aim to address and prevent the most pervasive and dangerous enterprise security threats.
- ISO 27001 is an international standard that helps organizations manage IT asset security and provides a management framework for implementing an information security management system (ISMS) to ensure the privacy, integrity and availability of corporate data.
- The Information Technology Infrastructure Library (ITIL) is a set of detailed practices for governing IT service management (ITSM). This framework focuses on aligning IT services with the needs of business by defining processes, procedures, tasks and checklists that help organizations improve the value of their services rather than just provide IT capabilities.
- COBIT is a framework for helping businesses achieve key objectives for IT governance and asset management. COBIT 2019 offers guidelines for improving enterprise governance and management, particularly as more organizations are migrating mission-critical workloads to the cloud.
- NIST has a set of frameworks for various aspects of ITAM, including NIST SP 1800-5, NIST SP 800-53, and the NIST Cybersecurity Framework. All are designed to help organizations protect critical infrastructure.
- Data privacy mandates such as the EU's General Data Protection Regulation (GDPR) regulate how organizations collect and store individuals' personal data.
At the core of all of these frameworks is an essential activity -- creating a complete and accurate hardware and software asset inventory. This best practice is listed as a top priority in CIS, COBIT, ITIL (Information Technology Infrastructure Library) is a framework designed to normalize the selection, planning, delivery,... and ISO certification guidelines for one very obvious reason: If you don't know what you have, you can't manage or protect it.
CFOs and CISOs Share Responsibility for ITAM
Given the cost and risk associated with subpar ITAM, CFOs are now intimately invested -- and in most cases responsible for -- enforcing IT governance.
"CFOs need to understand how many assets the organization owns, whether or not they're being used, how they're being used, and how to maximize vendor contracts," said Decneut. "Having a single source of truth and an accurate record of all hardware and software assets, as well as details about how they're configured and who's using them -- and whether or not they require updates or need to be retired -- is essential to controlling IT spend and ensuring IT investments align with and support business objectives. This is no longer just an operational IT challenge"
That's where Lansweeper comes in. Lansweeper enables organizations to really know their IT, to see, understand and report on all of the hardware and software assets that exist on the corporate network. Lansweeper continuously scans the IT infrastructure and gathers information about all devices and all software on those devices, then creates a single, trustworthy, always up-to-date repository of that information, an asset inventory. A dashboard makes the information actionable, allowing teams to easily identify vulnerabilities and respond to security incidents. They can also create customized reports that can be used to identify where and when patches or updates are needed, or remove compromised devices from the network.
In this way, Lansweeper's technology is particularly valuable for organizations looking to operate according to the leading IT governance frameworks. For instance, the second CIS control specifies maintaining a complete, accurate asset library. The COBIT 2019 IT Process Reference Model outlines five asset management essential practices: identify and record current assets, manage critical assets, manage the asset life cycle, optimize asset costs and manage licenses. And asset management is essential for ISO certification, which is often required to be a viable and credible technology vendor in the market.
"Lansweeper's technology bridges the gap between organizational silos, and between lines of business and corporate IT, to provide greater control and oversight for supporting -- and complying with -- IT Governance initiatives. Key here is the ability to detect what is truly there, not just what you know was purchased."Roel Decneut, CMO of Lansweeper
The End Goal: A Productive Workforce
The year 2020 is upending business operations in many ways, and IT is at the center of the disruption. With more people working remotely and relying on cloud-based software services, cybersecurity, data privacy and IT spend will all continue to come under scrutiny. IT governance and ITAM is therefore an imperative, and organizations will be putting more effort toward this area moving forward. You can read more on this topic, in our Remote ITAM blog.
Leveraging technology like Lansweeper to create a complete IT asset inventory makes compliance with IT governance frameworks possible -- and that reduces risk and spend.
"Gartner reports that knowing the status of your IT assets at all times enables proactive management that reduces risk, reducing IT spend by up to 30%," said Decneut. "Perhaps more importantly, it ensures employees have secure access to the updated, operational digital assets they need to be productive and effective. And that's really the holy grail of effective IT governance."
In the second installment of this blog series, we'll take a deep dive into IT Governance for the Extended Security Perimeter and how Lansweeper links this into ITAM 2.0
To learn more about how Lansweeper's being used in the real world, read some of our customer success stories, which demonstrate how organizations such as Herman Miller, IHK Nord Westfalen and NHS Foundation Trust are leveraging our technology to know their IT.