There is an old saying that you can’t manage something unless you can measure it. Asset discovery can provide you with accurate and up-to-date data and information about everything you use in IT. You can then develop metrics using the data from asset discovery, which can give you a lot of useful information about the assets that you own, who is using those assets, and how they are being used.
Asset discovery provides the capability to provide visibility of all IT equipment located within an organization’s IT estate using limited or no human interaction. Asset discovery enables the automatic capture of physical, virtual and cloud infrastructure – including any changes. This ensures your data integrity.
Most organizations start to discover information about their assets by manually maintaining a list of the devices and components (in the context of discovery these are known as ‘assets’) in a shared document such as an Excel spreadsheet, making changes whenever a new asset is added, deleted, or changed. A manual process without asset discovery may be manageable when the size of an organization’s IT estate is relatively small and straightforward. However, this method becomes increasingly challenging as the organization and its use of IT grows. Manual capture and updating of data and information without automated asset discovery is time-consuming and prone to error, resulting in assets where the information kept is incorrect, duplicated, or missing.
Having a full understanding of all assets with continual discovery is fundamental to the effective and efficient management of IT. This is critical to operational processes, but also to IT security, as lack of visibility or knowledge of assets connecting to the organization’s network can create potential security vulnerabilities. Hence using good practice asset discovery is essential to just about every organization.
What Types of Asset can you Discover?
Asset discovery can automatically capture information on just about every type of physical, virtual and cloud item used in the delivery of IT. The data captured by asset discovery can be at a high level, for example, discovering a PC asset but also at increasing levels of detail within that high-level asset, for example, network cards, firmware, and configuration information. Asset discovery is particularly useful at discovering information about assets where physical inspection is difficult, either because the asset is in a remote location, or because it is physically contained within another asset. Here are some examples of these types of asset, where asset discovery is invaluable to any organization:
Networks are critical to every organization, linking users to the assets used to operate IT and to each other. Yet many organizations have found it very challenging to discover detail about all of the network-related assets that are involved. This can easily lead to service issues when there are failures in network assets, and a high level of risk to the organization, especially security risks, as nobody has the ability to discover how the assets work together. Corporate networks are now highly complex, especially since the networks used to connect the IT environments have expanded and exploded in size to include cloud, virtual, personal, and mobile devices. Trying to discover what assets makeup such a dynamic and complex network infrastructure is challenging, especially as it is now commonplace for devices to routinely connect, disconnect, then reconnect to network assets.
Asset discovery tools can help by automatically scan both the network components and the traffic between them, identifying possible assets. Once these assets have been discovered, the tools will capture and record more granular information for each asset, including possible connections with other assets, configuration information, software and firmware versions, and usage. Further discovery for these network assets might discover connected network storage devices and assets that connect remotely.
Asset discovery can capture data about all of your servers. Unless your organization has had very good configuration management processes and procedures in place from day 1, it is highly likely that you will not have accurate information about these critical assets. Unless you use asset discovery, there is a high risk of service disruption. And when the inevitable disruption happens, it can take a long time to discover the information you need about these assets to help you fix the issues. Asset discovery can be at the high level, when you discover just how many server assets you have and what type they are. But asset discovery can also go deeper, finding out critical information for both hardware and software assets associated with these servers. The types of information about these assets which can be discovered include operating system versions, firmware versions for components inside the servers, network cards, and their configuration, and communication ports.
In today’s connected IT landscapes, storage is much more than just a few disk drives. Storage systems can be complex, requiring specialist asset discovery processes to capture data and information about them. As well as discovering information about the physical storage assets, such as disks, controllers, and cooling systems, asset discovery can also capture useful information about performance and logs that can forecast future availability issues.
PCs, laptops, and mobile devices
With the prevalence today of using mobile devices to access corporate systems and services, it can be challenging to discover the information you need to be able to support these assets. New apps can be easily downloaded, with automatic updates. Asset discovery tools can continually capture the necessary data and information, which is impossible to do manually.
Asset Discovery and Security
Today’s IT landscapes are nothing like the days of old. In response to the challenges of doing business in the digital age, assets now change frequently, new ones are added, deployed, then retired at a rapid rate. As a result, without a robust approach to asset discovery, the pressure to constantly adapt to new technology produces new security risks. The widespread use of remote assets such as servers and storage mean that security teams are now rarely in control of all the assets used to deliver IT. This makes the task of discovering the necessary information about the assets difficult. With IT networks spread across cloud, virtual, mobile, and on-premise environments, blind spots are likely to arise. When they do, attackers could exploit any oversights to conceal their malicious activity.
Asset discovery is one way to help security staff provide a defence against these attacks by gaining visibility over the full network. Security best practices suggest organizations develop an inventory of all authorized devices to help provide controlled access to this type of asset. The scope of assets that need to be discovered for this is all hardware devices. Discovering the necessary information about these assets can empower the security staff to deny access to unauthorized and unmanaged products that could be used to attack the organization and its business-critical assets.
Organizations can go even further with asset discovery to support security. They can acquire even more visibility over their organization’s network by looking for specific capabilities in their asset discovery tool. For example, asset discovery techniques such as dynamic host tracking can be used to manage mobile devices as they connect, disconnect, and reconnect to different networks. The asset discovery tools can also use hierarchical asset organization to classify assets in a structure built using business context.
Links Between Asset Discovery and ITSM Configuration Management
Creating and maintaining an accurate configuration management system (CMS), including a configuration management database (CMDB) is essential to the operation of any IT service management (ITSM) capability. Trying to capture and maintain the necessary information without using asset discovery tools and techniques will be time-consuming, costly, and prone to errors. Asset discovery can be successfully used for the initial population of a CMDB, but there is a risk that a lot of the information discovered about the assets is not required for ITSM, as it is at too low a level and of too high volume to be understood. Interfaces should be built between asset discovery tools and ITSM tools, with rules defined that only transfer into the ITSM tool the information discovered about the assets that is necessary for the operation of that tool. The other information can stay in the asset discovery tool, where it will still be available to ITSM if they need it for investigations.
One of the important activities within ITSM configuration management is the verification of the data held in the CMDB. Asset discovery can help with this verification by automatically capturing the current asset information and comparing it with the previous information held about the asset. Sometimes the asset discovery tool will automatically update the information in the CMDB, but this may mask issues. For example, if IT carry out an unauthorized change to the version of software operating on a particular asset so that it is now different to other similar assets, it may be more beneficial for the asset discovery tool to alert ITSM that there is an inconsistency between these similar assets so that the configuration manager can investigate. If the asset discovery tool automatically updated the version in the CMDB, the unauthorized change may not be highlighted.
Asset discovery is fundamental for managing all types of IT assets, including hardware, software, and networks. Without discovering and understanding what equipment is on an organization’s network, and how it is configured, very little value will ever be realized from asset management. If asset discovery and configuration management are implemented successfully, the resulting CMS will be a mine of highly valuable data and information, providing much-needed support to all ITSM and IT disciplines.
Be on the lookout in the next few weeks for our follow up blogs. Up next is, “A CMDB without discovery is just a database and then “What is a Service Map”.