When we talk to IT managers, security professionals and directors, one of the first questions we ask is “How many systems do you have to secure?”. It’s a simple question, but one which rarely has a simple answer. The typical reply tends to start with the word “About” and therein lies the problem; you can’t effectively manage and secure what you don’t know you have!
Depending on the industry your organisation works in, you will typically be covered by several items of legislation, all of which place their specific requirements on how you manage data and, therefore, the devices it resides on. And this is where the importance of inventory management comes in; knowing what equipment connects to your networks, what data it has access to and which items leave your premises.
Inventory management, knowing what is where, can seem like a very mundane task, but it is surprisingly complex. As well as items purchased by an organisation (such as printers and workstations), there can be other items such as mobile devices, staff devices, Bring Your Own Device (BYOD) equipment and devices supplied by contractors and casual workers. Each device should be checked to see if it meets your organisations security requirements (such as running supported, updated software), that it is connected to an appropriate section of the Local Area Network (LAN), that it is within it’s operational life (so old equipment can be disposed of security) and that it has access to only the data which its user need to complete their work. Mobile devices add extra complexity too. As they leave the physical confines of the organisation, care should be taken to ensure that any data they hold is encrypted and protected to prevent unauthorised loss and that there is a method of removing this data remotely should the device be lost.
Ideally, a complete “cradle to grave” profile should be available for each device so that it can be accounted for from a financial point of view, a list of who it has use it during it’s operational life available so that the data held on it can be tracked, a physical and software list held to help support staff maintain it, a list of when software and firmware was updated so that its security verified and a record of how and when it was disposed of so data doesn’t accidentally leave the organisation (we’ve all heard the stories of old machines being bought in charity or thrift stores and data discovered on it).
Suddenly, something which can seem to simple at first glance becomes extremely complex.
Fortunately, there are a number of tools which can assist with this process. Asset tagging (assigning each device a unique ID, usually by attaching a unique label) aids identification, tools like Watchguard’s Network Discovery monitor, identify which devices are on each section of your network, Microsoft Intune provides software and hardware inventorying and the ability to enforce security policies, assist with patching requirements and wipe lost devices and Tenable’s Nessus Manager seek out and identify insecure devices.
IXCG offers a wide range of asset management products and services, including:
- Inventory audits.
- Asset and security labelling.
- Network and WiFi monitoring and management.
- Supply of solutions from Watchguard, Microsoft, Tenable, Mojo Networks and many others.
For further details, please contact us.