If It Were Easy, Everyone Would Do It: Building a Complete Technical Inventory
IT and license managers are in a predicament. On the one hand, software requirements are constantly increasing. On the other hand, they’re constantly instructed to save costs. The good news is that chances are very high that there is untapped cost and security optimization potential within your existing software landscape.
The key to this potential is a complete and up-to-date overview of all hardware and software assets in your enterprise network. The quality of this database is critical for all future analyses and the success of any resulting measure. Creating this foundation is not easy if you do not have the right tool at hand – the complex IT environments require inventory technologies with high flexibility and performance.
Challenge accepted! Let’s take a look at the four biggest challenges in building a technical inventory and which technology can master each.
Challenge 1: External and Mobile Devices
Today’s working world demands high flexibility and mobility, both from employees and from their work equipment. Working from home and “Bring your own Device” are fairly common these days and make enterprise networks accessible from everywhere, which makes everyone’s daily work easier. Well, almost everyone…
For inventory, the challenge is that these devices are not always logged into the company network. For a remote inventory that scans the network at a given time, it may happen that these devices cannot be reached and therefore do not appear in the technical inventory.
The agent technology offers the solution. By installing the agent locally on the respective systems via software distribution, it scans the data and automatically sends it to the central database as soon as the device is registered in the company network. Because of a scheduled, bundled and encrypted data transfer, which does not require a permanent connection with the central database, this method provides the highest level of data security.
Even though this is the recommended solution, a company’s security guidelines may not allow for local installations on the individual systems. The alternative is to run a script from a central server, e.g. via defined group guidelines. In doing so, the inventory scan and the data transfer can be triggered automatically, as soon as the device is logged into the company network.
Challenge 2: Physical & Virtual Server Environments
Data collection in physical and virtual server environments takes extreme discipline. Every server usually has its individual configurations combined with very high security standards, which makes it difficult to gather the needed information. To bring all necessary data together for a complete technical inventory, different data sources need to be scanned.
An agent-based inventory provides the highest level of automation and security, as well as information depth and accuracy for server read-out. If an agent-based solution is not possible, again due to company security guidelines, a remote inventory can be made depending on the company size and IT infrastructure. This method would require a central rights management, e.g. via the Active Directory, to enable a scan of all systems connected to the network by means of administrative rights.
Keep two things in mind before starting a fire: the wind direction and the surrounding area. Build your campfire away from overhanging branches, rotten stumps, dry grass and leaves, so when wind comes, the forest won’t be set on fire.
Challenge 3: Isolated Networks
In some industries, such as finance or healthcare, there are devices, or even entire networks, which are completely shielded from other networks. This is to prevent any unauthorized access to highly sensitive data.
To make sure that the hardware and software information of these separated devices are also included in the company’s technical inventory, they can be scanned offline. This can be performed for individual devices by using an USB stick, which executes the scan and buffers the collected data. For complete shielded networks, a separate inventory, with agent or script, is suitable. The buffered data is then fed into the central inventory database with a secure transfer.
Challenge 4: Cloud Environments
Cloud services are on the rise and IT asset management needs to be revolutionized. Oftentimes, the misconception is that cloud services are much easier to manage and you only pay for what you really use. However, even with cloud services, there is a risk that you pay too much without knowing.
For example, an employee may be assigned to a specific Office 365 plan level, but not using it to the full extent. So there might be another plan that’s a better fit for the needs, which could all be less expensive. But how do you know who uses which workload from the assigned plan?
Scanning employees’ desktops is not enough to capture the data of the cloud services they use. As access to cloud services is generally via a browser, this results in two challenges. First: a data protection issue may arise when the browser activities of an employee are recorded. Second, it is technically difficult to understand which cloud services an employee actually used. For this reason, the inventory has to be done directly within the cloud data centers via a remote scan.
There are tons of exciting features and functions available in all the analysis tools in the market, but don’t get caught up in the hype. You need to select a solution that will provide full scope of your inventory and help provide insights and remediation right away.
Ready to get started with a robust inventory solution? Click here. For more information on building a technical inventory, fill out the form below and a local expert will be in touch soon.