How to get Started on IT Asset Management - Step-by-Step Guide

Mikael Korsholm Poulsen
By: Mikael Korsholm Poulsen Cyber Security | 7 December

Having an overview over all your IT assets is extremely important because you can only protect your network if you are aware of all devices and applications used in your organisation. It includes laptops, desktop computers, mobile phones, cloud services, and much more. In this post, we will introduce you to the concept of IT asset management and give you a hands-on guide on how to implement it within your organisation.

Why is IT asset management?

It can be quite challenging to secure your IT systems if you are unaware what devices you have and what is on them. Therefore, it is crucial to know what needs to be protected to protect it. This is exactly what IT Asset Management can do for you. It creates a detailed and structured overview to help improve your network security. With the help of this overview, you can eliminate possible security vulnerabilities by determining which assets need to be updated, deployed, or suspended.

What is IT asset management?

IT asset management is a system that helps keeping track of your company’s IT assets, which are pieces of hardware or software technology. It includes devices like computers, software applications, and the cloud services you are using. IT asset management can ensure that only approved services and applications are used on company-owned computers and are connected to the internal network.


It is important to point out that IT asset management doesn’t involve the employees’ use of these assets, but only whether they are connected. Thus, it would be possible to see if the employee, for example, has Microsoft Word installed, not if they are using this application. If you are interested in such a system, you should consider a log management system.

The benefits of IT Asset management

Here are the reasons why IT asset management should be a priority:

  1. It is a low-cost investment, which makes it accessible for everyone

  2. You can always be sure that nobody on your team has installed unapproved software on a company-owned computer

  3. It can help protect your network from malware and security breaches

  4. You will get a good overview of your IT assets, which can be used to successfully implement a log management system

  5. The overview will help you monitor a program’s usefulness and ensure it is up to date

Now, let’s proceed and look at the implementation of IT asset management and which role a system like this could play in your IT security setup.

CTA_it-security-policy_blog_desktop

This is how you get started

Don’t worry, the process is quite simple and intuitive. After completing these steps, you will be able to start registering all your devices.

Step 1: Get an overview of all assets

The first step is to make an overview for yourself to see which online services your company are using, since the system cannot scan these automatically. This will give you a time-estimate for the duration of this process. It also prevents you from overlooking and forgetting any devices. If you don’t already have a list of all employees and note down any devices they have, like phones, laptops or computers.

Step 2: Install the Spiceworks inventory

Then you can continue with setting up a user profile in Spiceworks Inventory. We can highly recommend this system since it is easy to navigate, free to use, and a great resource if you have further questions.

SpiceWorks.png

After setting up an account, download Spiceworks to your desktop and continue with installing an agent (explained in the next step).
This system needs a server to run on. You can either host it yourself or use Spiceworks’ service. Their cloud solution takes care of setting up a server for you. 

RemoteSites.png

Step 3: Installing Agents

What is an agent?

An agent collects information about the different assets, like their performance or availability metrics, and processes them in a central monitoring station.

They are commonly deployed on mobile devices like laptops or phones that employees might take home. An agent only has to be installed once and from there on requires little to no maintenance or additional infrastructure.

How Do I install it?
You can download the agent from Spiceworks and install it on various assets. As soon as it is installed, the agent will review all applications installed on the computer drive and then add these applications to the inventory system.

Unfortunately, the Spiceworks’ agent only exists for Windows, so Mac or Ubuntu should be registered though scanning instead (see next step).

To implement the agent, follow this tutorial by Spiceworks. It explains how to download, configure and deploy it on your devices.

RemoteAgents.png

Step 4: Scanning IT assets

The scanning process works through your workplace’s network. It covers all non-portable devices as well as anything that cannot be registered through an agent. This type of registration requires less administration and is very simple to set up.
And this is how it works:

  1. Have your PC connected to the local network and the Spiceworks software installed before setting it to "scanner" mode.

  2. It will then execute the scans approximately every 30 mins.

  3. The PC will then attempt to categorize and inventory any devices identified in the scan. This includes anything with an IP/MAC address that the PC can see.

  4. If there's a new device since last scan it will attempt to extract all the data it can, and then add it to the existing inventory list.

The only downside is that the automatically collected data is not always complete. You will occasionally have to verify that there are new portable devices registered in the inventory.

Scanning.png

 

Step 5: Registering Online assets

Registering is a little more challenging for online assts than it is for already installed applications.

By scanning for URLs in the browser history, you can see which services are being accessed. If your organisation uses Office365, you can look for part of the URL which contains ‘Office’. Then you will be able to see if the different assets have visited such a URL.
However, you cannot search for a service you don’t have the URL for. This is an issue that log management can help with, which you can read more about here.

If you have both, the log management system would list all accessed unregistered cloud services. The IT asset management system would then allow you to specifically look for devices that have accessed the service.

What now?

That's it. You are done. After registering your company’s assets, you should have a clear overview of all physical and digital IT assets.

You can now be sure that only authorised applications and services are being used within your network. It will also help you identify any possible vulnerabilities in your security setup. From here on, you will only have to install agents on new assets and register new cloud services that you choose to use. Maintaining the system mainly consists of making sure it is up to date.

A next step could be to implement a Log Management system.

CTA_e-book_blog-desktop