Accurate hardware records are fundamental to a successful ITAM practice.
We can’t save money on hardware and software or meet our governance goals with missing hardware. Accurate hardware records are foundational for both HAM and SAM.
Missing hardware: How do leakages occur?
This article looks at the most common reasons hardware records might not be accurate.
Please let me know of any other reasons using a comment below. How else do hardware records end up being inaccurate? Please leave a comment below.
First of all, has the device been stolen? A key step for addressing theft is identifying who owns the device and when or who was the last person to use it? Was the device encrypted? Have we registered it as stolen and let our Information Security colleagues know about it?
DESTROYED / DISPOSED / SOLD
Maybe the device was disposed of or sold onto a third party but hardware records were not updated. Best practice suggests asset records are tracked until a certificate of destruction or transfer of ownership is received. The asset can then be archived for future reference.
The person who owns the device might be on long-term sick leave, maternity leave, sabbatical etc. Again, an accurate ownership record can help identify who owns the device then liaison with Human Resources can help identify their current work status. Even better, is that the device is clawed back into the IT department and reissued when it is needed again.
Poor processes and record keeping creates ghost records and duplicates. For example – The person left the company and their device was rebuilt and reissued to another member of staff but asset records were not updated. So a ghost or duplicate record exists making our hardware asset management records bloated and inaccurate.
The hardware device is still owned but is being used as a doorstop, collecting dust or stuck in somebody’s drawer. For example a member of staff might leave the company and the line manager stores it in a drawer for the next new member of staff. Best practice would be to claw back any devices not in use. This allows the IT department to ensure the machine is up to date from a security perspective. Encourage hardware to be returned by making it super-easy and efficient to request it back again via self-service.
SECONDARY USE / AWOL
A device might be taken home for home use or otherwise not connected to the network very often. It might be used for legitimate work purposes, but we just have not seen it for a while. If it is a device that contains company data employees should be encouraged to log the device into the network periodically to ensure it is updated and accounted for.
The device is being used for work purposes and regularly connects to the network, but for whatever reason the inventory mechanism for checking in with the device isn’t working. Perhaps the agent has failed or it has not been registered on the network properly.
How to address the leaks?
Some options to act as a safety net against devices going missing:
- Run network inventory and follow-up on devices that have not been seen in 30, 60, 90 Days (your time period will be dependent on volume and policy)
- Run auto-discovery to identify devices not being tracked by inventory
- Fix holes in your processes based on the root causes of 1 & 2.
- Use security policy to help you enforce hardware accuracy. E.g. Block devices from connecting to the network and using services if they have not been seen for 30,60,90 days.
How else do devices go missing? Do you have any other advice for maintaining hardware accuracy? Please leave a comment below.
To learn more about inventory accuracy, please join us on the next module of the 12 box training program on the 31st March: https://www.itassetmanagement.net/training/
About Martin Thompson
Martin is also author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management.
On a voluntary basis Martin a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.
Learn more about him here and connect with him on Twitter or LinkedIn.