The ITAM Review

News, reviews and resources for worldwide ITAM, SAM and Licensing professionals.

Seven types of missing hardware

Missing hardware creates havoc with ITAM accuracy

Missing hardware creates havoc with ITAM accuracy

Accurate hardware records are fundamental to a successful ITAM practice.

We can’t save money on hardware and software or meet our governance goals with missing hardware.  Accurate hardware records are foundational for both HAM and SAM.

Missing hardware: How do leakages occur?

This article looks at the most common reasons hardware records might not be accurate.

Please let me know of any other reasons using a comment below. How else do hardware records end up being inaccurate? Please leave a comment below.

  1. STOLEN

First of all, has the device been stolen? A key step for addressing theft is identifying who owns the device and when or who was the last person to use it? Was the device encrypted? Have we registered it as stolen and let our Information Security colleagues know about it?

  1. DESTROYED / DISPOSED / SOLD

Maybe the device was disposed of or sold onto a third party but hardware records were not updated. Best practice suggests asset records are tracked until a certificate of destruction or transfer of ownership is received. The asset can then be archived for future reference.

  1. EXTENDED ABSENCE

The person who owns the device might be on long-term sick leave, maternity leave, sabbatical etc. Again, an accurate ownership record can help identify who owns the device then liaison with Human Resources can help identify their current work status. Even better, is that the device is clawed back into the IT department and reissued when it is needed again.

  1. GHOST DATA

Poor processes and record keeping creates ghost records and duplicates. For example – The person left the company and their device was rebuilt and reissued to another member of staff but asset records were not updated. So a ghost or duplicate record exists making our hardware asset management records bloated and inaccurate.

  1. DOORSTOPS

The hardware device is still owned but is being used as a doorstop, collecting dust or stuck in somebody’s drawer. For example a member of staff might leave the company and the line manager stores it in a drawer for the next new member of staff. Best practice would be to claw back any devices not in use. This allows the IT department to ensure the machine is up to date from a security perspective. Encourage hardware to be returned by making it super-easy and efficient to request it back again via self-service.

  1. SECONDARY USE / AWOL

A device might be taken home for home use or otherwise not connected to the network very often. It might be used for legitimate work purposes, but we just have not seen it for a while. If it is a device that contains company data employees should be encouraged to log the device into the network periodically to ensure it is updated and accounted for.

  1. AGENT FAILURE

The device is being used for work purposes and regularly connects to the network, but for whatever reason the inventory mechanism for checking in with the device isn’t working. Perhaps the agent has failed or it has not been registered on the network properly.

How to address the leaks?

Some options to act as a safety net against devices going missing:

  1. Run network inventory and follow-up on devices that have not been seen in 30, 60, 90 Days (your time period will be dependent on volume and policy)
  2. Run auto-discovery to identify devices not being tracked by inventory
  3. Fix holes in your processes based on the root causes of 1 & 2.
  4. Use security policy to help you enforce hardware accuracy. E.g. Block devices from connecting to the network and using services if they have not been seen for 30,60,90 days.

How else do devices go missing? Do you have any other advice for maintaining hardware accuracy? Please leave a comment below.

To learn more about inventory accuracy, please join us on the next module of the 12 box training program on the 31st March: https://www.itassetmanagement.net/training/

email

About Martin Thompson

Martin is owner and founder of The ITAM Review, an online resource for worldwide ITAM professionals. The ITAM Review is best known for its weekly newsletter of all the latest industry updates, LISA training platform, Excellence Awards and conferences in UK, USA and Australia.

Martin is also the founder of ITAM Forum, a not-for-profit trade body for the ITAM industry created to raise the profile of the profession and bring an organisational certification to market. On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.

He is also the author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management. In addition, Martin developed the PITAM training course and certification.

Prior to founding the ITAM Review in 2008 Martin worked for Centennial Software (Ivanti), Silicon Graphics, CA Technologies and Computer 2000 (Tech Data).

When not working, Martin likes to Ski, Hike, Motorbike and spend time with his young family.

Connect with Martin on LinkedIn.

4 Comments

  1. Deepika says:

    How to address the leaks?

    1) Asset tagging could be done and barcode scanners could update the data in Hardware Inventory. This is a bit expensive affair but for industry with critical data on machines is worth investing. Asset tags Vs Auto-discovery scan gap could help in finding the delta/missing machines.

    2)IMAC (Install, Move, Add and Change) records to be maintained for any asset entering the network. This could be done by some IMAC ticketing system or some periodic batches/scripts to keep the inventory updated.

    3) Periodic/random audit-Physical inventory Vs the Auto-discovered data.

  2. Matthew Nuttall says:

    Hi Martin,

    I think everyone would agree that to have 100% hardware asset coverage would be a dream come true, but we all appreciate there will always be a degree of hardware assets that cannot be accounted for in one way or another.

    What I am curious to know, is when you find yourself in the situation of a software audit, is there an “accepted” level of hardware inventory coverage by auditors?

    Also, what do you think would happen if you could not provide hardware inventory reports of an adequate level?

    Regards

    Matthew

  3. Matthew,

    I might be wrong here. But I think the Microsoft MPSA has an agreed tolerance of 95%. i.e. if Microsoft choose to audit you and find you out of compliance by more than 5% they reserve the right to throw toys. So if your underlying hardware assets are out by more than 5% you have no change of software compliance.

    Percentages will vary. What I think is more important is that a company has chosen a metric that they think is achievable and realistic and then build negotiations from this figure.

    Maybe a topic for the forum for others to discuss?

Leave a Comment