How IT Asset Management Services Improve Business Continuity Planning

Which IT Asset Management (ITAM) tracking system do you use for your network devices? It may or may not surprise you that many smaller computer and server room operators use spreadsheets to track their IT assets. Whilst this approach may be fine for smaller IT operations with assets running into the 10s, it is not efficient and can lead to out-of-date information, duplicates, inaccurate serial numbers and tag overlaps. The average error rate for spreadsheet-based IT asset management is around 15%. Larger facilities and datacentres have to take a more software-based approach due to the number of IT assets involved and some use smart tagging systems to track and improve physical asset security.

The Benefits of IT Asset Management (ITAM)

A fixed asset register is an inventory of the fixed assets belonging to an organisation. The purchasing process should trigger additions to the asset register each time they are made and installed. As assets should be tagged and their location and owners (person responsible recorded). Service and maintenance dates may also be marked on the register including regular inspection dates and for example PAT testing requirements. As assets removed from service and ‘retired’, they should be marked as such in the register.

To run a small computer or server room, datacentre, Edge environment or other remote site, it is vital to have an accurate asset register and to deploy an efficient asset management process. Even more so during a pandemic. COVID-19 has stress-tested many business process and asset management is one of them. Within the space of few days in March, organisations activated their business continuity plans and thousands of IT assets were removed from offices for use by remote home workers (RHW). Many IT managers were left trying to manage unfolding issues at speed, in addition to managing their on-site servers and storage facilities. Often without sufficient tracking in place. But just what do you track and to what level of detail?

If you picture a server room as a bill of materials (BoM), the complete facility can be viewed as layers or levels and drilled down to the lowest level possible i.e. that with a serial and model number. From smallest networking router to a blade or rack chassis.

Ten IT Asset Tracking Benefits

During more normal times it is important to step back from the granular level and consider the reasons for tracking IT assets. A sound asset management policy helps to underpin and support the overall business strategy and its objectives.

1. Management Policies: asset management is a required element within the most commonly used management systems – quality (ISO 9001), occupational health & safety (ISO 18001 / ISO 45001), security (ISO 27001) and environment (ISO 14001). Within these, the asset register is not just a ‘tick-box’ but a tool to help an organisation manage its assets during their useful working life. Within these policies it is important not just to have a register but a process for their record management that is both timely and accurate. With a sound procedure in place, actions can be taken quickly.
2. Energy Efficiency: the larger the datacentre operation the greater the chance of low asset utilisation. Orphaned, zombie or comatose servers can be reassigned to improve not only loading but energy efficiency and in doing so lower operational costs.
3. Speed of Response knowing where your IT assets are and who has ‘ownership’ allows decisions and actions to be taken quickly and efficiently. IT resources can be more easily repurposed to respond to the needs of the business or organisation without the need for additional auditing and ‘double-checking’. Valuable time is saved.
4. Single Layer View: having a complete overview of the assets deployed within the IT network in a single database and registry makes capacity planning easier. Time is saved allowing resources to focus on asset utilisation rather than trying to figure out what happens to a person’s laptop, where is the server used for R&D testing or how many spare desktop terminals are in accounts.
5. Maintenance and Service Plans: most IT assets have a 3 year warranty and may be purchased or leased. These details can also be recorded on the asset register to help manage expectations and suppliers if there is a warranty issue or need for service. The asset register can also then be used for budgeting or tenders for replacements and provide useful information for planned changes i.e. migrations to Cloud, SaaS models, IoT and Edge deployments or technology updates.
6. Data Centre Infrastructure Management: the cost of data centre infrastructure management systems and the ease with which they can be deployed continues to fall. For any organisation considering moving to a DCIM software package to manage and better utilise their IT, a comprehensive IT asset register provides the basis for ‘good data’ going in.
7. Cleaning Protocols: a build-up of dust or dirt within a server or any other air-fan-cooled device can lead to potential reliability issues. Hot-spots can lead to heat build-up with the potential for fire break-out. A complete IT asset management (ITAM) list helps to ensure that every device receives regular cleaning and inspection and that the right protocol is used.
8. Cyber Security and Risk Management: part of IOS 27001 and Cyber Essentials is the management of risk to data and data processing devices. Software must be regularly patched with the latest updates and user accounts controlled. Without a complete asset management list, a device could be missed that connects to the network without virus protection and/or the latest patch to meet a known security threat. 60% of security breaches in 2019 were down to not applying a security patch that was available*.
9. Security Controls: assets may require different security controls dependent upon where they are used. Development servers not connected to the ‘live’ corporate network may have lower security controls than ones running live VMware servers. Knowing where assets are deployed and their uses supports having the right security controls and levels in place and managing them.
10. Software Asset Management: mapping software assets to IT assets provides IT administrators with a comprehensive tool to manage software deployment within an organisation. All software should be licensed with no ‘rogue’ copies in use, even on devices given lower security protocols.

More information on Cyber Security threats:
https://www.csoonline.com/article/3153707/top-cybersecurity-facts-figures-and-statistics.html

IT Asset Management Audits

Organisations can carry out their own audits or employ an IT auditing specialist team to provide the service. An audit should be far reaching and provide a comprehensive overview of every IT device within an organisation. No matter where it is being used and covering all types from handheld terminals to tablets and mobile phones, desktop PCs, servers, storage devices and networking peripherals. You can also extend the scope of the audit to include any other network connected and critical infrastructure smart device including uninterruptible power supplies, PDUs and air conditioning systems. Why? Because these are assets, that require regular service, maintenance and sometimes firmware upgrades and because they are connected to the server room or datacentre IT backbone via an SNMP, Modbus, or other protocol.

RFID Asset Tracking

Asset registers will provide a reference number (or barcode) for tagging an asset and most commonly this will be in the form of an asset management label attached to the device. In a smart and Internet of Things (IoT) world, this practice can seem a little archaic. Many organisations are now employing RFID asset tracking solutions to provide real-time monitoring and security.

RFID stands for ‘radio frequency identification’. Smart tags use electromagnetic fields to energise their circuits and transmit data to a compatible reader. All movements can be automatically tracked in a software database and the smart RFID tags can be used to alarm when an asset is moved outside of a designated secure space. Triangulation within a building is also possible to allow its location to be pinpointed. As the IoT and Edge computing rolls out, remote smart tag tracking will deliver a greater level of control and management to a DCIM package and central IT management team. RFID tags also make mini-audits far easier as the tags can be easily rescanned using and hand-held terminal. The days of marking-up paper and spreadsheet data are over.

Summary

With COVID-19 emerging earlier this year, organisations had time to consider and prepare their business continuity plans, even it was simply a few weeks. Whilst the pandemic is far from over, for UK businesses there are other events on the horizon to consider such as Brexit which one gain may require businesses to review their BCM plans and ensure that they can manage through the transition to independence from Europe. Knowing the 5Ws and H of IT asset management (who, where, when, what, why and how) is a fundamental part of business continuity planning and plan deployment.

IT Asset Management should be a day-one operating service for any server room or datacentre operator. When facilities grow exponentially and fast, it can help to use a specialist third-party such as Server Room Environments to provide an IT asset management service. Our comprehensive ITAM report will provide a basis for movement to a software-based management service including RFID smart tags and/or to a comprehensive DCIM package.