Security & is a Softcat blog series highlighting how security and other areas of IT work together to maximise an organisation’s infrastructure investment. Stopping by all Softcat’s solutions teams, this series offers advice that will enable you to develop a more cohesive infrastructure leading to a more complete security strategy.
As part of my role within Softcat I seek to understand organisation’s security strategy, and how they approach securing a diverse and complex IT estate. One common area I regularly recommend is having an up-to-date inventory of IT hardware and software, which is readily available. This is more commonly known as an asset list. Having such an inventory is itself a double-edged sword and integrates security strategy into an IT asset management framework. This allows organisations to harmoniously understand their IT estate, and leverage that knowledge to verify devices on their networks.
From a security perspective, the importance of having a known and authorised asset list is this: you can’t secure that which you can’t see. By having a defined inventory of hardware, including ports, versions, OS etc., we have a baseline by which we can easily identify any device that should be in the IT estate, and therefore could leave the business vulnerable. Whether malicious or benign, having this list and enforcing it ensures that only the kit you own, operate, secure and authorise is allowed on the network.
The same principle applies to a software inventory list, but consider that it is a lot more likely for a user to download an unsanctioned piece of software than to bring in and connect their own computer. Equally, when looking at patch management, including the version of software within the inventory, this allows adherence to a patch management strategy. Given the scale and availability of software, having a defined-software inventory ensures that only applications and services sanctioned by your organisation, with relevant security controls around them, can operate on business systems.
Lastly, having an inventory of authorised software and hardware is a universally recognised security control. The top two infrastructure controls of frameworks such as CIS/SANs Critical security controls, Softcat regularly advises on how to utilise these inventories as part of their cyber assessment services.
Accurate and efficient asset management is central to a financially responsible business. By having a defined hardware and software inventory you are able to report on the commercial investment in your IT estate, ensure uniformity in configuration, version and deployment, as well as manage refresh cycles. These insights allow a business to maximise the purchasing power of bulk ordering when refreshing hardware and software, as by using the inventory to group together similarly aged assets, you can refresh strategically.
From a software perspective, you are able to demonstrate uniformity in deployment, quickly and easily manage renewals and licencing compliance, as well as licence scaling. This represents an additional commercial benefit as the cost of being over, or under, licenced is immediately apparent, and if not recognised is simply throwing away money.
Not necessarily. Whilst I’m not going to suggest that with a click of a button some software will tell you everything I’ve mentioned above; with the right tech we can automate the bulk of the heavy lifting. Building the inventories themselves plays right into the forte of Softcat’s IT asset management specialists, who have a portfolio of recommendations and solutions at their disposal. How to take this information and leverage it to form the core of a security strategy plays right into Softcat’s networking and security team. Essentially, by integrating asset management into your security operations, you’re able to kill two birds with one stone.
If reading this has got you mentally listing out your IT assets, and you’d like to know more about how you can utilise asset inventory to maximise the investment within your IT estate, reach out to your account manager and specialists. If you’ve not yet contacted us, get in touch using the button below.
About the author: Alexander Lewis is a leading Networking & Security Specialist at Softcat and has been working with Softcat’s customers for over two years. Alex’s previous work has seen him work in various IT-focused roles, but his passion for technology started young when he built his first PC at just 6 Years old. When not working with customers, Alex guides Softcat customers on security and networking strategy, regularly contributing to our blogs, webinars and training exercises.
We would love to hear any comments you have about this article!