Identify and Manage All Hardware and Software on Your Network
As we’ve been discussing, protecting your IT network from online threats requires a cyber security plan. Arguably, the first step in that plan is to identify and inventory all of the hardware and software on the network. This is critical to IT inventory management -- an ongoing, multi-step effort to make sure every element of the network has up-to-date protection against vulnerabilities. It is considered a best practice for regulated entities. This post will outline key issues of inventory management beginning with why it’s so important.
Productivity, Asset/Reputation Loss Prevention and Compliance
Pure and simple, a network hack, a phishing scheme that compromises passwords, a ransomware attack that holds your system hostage can shut you down for some period of time, killing productivity. For our regulated clients in financial services and healthcare, your client assets and patient data can be at risk – as well as your reputation. These outcomes are far more likely if you don’t know what you’re protecting and how to protect it.
Even if you’re never hacked, a cyber security plan is essential for regulatory compliance. One of the first questions regulators and auditors will ask is whether you have policies and a plan, as well as how you’re implementing it. They will be particularly interested in how you’re managing your IT inventory. You need a verifiable, auditable way to prove that security patches are current and that you’re defending yourself.
New and Greater Complexity
Before cyber security concerns, inventorying our devices was an accounting exercise for purposes of establishing a basis for personal property taxes and valuations for depreciation. Today we inventory not only every device, but also what software is on every device. We need to know who’s using each device and where it’s located so that when new vulnerabilities arise, devices can be patched in a timely manner. With the increase of BYOD -- bring your own device -- we must also inventory and manage non-corporate, employee-owned smart phones and laptops.
In a perfect world, we’d be able to run a standard build for all devices. But considering that companies acquire devices and grow their networks over time as their businesses grow, this is not realistic. For example, one of our clients has two different kinds of MACs, three types of PCs, two kinds of laptops, and a different brand of server. Their devices run various software programs and apps. So, you can see that it’s hard to build uniform standards.
How Do We Manage Network Complexity?
At some point as a company grows, it becomes unproductive to manage IT inventory manually or using spreadsheets. Consider that…
Certain viruses attack only certain brands of hardware or software. When a new virus is identified, you need to know which devices need patching and be able to do that in a timely fashion. Who’s using them and where are they?
You have to know that Joe who’s on a business trip to Chicago has the MAC Book Pro with him. Susan, who’s at a conference in London, has one of the Dell laptops. John left the company; did we clean his information off the drive of the laptop he was using and update the software before assigning it to his replacement?
Especially in the case of devices being used away from the office, you can’t always afford to wait until they’re back to address threats. This is true for smaller as well as larger companies.
Inventory management software has been developed not only to log every device and the software it runs, but also to monitor which require patches at any given point and then to push those patches out to the affected devices. At Soundshore Technology Group we use Desktop Central by Manage Engine to manage our clients’ IT inventories. There are other credible solutions as well.
There is also mobile device management (MDM) software to address the many mobile devices employees use for business. As noted earlier, this has become ever more crucial as companies adopt BYOD policies. For MDM we use IBM’s MAAS 360 software.
IT inventory management of employee devices requires written policies that allow a company to install MDM software on employee phones, laptops and any other devices that run corporate email and other software. Policies must also allow access when an employee leaves the company so that all corporate software and email can be wiped from the device.
Policies are easier to enforce when a company builds and introduces them from start-up or immediately on initiating a BYOD strategy. It’s more difficult for employees to accept a new policy when device management has not been implemented in the past. To develop and implement reasonable and effective policies that will both protect your network and meet regulatory standards, we recommend working with an IT inventory management specialist.
To close the loop on this discussion of inventory management, we must point out that your network is not limited to desktops, laptops, smartphones and the software and apps they run. You have to include in your hardware inventory what’s in the server room or network closet and the switches, firewalls, routers and wireless APs in the ceiling that connect your network together. These are not necessarily manageable by specialized software.
Now there are smart TVs in the conference room that can be vulnerable to cyber threats – and you can’t put software on them to patch vulnerabilities. Yet you need to include them in your inventory so that if threats become known you can at least remove them from the network.
To get a more complete picture, and if you haven’t been on the blog in a while, you should read our post on patch management. Also visit our cyber security services page for more information and to access a couple of complimentary offers that will help you initiate or improve a cyber security program.