Why risk mitigation is the core of asset management

As innovation flourishes, so does risk

IT asset management and information security are linked in ways never considered 10 years ago, when asset management had a reputation as an administrative function that did little more than let you know where your hardware was at any given time.

Asset management in your smart office is more than knowing who has the spare laptop or who is using the interactive whiteboard. At its best, it’s a comprehensive system that manages the lifecycle of IT assets in a cost-effective and efficient way, where a risk-averse approach can boost ROI and your data security.

The key risk in the information age is losing control of personal or confidential information. This can be traced back to asset management in some simple ways: a laptop without an encrypted hard drive is misplaced or stolen, your printers and scanners are updated to boost productivity but without a secure connection, or you give staff default access to all files.

Less risk for better results

IT asset management can reduce broader risks across security as well as providing the best ROI on capex and opex.

Simple ways to reduce risk using asset-management principles include:

• Establishing guidelines for apps and eliminating any that don’t meet the requirements – reducing risk if apps are vulnerable and removing apps from the patch, monitor and audit cycle.
• Monitoring user restrictions to apps, files, and devices needed by staff rather than default access to the entire organization.
• Standardizing programs – for example, video conferencing software – to reduce the risk of downtime and unauthorized access.
• Smart software asset management (SAM) tools to optimize licensing and identify rogue software, create a usage and access audit trail, and identifying any devices without antivirus software.
• End-of-life hardware disposal – we’ve all heard stories of computers and drives found with confidential information on them.
• Mobile inventory control – where administrative asset management meets risk management across strict control of network entry points and device security.

A risk-averse approach can have unexpected benefits for your workforce – if assets are standardized, it promotes greater connection and space for collaboration across teams.

Remember the human factor

Most data breaches have one common factor: human error. By tying your asset management to education and communication, you can raise awareness of password and user security, prevent information leakage and educate staff on phishing and cybersecurity risks.

If compulsory training for staff before access is provided is part of the education program, it must be up to date and keep pace with increasingly sophisticated security risks.

All IT creates risk for an organization. But a thorough and risk-averse approach to asset management will reveal the right risk-reward balance.

The responsibilities of IT asset management and cybersecurity teams will continue to converge, led by tech such as GPS integration to track devices. The future must take a consolidated approach where risk aversion is a default position for asset management.