You are here

IoT and IT asset management: How to avoid the impending wipeout

public://pictures/charlie-miles.jpg
Charlie Miles, Principal Consultant, Pink Elephant

The prevalence of Internet of Things (IoT) devices within businesses is exploding as organizations discover more practical uses for them. The problem is, they're not being managed effectively. Today, most IT organizations can't even manage laptops or software licenses effectively.

And if you can’t do that, how will you manage the many thousands of IoT devices that sit in remote locations, and the associated data that flows from those endpoints into the data center? An explosion of IoT devices in the enterprise could push your IT organization to the breaking point.

This influx of IoT devices, fueled by advancements in AI, blockchain, and 5G technologies, is coming at IT like a tidal wave. As the numbers expand, IT must develop the capabilities and skills necessary to manage and secure those devices and the data they generate.

Greater adoption of IoT escalates your asset management, cybersecurity, policy, and vendor/supplier management challenges. When I talk to IT managers about this, I see the fear in their eyes. You need to get proactive about managing IoT assets—and the vendors and suppliers that provide them—fast.

IT organizations face two challenges in asset management: Improving practices to get a better grip on IT assets they currently manage, and discovering what else is out there that they should be managing and protecting, such as IoT devices.

But how do you manage IoT assets you don’t even know exist? Today, in most organizations, IT manages only part of the IoT infrastructure. The rest falls under corporate asset management and facilities management. Then there are the devices purchased by individuals, managers, and business units that may ride on the corporate network.

Here's what needs to happen to get out front of IoT in your organization.

[ Get up to speed on IT Operations Monitoring with TechBeacon's Guide. Plus: Download the Roadmap to High-Performing IT Ops Report ]

Get control over your existing IT assets

This all starts with a strong enterprise-wide asset management program, not just IT asset management. As more and more non-IT assets become "smart" through technological advances, IT should have the capability to more effectively manage, deploy, and secure these devices. IT can do so more effectively than can facilities or corporate asset areas of the business. Why? Because only IT has the knowledge, awareness, and capability to manage these from a cybersecurity perspective and to manage necessary device upgrades (software and firmware), and only IT has the disciplines related to inventory control and the identification and mitigation of discrepancies.

But while that's what IT should do, the reality, based on my organization's experience consulting with dozens of enterprises, is that many IT organizations barely get by in managing traditional IT assets. Take a hard look in the mirror and assess how well, or poorly, you manage your laptops, software licenses, and other IT assets today. If you are struggling with this now, you are not prepared for, nor capable of, managing IoT.

To prepare for the IoT onslaught, you need to get your IT asset management house in order. Traits of a strong IT asset management program include:

  • Taking a strategic program approach
  • Having a defined asset and organizational scope
  • Establishing centralized control (not necessarily through a centralized function)
  • Creating and enforcing effective asset policies
  • Recognizing that everyone in the organization who touches an IT asset has a role to play

Once you establish your program for IT, you can extend it to the entire enterprise, and you will be able to create more effective security control for all IoT assets.

Expand the net to include IoT assets external to IT

Anything that interacts with the corporate network or company data is an IT asset from a management standpoint, whether that device is a smart vending machine, a smartphone, or sensors in products you sell or use in your business.

Establish a policy stating that these are IT assets that need to be tracked and protected, and that the organization needs to register those with IT. This will probably create a potential turf conflict with the facilities organization, which sees them as capital assets, as well as with the individual business units, departments, and managers who make their own purchases without telling IT.

Today, anyone with a procurement card can go out and spend up to $1,000 on technology without a purchase order. All of this needs to come together under a central IT asset management umbrella.

If you don’t get a handle on the assets that currently fall outside of IT's control, and you don’t know what's being requested, purchased, and brought into the environment, then you can't manage those things. And that means security management won't know those devices exist and won't be able to bring them under control from the critical security controls (CSC) policy standpoint for monitoring, protecting, and so on.

Earlier this year, ZDNet reported that a hacker had published a list of 515,000 servers, home routers, and IoT smart devices. This was compiled by scanning Internet devices that were exposing their Telnet port; the hacker then tried using factory-set default usernames and passwords.

Think about that for a second. Granted, some if not many of these devices are in private homes (scary enough), but what if these devices exist on your organization's network without proper security management controls?

[ Find out how to roll out Robotic Process Automation with TechBeacon's Guide. Plus: Download Enterprise Requirements for RPA ]

Centralize supplier and vendor management

Your entire enterprise, not just IT, needs a centralized approach to engaging vendors so that people don't go out and do their own thing. Today, it's not uncommon to find within a single organization different corporate and IT vendor management approaches that, if they are not aligned, can create serious management issues with respect to traditional IT assets and IoT smart devices.

It's time to manage these relationships more holistically.

Enterprises should leverage the service integration and management (SIAM) framework to create a centralized approach to managed services and service integration. You need a centralized service integrator that works with suppliers and has a better handle on your full portfolio of vendors and assets, so you can take better advantage of them and make sure all offerings work well together.

The integrator can also help manage relationships with suppliers and vendors so you can control what's coming into the organization, and whether those things are traditional IT assets or corporate assets. Today, most organizations don't have that capability set up. Without it, you're heading for major IoT headaches.

Don't forget the people whom technology disrupts

You’ve been down this road before. The Internet was a disruptive technology. So were minicomputers. Then personal computers. Then laptops and smartphones. But what got disrupted each time was people.

The IoT will change the way people in your organization work. Jobs will change. Training will be required. Some jobs will be threatened.

You must find a way to engage everyone who is affected by this change and say to them things such as, "We know that you used to order the coffee makers; these are machines that now have IP addresses and connect to wireless networks. They’re transmitting and receiving data. These are now IT assets, so you need to go through us." 

And that will cause resistance. That will block progress. This is perhaps the most important element to success: You must work at the people level to help them understand why they need to change, and then help them to change. Technology is a waste of time and money if you don't address the people issues.

Drive change from the top

While IT can help drive this change, leadership must start at the top: This is an enterprise issue that crosses organizational boundaries, so you need to take an enterprise-wide approach.

If the initiative is driven by a leadership team that includes the CIO, you can get to a world where the management of IT assets and capital assets converges, where IT supplier/vendor management and corporate vendor management are consolidated through a centralized service integrator, and where enterprise governance extends out to all of your IoT infrastructure.

That's ultimately where the answer lies. IT can't do this alone. But you can drive the change.

Get ahead of the wave

You can't ignore IoT and smart devices because of the false beliefs that your organization will not use them or that they aren't going to have an impact. Maybe you said that when laptops came out, or smartphones, or cloud services. Here you are again.

The smart thing to do is get ahead of this tidal wave by raising awareness throughout the enterprise. IT should take the initiative by helping put in place the measures organizations need to be successful.

Focus on making IT asset management effective first. Then, with the help of security and vendor management, build that into a strong enterprise-wide asset management program.

Join me at Pink20 in Las Vegas, where I'll be speaking in more detail on the IoT and service management, ITIL 4 versus ITIL v3, and automating IT services. The conference runs February 16-19, 2020.

[ Learn how to change the IT services game with ESM in TechBeacon's Guide. Plus: Download the Forrester Wave for Enterprise Service Management ]