Three steps to mastering IT asset discovery
August 27 | 07 mins read
IT asset ecosystems are complex. Assets are constantly in flux, with new ones added, antiquated ones removed, or existing ones modified. Amid this dynamic environment, it is not uncommon for IT asset managers to struggle with centralizing the visibility of all the assets owned.
Compounding this challenge is a prediction from Gartner® that about 30% of critical infrastructure organizations will suffer a security breach by 2025, and a recent report from S&P Global ratings highlighted that good IT asset management practices are foundational for effective cybersecurity.
Without gaining visibility into what is available in the existing network, organizations will remain blind to the potential security risks, and the question of effective governance of the assets will remain unanswered. This will leave room for ghost assets, shadow IT, or unmanaged software to lurk undetected.
To confront these challenges head-on, IT organizations should have a complete, real-time picture of their digital estate to understand and monitor their assets, which is only possible with robust IT asset discovery.
What is IT asset discovery?
Asset discovery is the systematic process of identifying and cataloging all hardware and software assets within an organization's IT infrastructure. It entails regular scanning of corporate networks and domains using agent-based or agentless discovery methods. This way, organizations can inventory a single, comprehensive IT asset database, helping them visualize and manage the entire asset network from a central console.
If you are loaded with questions like how to make asset discovery robust or where to start the discovery process, consider the following steps:
- Start with planning on how to approach the discovery process.
- Decide on a discovery approach that best suits your organization.
- Enrich the CMDB to have a better picture of your IT infrastructure and its interdependencies.
Let's delve deep into how each of these steps could help you implement a robust IT asset discovery process that thoroughly scours the entire asset estate, defines clear asset boundaries, and leaves no asset undetected.
Planning the discovery process
For an IT asset manager, with an asset management solution in hand, initiating the asset discovery process from scratch is quite an overwhelming task. A good place to start is to identify the assets that are present in the organization. Utilize the existing asset data that might come from previous hand-written records, purchase bills, or outdated inventory lists. Although jumbled and in-accurate, this rudimentary data would help in providing a basis for planning the discovery process.
With an understanding of the different types of assets, the order of discovery can be defined by dividing the asset discovery process into different phases. This phased approach could also be based on the location or accessibility of assets. For example, in the first phase, focus on identifying on-premises hardware devices and network infrastructure to ensure a solid grasp of foundational elements. Broaden the search in the second phase to discover cloud resources, software applications, and virtual machines. And as a final phase, identify the peripherals and other devices that are at the edge of the network.
To bring order to this complex list of assets and enable seamless tracking, assets can be categorized into various groups. This categorization can majorly be based on the criticality of assets (like sensitive assets and peripherals), or can be based on the type of assets (like hardware and software assets). Each category may have different subcategories of its own. For instance, hardware assets can be subdivided into new, retired, and ghosted, while software assets can be classified as managed, freeware, unmanaged, and prohibited software (which could then help you identify and flag other instances of prohibited software seeping into your IT estate)
Making the right choice: Agent-based vs agentless discovery
There is no such thing as the perfect asset discovery method since every organization deals with a unique asset ecosystem. However, to scope the discovery, it is important to come up with strategies, layering different asset discovery methods.
Two major approaches to asset discovery include agent-based and agentless discovery. Take a look at the below table to get a better understanding of how these methods work.
Category | Agent-based discovery | Agentless discovery |
---|---|---|
Deployment approach | Involves installing an agent on the endpoint to facilitate discovery. | Involves installing lightweight code on a machine—say a server—within the network. It pings other IP-based devices, thereby scanning the asset information. |
Level of visibility | Deep visibility into IT assets by gathering comprehensive telemetry information. | Limited visibility since the scanning is less invasive. |
Suitable assets | Ideal for IT assets that tend to flow in and out of the network, such as the devices used in remote work or bring your own device (BYOD) models. | Well-suited for the assets that are fixed in a network, such as the routers and desktop computers. |
Advantages | Provides broad remote control capabilities and even facilitates tasks such as software deployment, patch management, and configuration changes. | Simplified asset discovery process by scanning the network infrastructure—without the need for individual agent installations. |
Though there are distinctions between agent-based and agentless discovery methods, organizations can use both of the methods in tandem for comprehensive asset discovery. Along with these common discovery approaches, other scanning methods—such as barcode or QR code scanning—can offer a quicker and more cost-effective solution. They involve tagging individual physical assets with unique codes.
Deploying the right mix of discovery methods marks just the beginning of the discovery process. Any data gathered from the initial discovery process runs the risk of turning obsolete, owing to the dynamic nature of IT environments. Hence, asset discovery should be an ongoing process, where continuous scanning and adaptation are required. Scanning and discovery should be scheduled to run as frequently as possible to maintain data accuracy at any point of time, detect issues promptly, respond to changes, and mitigate security risks.
Beyond asset discovery: Laying the groundwork for your CMDB
Discovered asset data, if not represented well, is simply more data. The true value of asset discovery lies in its effective contribution to the configuration management database (CMDB). This entails designating discovered assets as relevant configuration items (CIs) within the CMDB. This way, comprehension of the discovered assets (which host or support critical services) and their inter-relationships becomes easier. Moreover, it strengthens IT governance by being the single source of truth during major incident responses or when implementing changes in the IT infrastructure.
Precise and periodic asset discovery is the first step towards building a high-integrity CMDB that will in the future begin soaking in data in real time from diverse data sources like ITSM, UEM, and ITOM solutions.
Wait, there's more
In addition to the main steps we have covered, here are a few bonus tips to ensure you are fully equipped for the asset discovery journey.
- Maintain a secure library for the network access credentials to ensure authorized access for the discovery and safeguard against unauthorized intrusion.
- If you are relying on a multi-modal approach to asset discovery, ensure you have an asset reconciliation process to eliminate duplicate asset records from the inventory.
- Create dashboards to get alerts of new assets connecting to the network, assets being missed from a discovery, or assets approaching end-of-life.
- Wisely choose an asset management platform to act as a single source of truth encompassing all the asset details.
Let's round things off
As technology continues to evolve, effective asset discovery transcends the simple identification of devices and software. It is critical not just for management reporting and financial planning, but for establishing a solid foundation in knowing the boundaries of your asset estate so that you can secure it. Therefore, investing in and refining asset discovery practices will remain critical for organizations seeking to maximize the value of their IT investments and maintain a competitive edge in the market.