How many times have you heard someone say “If you don’t know what assets you have, how can you manage or secure them?”
This saying, or some form of it, has been around for years. The first time I heard it was well over 10 years ago, when I was speaking with the CIO of an enterprise. She told me she did not confidently know what and how many assets were in her environment and that other CIOs she speaks with have the same challenge.
This candid feedback caught me off guard. At that moment I remember thinking to myself two things:
1) Wait a minute...CIOs don’t know what and how many assets they have with certainty?
2) Umm... that can’t be good!
Back then, I would have bet a year’s salary that this problem would be solved by 2022. I mean how can companies continue to operate without knowing something as simple as what’s in their environment?
Well, it is 2022 and it’s a good thing I am not a betting man, because the problem still exists, and in fact has gotten significantly worse.
But why is this still an issue? Why have IT and Security professionals just accepted that limited visibility is just a fact of life? In order to understand the problem, it is important to recap the basics.
What is meant by asset visibility?
Asset visibility is pretty much what it sounds like. It's an organization's ability to “see” all the assets for which a company is responsible, and have accurate information about them. (e.g, Where are those assets? What type are they? What’s on them? Who owns them? Are they secure?).
What is an asset?
The term asset continues to evolve. The proliferation of computing devices over the last 10 years has expanded the definition, and the goal posts continue to move. Assets once meant servers, desktops and laptops. However, today assets mean much more. Now they not only consist of servers, desktop and laptops but also include all endpoints, mobile devices, IoT, SaaS applications, on prem software, networking infrastructure, cloud infrastructure and accessories like keyboards and monitors. Who knows what’s next?
Why has problem gotten worse and how do we solve it?
There are two reasons why complete and comprehensive asset visibility has become harder to achieve.
1) Many different asset types- As outlined above, different asset types continue to be introduced to organizations. Each asset type has a specific technology/tool that is used to manage and secure it.
I once consulted with a company that used one tool to manage their Windows laptops, a second tool to manage their Windows servers, a third to manage their Linux servers and a fourth to manage their Mac OS. Then add in the security and vulnerability tools and you have the perfect storm of siloed tools, data and information. This is a spot-on example of “swivel chair data management.” What tool do you go to first in an emergency? What if there is conflicting data? What data do you trust?
You may be asking why companies use so many tools? The short answer is they have no other choice. There is no one size fits all tool to manage every asset type (no matter what a vendor’s marketing may say). It is impossible for a vendor to be an expert in every technology and every use case. Best of breed technology is and always will be the optimal approach to having the most comprehensive technology for a specific use case. Companies need to use leading technology that will work best in their environment, and make the job of their IT and security teams as easy and effective as possible. Don’t get me wrong. You should consolidate the number of tools when you can, but there will never be a day where there will be one tool that does everything.
2) Siloed teams- This problem is more of a human than a technology flaw. There are many teams that play an important role in the success of IT and security within an enterprise. You have IT Operations, Server teams, Laptop teams, Security and Risk, Procurement, Asset Management, and Compliance, just to name a few. Each team has a separate budget and a technology/tool they use to perform their job. Each team has invested significant time and money in the tools they use. Even if there was a single technology that could manage every type of asset it would be very difficult to get every team using it. No one wants to rip and replace what they have, particularly if the technology is working and providing value.
Have you ever sat in a room with IT, Security and Risk professionals asking them to agree on something? It’s not an easy thing to do because they all have different objectives, training and budgets to deal with.
So how is this problem solved?
There is one and only one way to solve this problem, and that is for companies to continue to leverage the best of breed tools they use today. Let those tools do what they do best, don’t rip and replace them. Instead, tie all those systems together into a single system of record where all those technologies come together and live in one place. Orchestrate and view your UEM, MDM, EDR, Cloud, SaaS, etc. applications from one place. Then and only then will you have complete visibility and control.
Enterprise Technology Management and Oomnitza
Oomnitza was created to solve the visibility problem outlined above with its Enterprise Technology Management solution.
The thesis of our founders was why isn’t there a single system of record for IT professionals when IT is so critical and integral to a successful enterprise? They noted that Sales teams have a single system of record (i.e., Salesforce), HR teams have one (i.e., Workday) and Finance teams have one (i.e., Oracle). But IT/Security does not have one?
Oomnitza was established to give IT teams the same visibility and simplification advantages their counterparts in other areas of the business have, while driving value in five key areas of a business, (Security, Compliance, Logistics, Finance, and Employee Experience).
Oomnitza is a solution for endpoints, applications, infrastructure, and networking. It automates lifecycle processes, from purchase to end-of-life, ensuring your technology is secure, compliant, and optimized. In today’s reality of work from anywhere and zero trust, the traditional approaches of IT asset inventory management and siloed tools does not scale. To protect the competitive advantage of your organization you need an agentless platform like Oomnitza to consolidate and normalize data from existing siloed tools such as device management, SaaS, SSO, cloud, purchasing and security, to provide a key business process system for all technology in an enterprise. This capability is mission-critical, particularly with the expansion of the potential attack surface due to remote work, accelerated cloud adoption, and the explosion of IoT devices.
To learn more about Enterprise Technology Management go to www.oomnitza.com