The system bringing success to tech refreshes infosec

The chief information officer (CIO) and the chief information security officer (CISO) may have distinct C-level roles and mindsets in the technology organisation, but the focus should be on what brings them together and what bridges their interests.

Increasingly, one core system is acting as that bridge between the executives: providing information on the hardware and software stacks in use in the organisation, in a format where it can be used for distinct but equally important purposes. That system is the asset management register that is part of an IT service management (ITSM) suite.

IT asset management has long been a core part of the CIO’s toolkit.

On the software side, it is a critical record of software licences being paid for and in use, providing organisations and IT executives with assurance should a vendor call in a licensing audit. These are frequent occurrences even during the past couple of years.

Asset management from a hardware perspective has also taken on an elevated importance in the work-from-home transition. If we cast our collective memories back to early 2020, LinkedIn was full of photos of banks of on-prem computing equipment being packaged up for collection by now homebound workers.

Keeping track of the mass movement of equipment out of the office was always going to be a challenge, and even companies with less mature asset management set-ups may have seen some drift in the accuracy of their equipment registers in recent years.

That has not only made it difficult to track down missing assets, but also to support home-based workers, where it may be discovered that the hardware or software asset that the worker has an issue with, is not reflected as something they even have in their possession.

For these reasons alone, organisations may have a need to adopt or optimise an IT asset management register or set-up.

VIEW ALL

But they aren’t the main reasons why such registers are experiencing a renewed focus and popularity.

Powering a new wave of technology initiatives

For CIOs, asset management systems have now become a core input into technology refresh projects. They’re the system of record that shows what is nearing its end-of-life and when, ensuring that prudent investments in end user computing (EUC), applications and back end infrastructure can be made.

The same asset register is also of increasing interest to the CISO, albeit for a different purpose. They are less concerned with refreshes, and more with resilience.

To identify and address cyber security challenges and risks, and understand where to apply mitigations, a CISO really needs to understand what’s in the environment: what’s connected to the corporate network, who is actually using a piece of hardware or software, and what potential vulnerabilities and security threats may exist on that particular device, be it software or hardware related.

By having the same accurate picture of the IT environment that the CIO already has, the CISO is able to cross-correlate that list with known or emerging vulnerabilities, and quickly draw up a list of infrastructure assets to scan and/or patch.

There are common goals in play, too.

With the CIO and CISO taking their understanding of the IT environment from the same asset system — effectively a single source of truth — they are also able to advance shared interests, in addition to distinct ones.

Security is a clear shared interest by the two executives.

The CIO has a clear stake in cyber security. Traditionally that stake was confirmed by reporting lines, with the CISO often reporting directly to the CIO. That’s changing, with the CISO and CIO often now having equal seats at the executive table in their own right.

However, knowing that security is everyone’s responsibility, the CIO still has a clear interest in ensuring cyber security protections are the best they can be.

When the relative success or failure of that outcome rests partially on an IT system — the accuracy of the asset management register — the CIO’s stake becomes even more clearly defined.

And that can be seen in the numbers: a Foundry study found 76 per cent of CIOs anticipated their involvement in cyber security would increase over the course of 2022. As a point of comparison, 51 per cent identified being “currently focused on security management in their role” at the start of the year.

Shared use of an IT asset management register is increasingly a key input into achieving success with multiple technology programs, from technology refreshes to security operations. The same register of assets can be used by different technology executives, for different purposes.

It is incumbent on organisations to maintain the accuracy of the asset register and to make it available across technology domains, so that its full potential as an enabler for change and operational excellence can be realised.

Dion William is the founder and CEO of Servicely.