5 Signs You Need to Improve Your Offline IT Asset Management Strategy
Whether you fulfill one or all, you may need to rethink if you are managing offline IT assets in the most efficient and effective way for your organization in order to protect the data that is on them.
- You can’t easily determine the status and location of an offline IT asset: “I could have sworn I put that used hard drive… in that box… in that room … yes, I definitely did… wait, is it still there?!” Without a central repository of all of your offline IT assets, it is difficult to quickly determine the location of any offline IT asset. Furthermore, without predetermined workflows for the assets to take once they are offline, it is difficult to ensure that they have successfully been through every stage necessary prior to reaching their final disposition destination. A NAID Study done earlier this year found that about 30% of hard drives that were purchased on second hand markets still contained data. This proves that it is difficult to verify a stage like wiping offline assets with certainty if you don’t have an application to tell you where assets are in their workflow. If you spend time guessing where assets are located and where they are in their workflow, it is time to improve your offline IT asset management strategy.
- You have different disposition processes across your organization: Whether a group of hard drives need to be destroyed or computers are being returned to a vendor, without standardized processes across your entire organization, your company can find operators doing things differently at each site. Decentralized offline IT asset management processes only make it harder for the people who are in charge of multiple sites to report on asset activity and guarantee they are all in the right place and accounted for.
- You rely on your destruction vendor to tell you what has been destroyed: Your organization needs to have full accountability of their IT assets because you are responsible for the data that may still reside on them. If you do not manage your IT assets properly prior to destruction, how can you guarantee that all of the necessary assets were indeed destroyed? This is what I consider the gap in managing IT assets.
- You rely on your ITAM solution to tell you about offline IT assets: Speaking of relying on others… A lot can happen to an asset once it goes offline. It can be moved to another location, grouped with other assets, wiped, signed off by a manager to be destroyed, and on and on. Marking an asset as “retired” or “destroyed” in your ITAM solution no longer gives you an accurate account of what has been done to the asset, what needs to be done, and if everything has been done so accurately.
- You have difficulty verifying chain of custody: I think everyone stops breathing when those auditors in their suits step into the office, or even when your boss sends you an email asking a question about an asset that you don’t know the answer to. When it comes to managing offline IT assets – which are most likely valuable and/or data bearing – the lack of an offline IT asset management strategy makes it close to impossible to verify chain of custody. As a result, making it difficult to answer the who, what, when and where questions asked by audit and management.
A lot companies wait until they experience a data breach to implement procedures, especially companies in the healthcare industry, but with sensitive data on the line, you need to do all you can to prevent a data breach rather than react to one. How is your organization administering offline IT assets? Let us know in a comment below.
You can automate your offline IT asset workflows with AssetAware and see how easy it is to standardize processes, protect data, and satisfy audit. Read more about AssetAware and start improving your offline IT asset management strategy.