Businesses face increased security risks as employees use home networks to access work data, files and applications - introducing potential network vulnerabilities via personal and home devices.
Not only is IT governance essential to the security of an organization, it has a direct impact on other key priorities - including, amongst other things, profitability.
Without proper IT asset management (ITAM), an organization's IT footprint grows uncontrollably, leading to security challenges, cost inefficiencies and management challenges.
Unused or outdated devices can add to operational overhead, wasting resources and unduly inflating the cost of software licenses and services.
Nearly 66% of IT managers have an incomplete record of their IT assets, and of all the hardware and software assets in an enterprise, about 30% are considered "ghost" assets -- missing and cannot be found.
What's more, additional "shadow IT" -- IT infrastructure and services implemented without formal approval from the organization's IT department, will increasingly be funded by business units.
This means IT governance at the corporate level will be even more critical for tracking and monitoring assets on the network, to protect against security threats and vulnerabilities.
It's essential that companies have and are able to maintain a centralized, complete view of their IT Assets; or they will become liabilities to an organization's security posture and ultimate financial success.
ITAM is at the Core of IT Governance
Governance bodies that regulate enterprise IT strive to mitigate the risks and costs of neglected, outdated and vulnerable assets, and provide frameworks for defining how organizations implement, manage and monitor their IT infrastructure.
Achieving certifications in these frameworks are milestones to organizational maturity. Many larger enterprises won't adopt technology from companies that do not have certain certifications, and failing to comply with data privacy mandates can result in hefty fines.
Some of the most important IT governance frameworks and regulations include:
● The Center for Internet Security (CIS) outlines 20 best practices dubbed CIS Controls™ that aim to address and prevent the most pervasive and dangerous enterprise security threats.
● ISO 27001 is an international standard that helps organizations manage IT asset security and provides a management framework for implementing an information security management system (ISMS) to ensure the privacy, integrity and availability of corporate data.
● The Information Technology Infrastructure Library (ITIL) is a set of detailed practices for governing IT service management (ITSM). This framework focuses on aligning IT services with the needs of business by defining processes, procedures, tasks and checklists that help organizations improve the value of their services rather than just provide IT capabilities.
● COBIT is a framework for helping businesses achieve key objectives for IT governance and asset management. COBIT 2019 offers guidelines for improving enterprise governance and management, particularly as more organizations are migrating mission-critical workloads to the cloud.
● NIST has a set of frameworks for various aspects of ITAM, including NIST SP 1800-5, NIST SP 800-53, and the NIST Cybersecurity Framework. All are designed to help organizations protect critical infrastructure.
● Data privacy mandates such as the EU's General Data Protection Regulation (GDPR) regulate how organizations collect and store individuals' personal data.
At the core of all of these frameworks is an essential activity -- creating a complete and accurate hardware and software asset inventory. This best practice is listed as a top priority in CIS, COBIT, ITIL and ISO certification guidelines for one very obvious reason: If you don't know what you have, you can't manage or protect it.
CFOs and CISOs Share Responsibility for ITAM
Given the cost and risk associated with subpar ITAM, CFOs are now intimately invested -- and in most cases responsible for -- enforcing IT governance.
CFOs need to understand how many assets the organization owns, whether or not they're being used, how they're being used, and how to maximize vendor contracts.Having a single source of truth and an accurate record of all hardware and software assets, as well as details about how they're configured and who's using them -- and whether or not they require updates or need to be retired -- is essential to controlling IT spend and ensuring IT investments align with and support business objectives. This is no longer just an operational IT challenge.
The End Goal: A Productive Workforce
2020 has upended businesses in many ways, and IT is at the center of the disruption. With more people working remotely and relying on cloud-based software services, cybersecurity, data privacy and IT spend will all continue to come under scrutiny.
IT governance and ITAM is therefore an imperative, and organizations will be putting more effort toward this area moving forward. Leveraging technology to create a complete IT asset inventory makes compliance with IT governance frameworks possible -- reducing risk and spend.
Gartner reports that knowing the status of your IT assets at all times enables proactive management that reduces risk, reducing IT spend by up to 30%.
More importantly, it ensures employees have secure access to the updated, operational digital assets they need to be productive and effective. And that's really the holy grail of effective IT governance.