Here are some of the reasons why the implementation of Hardware Asset Management (HAM) and Software Asset Management (SAM) are essential in organisations:
- Security improvement – consider patch management as one example. Having a detailed list of hardware and software is crucial if you want to be sure that all software on all devices gets updated to the latest version and any security patches are applied.
- Asset valuation – determining the current value of assets for accounting purposes – such as for negotiating a price during mergers and acquisitions or for end-of-year valuation purposes.
- Software licence compliance – beginning the discussion on HAM and SAM in direct response to vendor accusations or investigation by the Federation Against Software Theft (FAST)
- Response to an audit – could be an internal or external audit, but generally where SAM and HAM identified deficiencies which need corrective actions. Could also be driven as a preventative measure where software under licensing is known.
- Budgeting and cost centre allocation – calculating the costs per business unit of IT services for cross-charging purposes
HAM and SAM are crucial aspects in the implementation of security standards. Capturing information about corporate assets and maintaining inventory accuracy is essential, and achieved in several different ways, for example:
- Use of data from existing services such as Active Directory, anti-virus solutions, DHCP and other sources of data within the organisation
- Connecting remotely to individual assets to interrogate its state and capture information about software installations
- Install an agent on each asset which runs in the background and periodically sends information to a server to update software and hardware inventory records
- Maintain the inventory manually
Agents may not exist for all asset types, and a combination of the above is likely to maintain data over time. This requirement needs to be thoroughly understood as it will impact on the deployment timescales of any SAM or HAM solution. If an asset requires an agent, you will need an initial inventory as a starting point.
Robert is an information security consultant with over 20 years of experience across a diverse range of organisations, both in the UK and internationally. Robert graduated in 1997 with an honours degree in software engineering for security and safety-critical systems. Robert is contactable directly through LinkedIn.