My observation is that Hardware Asset Management (HAM) and Software Asset Management (SAM) data are seldom accurately maintained, and often there is no expectation of the information being close to accurate. Given that SAM and HAM are cost centres rather than profit centres, this is understandable.
If you were issuing credit cards to consumers, we would expect the bank to account for every transaction, every penny spent, every credit or debit card, and every card cancelled within the system. It is doubtful that someone would ever suggest that 80%, 90% or even 95% accuracy would be acceptable. The same applies to many areas of the core business that generates revenue. However,
Without accurate HAM and SAM data, how can you be expected to, for example:
- Know if unauthorised software is in use
- Know if hardware assets are missing or stolen
- Know which hardware assets and software packages need security updates
- Identify support costs which are too high because usage has dropped
- Know if you have adequate software licences
Robert is an information security consultant with over 20 years of experience across a diverse range of organisations, both in the UK and internationally. Robert graduated in 1997 with an honours degree in software engineering for security and safety-critical systems. Robert is contactable directly through LinkedIn.