What is IT Asset Management?
IT Asset Management (ITAM) traditionally included assets such as servers, mainframes, routers, switches, firewalls, desktop and laptop computers, printers, and software — all things managed by IT. But technology no longer only consists of IT assets. Today, there are non-IT technology assets in organizations everywhere.
With the rise of the Internet of Things (IoT), technology is pervasive in things such as heating, ventilation, and air conditioning (HVAC) systems, devices and sensors, security cameras, medical devices, and more — all connected to the Internet and owned by different areas of the business. Thus, ITAM has evolved into Technology Asset Management (TAM).
Is ITAM – TAM more than a software asset management tool?
TAM is more than an inventory of an organization’s assets. Its importance to the organization is reinforced by the existence of various international and U.S. standards, including the following:
- International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC):ITAM is defined in ISO/IEC 19770 specifically addresses modern challenges such as security (aligned to ISO/IEC 27001), cloud services, and mobile computing including:
- Software
- Physical and digital media
- Physical and virtual IT equipment
- Licenses (including proof of license)
- Contracts
- ITAM system management assets (including systems, tools, and metadata)
- U.S. National Institute of Standards and Technology (NIST): NIST Special Publication 1800-5 defines a standard ITAM approach and architecture and recognizes that “ITAM is foundational to an effective cybersecurity strategy” because it “enhances visibility for security analysts, which leads to better asset utilization and security.” The NIST Framework for Improving Critical Infrastructure Cybersecurity is organized into the following five core functions:
- Identify
- Protect
- Detect
- Respond
- Recover
Within the Identify function, the Asset Management category is defined as follows: “The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the organization’s risk strategy.”
Who uses ITAM?
TAM provides tangible benefits for many different use cases across organizations, including the following:
- Finance and Procurement: TAM helps finance, procurement, and asset managers with negotiating purchases and renewals, reconciling fixed asset reports, eliminating wasted expenditures, and validating the disposition of retired assets.
- Security and Compliance: TAM identifies all things attached to the organization’s network, providing detailed information about location, configuration, accessibility monitoring for unplanned changes, unauthorized access, vulnerable software, and lost and unresponsive assets, as well as workflow audit tracking for GDPR, HIPAA, SOX, PCI DSS, and more.
- IT Operations: TAM delivers a self-aware IT infrastructure by updating CMDBs, DCIM, and building management systems (BMSs) with current asset configuration and location information, improving efficiency and SLAs for change management workflows and service desk management.