×
ItalianoEnglish
Set as default language

Grandangolo Communications

  • Home
  • Company
  • Services
    • Public Relation
    • Digital PR
    • Marketing
    • Lead Generation
    • Events
  • Best Practice
  • Customer Press Room
  • Contacts
  • Languages
  • Home
  • Customer Press Room
  • Qualys
  • Because the IT management is still so difficult?

Customer Press Room

Because the IT management is still so difficult?

by Grandangolo Communications / Monday, 10 June 2019 / Published in Qualys

10 June 2019–

By Marco Rottigni, Chief Technical Security Officer EMEA at Qualys–

The Forth Bridge in Scotland is famous for being painted; continuously. As soon as the work is completed from one end of the bridge to the other, the maintenance team restarts with the painting activity. Obviously, we are talking about a false urban legend, but if the news were true it would be of great interest to paint manufacturers and maintenance companies. In fact, before being treated with a special coating that lasts more than 25 years, the bridge required close attention from the maintenance workers given the continuous exposure to bad weather.

What does the Forth Bridge have to do with IT asset management, also known by the acronym ITAM? We are talking about an essential requirement for those responsible for the security of IT tools, for compliance and the management of IT operations. In fact, a coherent and continuous approach is required to keep information on IT equipment constantly updated and yet, it is not as simple a process as it seems.

Configuration management and resource monitoring have become an important component of the IT Infrastructure Library since the 2000s, while IT equipment databases were already managed years before. Yet, according to Gartner analyst Hank Marquis, 80 percent of companies investing in Configuration Management Data Base (CMDB) projects see their efforts fail, making ITAM coordination extremely difficult.

Managing an accurate and updated list of IT devices helps security teams prevent problems. According to Verizon's 2016 Data Breach Report, the top ten software vulnerabilities are responsible for 85% of confirmed compromises; without this in-depth perspective it is very easy for attackers to remain in the compromising positions they have earned. An example is the case of Apache Struts, where errors that could be remedied with available patches caused successful attacks in some large companies with fines of millions of euros.

Why is it so difficult to implement ITAM correctly? Although we have seen CMBD initiatives for over twenty years, why is it so difficult to have accurate and up-to-date IT data?

How to obtain more accurate data on IT assets

One of the first reasons is related to the number of equipment that today must be tracked by CMDB systems. Every single PC has its own operating system, hardware and various applications installed; just as for each device there will be versions and patch levels to check. If we multiply everything by the total number of employees of a large company, the numbers grow rapidly: each employee also has a smartphone or tablet, further increasing the number of devices.

Without forgetting corporate IT services, web applications, cloud deployments and other IT resources that need to be controlled, monitored and managed.

With so many IT tools constantly in motion in an organization, it is not easy to build a CMDB or perform regular asset inventories. It's a problem of scale.

Secondly, each platform may have data on the same devices, but provide this information differently, using different definitions and for different reporting objectives. A PC on a network can be identified in different ways, while the software installed on that machine is otherwise tracked for licensing, security and workstation management purposes. This large data variance is one of the first reasons CMBD initiatives fail.

Even when a CMBD implementation gets off to a good start, the operational burden takes up time that could be spent on more important, data-driven decisions.

To solve this problem we suggest collecting all the information about ITAM together in one place. Rather than monitoring different sets of asset data regarding endpoints, IT network devices and cloud services separately, all data should be consolidated and sorted.

Automating the data normalization process can also offer the opportunity to enrich the data itself, for example by including information on the status of “end-of-life” and supporting information rather than requiring additional manual effort.

This ensures that the data sets are incomplete.

For mobile or remote devices, software agents should provide accurate information about what these devices are, to ensure consistency and security regarding what connects to the corporate network.

All this information should be constantly updated, reflecting the changes that occur every day as new equipment is added, upgraded, modified or decommissioned.

Use data more effectively

Creating a CMDB or other IT asset library can help improve the accuracy of data usage within your company. However, there are other ways that can facilitate collaboration between teams, such as prioritization. With so many new updates arriving, it can be difficult to know which updates are the most urgent, and which can wait, as well as knowing the impact each update has on IT software releases. Consequently, it is not enough to have a list of resources but it is necessary to work on which are most important for business development and which have a lower priority.

Perhaps through dashboards that highlight when situations exceed certain attention thresholds.

Similarly, this list should provide insight into applications or services that cannot or will not be updated but still provide business value, so that other teams in the organization are aware of them and can plan ahead for how to proceed. For example, let's think of hardware dedicated to the manufacturing or healthcare sector that can only support a specific operating system and which at a certain point sees its support end.

The protection needs, the criticality of a probability of attack continue to exist and this situation must be traced.

Another issue is how IT teams collaborate.

ITAM data can be used effectively for security, compliance and risk management. If they are not accurate, timely and visible to these teams, their performance will be affected. Additionally, it can be difficult to obtain accurate information about all the software assets and potential vulnerabilities that exist on devices. When different teams are responsible for their own IT assets, they may use different tools to gather information about how much is being used, a process that can lead to inconsistencies in the data captured.

Define the price of the ITAM

Oscar Wilde wrote in game Lady Windermere's Fan that a cynic is “… a man who knows the price of everything, but the value of nothing.” For IT teams, the big challenge around ITAM is that they don't have accurate information about the price and value of their IT assets.

However, this data can be used to demonstrate how better IT management could be achieved. For example, offer important elements for more accurate financial planning and forecasts on IT tools to purchase. The essential element therefore remains that of having an accurate list of resources and a constant process to verify that these resources are still necessary and used in the company

Conclusions

ITAM is critical to successfully managing IT resources over time. Without accurate data, it is impossible for IT teams to ensure the security, compliance and operational support that the rest of the business expects. ITAM approaches must keep pace with the rapid changes occurring across enterprise IT, providing real-time information on what problems exist. By working more efficiently and adopting a data-driven approach, ITAM teams can help their companies improve security and budget utilization by keeping tools up-to-date and using resources where they are needed. Like the Forth Bridge painters, we need to break out of the potentially infinite cycle of mechanically repeated behaviors to achieve better results.

About Grandangolo Communications

What you can read next

Qualys extends integration with Microsoft Azure Defender to on-premise and multi-cloud servers with Microsoft Azure Arc
Qualys raising the quality level on vulnerability management and announces VMDR - Vulnerability, Management, Detection, Response
Qualys presenta la cloud App Global IT Asset Inventory

Customer Press Room

  • Arrow Electronics has been awarded by Equinix as Distributor of the Year 2025 for the EMEA region

    Arrow Electronics, a global supplier of technology...
  • SentinelOne makes the Purple AI Agentic Investigation solution available to all customers, bringing the latest generation AI directly into the SOC

    The investigations, started autonomously and without need...
  • Acronis TRU reveals the ongoing evolution of the INC ransomware group

    A recent report published by Acronis Threat ...
  • ESET Research investigates the Gentlemen ransomware author group and its defense evasion tools

    The Gentlemen Group develops, maintains and supplies...
  • Imprivata presents the Agentic Identity Management solution to protect and govern the access of AI agents

    Imprivata, a leading company in Ac...

Archives

  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018

Categories

  • A10
  • Abstract
  • abstract
  • Acronis
  • Ally Consulting
  • Arrow
  • Arrow Electronics
  • Axiante
  • Babel
  • Computer Center
  • Cohesity
  • Italy Cloud Consortium
  • Consys
  • D-Link
  • Eset
  • G.B. Service
  • Habble
  • HiSolution
  • HYCU
  • Icos
  • Imprivate
  • Information Tecnology
  • Innovaway
  • Ivanti
  • Link11
  • MobileIron
  • Netalia
  • Nethive
  • Nexthink
  • Nuvis
  • Praim
  • QAD
  • Qualys
  • Red Hot Cyber
  • Riverbed
  • Saviynt
  • Sensormatic
  • SentinelOne
  • Talent Software
  • Vectra
  • Vectra AI
  • Vertiv

Office printing, digital PR, marketing, lead generation: all projects are born from our passion and expertise, with an inevitable touch of creativity and innovation.

COMPANY

Grandangolo Communications Srl
Via Sardegna 19
20146 Milano
Telephone +39 335 8283393
info@grandangolo.it

I SERVIZI

  • Home
  • Company
  • Services
  • Best Practice
  • Customer Press Room
  • Contacts
  • Languages

CONTACTS

  • Contacts
  • Cookie policy
  • Privacy policy

© 2019 GRANDANGOLO COMMUNICATIONS SRL | P.IVA IT 06394850967 | All rights reserveD.

Powered by Webpowerplus

TOP