Risks and rewards: The undeniable importance of asset management
If you’re like most companies, you have old, unused, but still operational devices laying around at this very moment. That’s a problem.
Misplaced devices may not seem like a big deal, but the cost of lost PCs is actually greater than you might think – from both a financial and security standpoint.
In this post, we’ll take a closer look at the threats these devices pose to your company as well as the steps you can take to ensure your assets are being properly managed and disposed of. We’ll also discuss how proper asset management, including the reclamation of older devices, can equate to more savings for your company.
The most-at-risk areas of your organization
Auditing, privacy, and security are some of the top issues in IT right now, but you can’t manage devices if you don’t know they’re there. The devices that are temporarily out of service or are mostly retired represent significant risk to your organization because they are outside of your carefully crafted security and management processes.
The three most common risks you could face are:
- Data privacy: Arguably the biggest issue. One of these lingering devices might contain either proprietary information like intellectual property, or perhaps personal information like client lists, client addresses, customer private data, etc.
- Security: Every device in your organization is inherently connected and known to the network. If you haven’t properly and fully retired them, an unauthorized person could gain access to one of those machines and have instant access to sensitive company resources. Old PCs can give internal and external hackers a privileged platform from which to do their dirty work.
- Legal/compliance: If you haven’t taken devices out of service properly and completely, the software on them will continue to consume licenses. This hidden license consumption can drive you out of compliance with your license agreements and expose you to fines and repayments if you’re audited.
Each of these risks carry far-reaching civil and criminal liabilities if you don’t have proper disposal protocols in place. When you’re retiring devices, be sure they’re wiped, secured, and disposed of in an environmentally proper way.
Enforcing proper disposal protocols
Smaller, less mature companies often don’t have a formal policy for disposing their devices, making the disposal process inconsistent at best. Larger organizations – where the risk might be greater – often have a process in place. But just because they have a process in place doesn’t mean it’s actually working.
By putting proper governance in place to track everything, you can ensure the process is executed correctly. The ideal process for disposing of a device includes:
- Managing an asset from the point at which you own it (when it’s been purchased as well as when there’s confirmation it’s been shipped to you)
- Tracking the asset when it’s received and acknowledging its receipt
- Tracking the asset when it’s deployed to a user
- Reclaiming the other laptop or PC that the new asset replaces
- Tracking the new asset as it changes and moves through your organization
- Capturing the asset’s end-of-life status as it goes into the decommissioned state so you can reclaim the software, ensuring the disk is properly wiped and disposed of in an environmentally friendly manner
If the asset is leased and you can’t effectively find or return it to the leasing company, penalties and charges will quickly mount up.
For devices you’ve purchased, the final disposal should be handled by a certified disposal company that performs IT asset disposal (ITAD). The ITAD company will issue you a certificate of destruction, certifying that the referenced device has been disposed of the right way and you are no longer responsible for that device.
There are savings to be had
Avoiding security risks and alleviating data privacy are usually the driving forces behind asset management. But you can’t overlook the potential savings.
Older PCs have value. The return might be minimal, but the quicker you reclaim a device, the more value you can realize from it. And licenses can only be reclaimed and reused when you’ve wiped the software from the PC. The sooner that’s taken care of, the sooner you can reuse the license and avoid buying new licenses.
Don’t forget about maintenance and support. Sometimes maintenance and support charges continue until a device is specifically removed from the program. A PC that’s hidden away in a storage room could easily be costing you hundreds of wasted dollars a year in maintenance and support charges, which can quickly add up with the number of unused devices.
We previously worked with a midrange real estate company that had a policy for disposing of assets, but lacked proper governance to enforce it. When this organization sat down and finally did a physical inventory, it discovered that 20% of its assets were idle and out of service; it was not accounting for these devices.
This real estate company was in a serious hole in terms of software compliance because its devices were never marked as decommissioned and never properly disposed of. Deployed licenses were still being consumed, leaving the organization in a deep deficit in software licensing.
Failing to follow proper disposal protocols cost this organization when doing the opposite could have saved it money.
Is it worth the risk?
If you don’t really know your asset – where it is and who’s in control of it – then that device, and your organization, is inherently insecure.
Adopting a comprehensive asset management program can keep track of your devices for you. It lets you know exactly where your devices are and what data is on those devices. You can also be sure that data isn’t going anywhere it’s not supposed to.
Without an asset management plan in place, you greatly increase your chance of risk. Your organization’s security is in jeopardy and data loss becomes possible. Asset management might not be at the top of your company’s priority list, but ask yourself this: Can you afford the risk? The choice is yours.
To learn more about how SHI can help improve your IT asset management, contact your account executive.