Asset Management

Asset Management

Acquisition/Procurement Process

The purchasing process

  • Multi-step process for requesting and obtaining goods and services

Start with a request from the user

  • Usually includes budgeting information and formal approvals

Negotiate with suppliers

  • Terms and conditions

Assignment/Accounting

A central asset tracking system

  • Used by different parts of the system

Ownership

  • Associate a person with an asset
  • Useful for tracking a system

Classification

  • Type of asset
  • Hardware (capital expenditure)
  • Software (Operating expenditure)

Monitoring/Asset Tracking

Inventory every asset

  • Laptops, desktops, servers, routers, switches, cables, fiber modules, tablets, etc.

Associate a support ticket with a device make and model

  • Can be more detailed than a user’s description

Enumeration

  • List all parts of an asset
  • CPU, memory, storage drive, keyboard, mouse

Add an asset tag

  • Barcode, RFID, visible tracking number, organization name

Media Sanitization

System disposal or decommissioning

  • Completely remove data
  • No usable information remains

Different use cases

  • Clean a hard drive for future use
  • Permanently delete a single file

A one-way trip

  • Once it’s gone, it’s really gone
  • No recovery with forensics tools

Reuse the storage media

  • Ensure nothing is left behind

Physical Destruction

Shredder/pulverizer

  • Heavy machinery
  • Complete destruction

Drill/Hammer

  • Quick and easy
  • Platters, all the way through

Electromagnetic (degaussing)

  • Remove the magnetic field
  • Destroys hard drive data and renders the hard drive unusable

Incineration

  • Fire hot

Certificate of Destruction

Destroy is often done by a 3rd-party

  • How many drills and degaussers do you have?

Need confirmation that your data is destroyed

  • Service should include a certificate

A paper trail of broken data

  • You know exactly what happening

Data Retention

Backup your data

  • How much and where?
  • Copies, versions of copies, lifecycle of data, purging old data

Regulatory compliance

  • A certain amount of data backup may be required
  • Emails, corporate financial data

Operational needs

  • Accidental deletion
  • Disaster recovery

Differentiate by type and application

  • Recover the data you need when you need it