One of the fundamental requirements for the IT Asset Manager is ensuring the security and traceability of the assets within the enterprise. The most common, almost ubiquitous, way of achieving this is through the use of asset labels applied to the hardware in the enterprise. Sequential numbering and an associated barcode is the primary form that asset labeling takes.
Whilst this in itself is a relatively simple exercise to undertake, there are a number of points we recommend considering to ensure the maximum benefit is achieved from the investment made.
What to label?
This is a decision that needs to be undertaken in association with the IT Security department and Internal Audit. Prime candidates are those assets where the unique identifier can be hard coded into the asset, e.g. laptops and desktops. The prime reason is to ensure that any electronic auditing tool, data inventory agent or remote management product can interact with the item and both collect and deliver information on a recognizable one to one basis. However, as this is also about security, other higher value peripherals should also be considered as a prevention to theft; monitors, printers, scanners, even Blackberries.
Separately, a view should be taken on the remaining peripheral items, either because of their low cost or delicate security nature. Do you need to label a keyboard, should you label an external hard drive? The latter especially may lead to unwanted publicity should the item be instantly recognizable as from a company where media interest is high, such as a public sector body or one where there has been a record of negative media coverage. This is especially true if encryption is not a standard on your devices.
What should be on the label?
We believe that this is the most important decision you make as there is limited space. Apart from the asset number and barcode, there are a number of optional data points that could be included (See this page for sample data points). Often the IT Helpdesk number is given together with the company name, however should the asset be lost or stolen, the label may draw heightened media interest and a greater risk that your data will become public. There is merit therefore in having the name of the asset label manufacturer and their contact details on the label rather than the name of your company, as they may be in a position to repatriate a recovered. Indeed we are finding that this is an increasing requirement as it allows the true owner of the asset to remain unidentified, making the data more secure. Currently we are repatriating several assets each month.
Where to label an asset?
Consideration should be given to where an asset label is applied. It is not applied in order to give publicity to your company, it is not there to serve that purpose. If you were using a laptop on a train you do not necessarily wish to advertise who you work for, you can never be certain who is sitting next to you, looking over your shoulder at the data on screen. Similarly there have been examples of individuals who have been assaulted simply as they worked for a company that had recently been the subject of negative publicity; the visible asset label was the catalyst!
So for a laptop it is probably best placed underneath the unit, but for a desktop, which will not leave the office, somewhere highly visible is best to provide maximum ease for a physical audit.
Different Labels for Different Surfaces?
Another important factor to consider is the surface to which the label is to be applied. One company that I worked for applied the label to the plastic wallet containing the Microsoft licence certificate underneath the laptop. Two problems existed here, first the contact was poor causing the labels to peel and on mine it eventually fell off! The second was that from a security perspective, the plastic wallet was easily removed, meaning that there was no record of an asset label on the item.
Similarly you should consider the likely use of the assets and choose a label manufactured appropriate to that environment.
There are many types of label that exist, each suited for use in a specific situation for the different reasons previously discussed. The final consideration is that the label and the asset to which it is applied have a one to one relationship. As an asset manager you will probably be familiar with the occasional instance of a label being transferred from one asset to another, which renders the whole purpose of the exercise pointless and makes your role that little bit more frustrating. Therefore the label type you choose should ensure that it can’t be reutilised, those with perforations causing destruction on removal, or that leave VOID on the asset are best for this task.
RFID asset tags
The principle behind RFID (Radio Frequency Identification) tags is that they only require proximity to a receiver device rather than a physical view. Unfortunately we have found that the technology isn’t yet sufficiently advanced. Holding an asset with an RFID tag close to the body can reduce the signal strength and in a physical audit the time saved is minimal as each asset still needs to be visited and could therefore just as easily have been barcode scanned.
To track assets accurately industry research recommends that you have more than one source of good data. Effective usage of asset tagging by default performs this function and can be linked to other sources of good data e.g. Computer Name, serial number.
Asset tags are a de facto requirement for the asset manager and a low cost investment for the benefits gained, ensuring of course that you have chosen the right label for the right situation.
There is also a requirement to ensure that the asset tags you use are compatible with a system that can easily, quickly and efficiently collect the information, feeding it back into your data repository, eg. CMDB. Such audit systems exist with the use of barcode scanners and comparison databases feeding into SQL databases.
However one final point is that in your organisation you may not be the only department with a need for asset tags, so investigate who else has a requirement, review whether your existing supplier caters for more than the IT market and look to gain the economies of scaled purchasing.