IT managers already have had to deal with non-homogeneous system landscapes for a long time – and the Internet of Things exacerbates the situation with a variety of different, internet-enabled devices that enter the company as part of the procurement of specialized departments. These include a number of devices, from medical devices in hospitals, to industrial PCs or cars in the fleet – and most of them are currently operated outside the IT radar. The situation is similar, for example, with access management systems or locking systems for buildings. Why they should place the hardware and software purchased in the department under the control of the IT department is not at first apparent to many employees. However, maximum security, compliance and business continuity can no longer be achieved today without comprehensive IT management – this is an essential cornerstone of modern device and system management.
Licensing review over the internet of Things
The first aspect of IT management is licensing. It is true that most devices on the Internet of Things are equipped with OEM licenses. Many department managers and even some IT managers therefore believe that they are automatically safe in terms of licensing law. But in fact the opposite is true, server-side CAL (Client Access License) licensing also needs to be reviewed. From this point of view, every device that accesses the server counts, i.e. every machine, every mobile scanner and also every “connected car”. As more and more apps initiate connections with the corporate network, the licensed CALs can often be achieved quickly.
But the more devices that log into a company’s network, the more difficult it becomes for IT to comply with all of the licensing requirements. Trying to do this manually and with the help of lists is a task doomed to fail, and can be costly. In the event of a validity check by a software provider, high repayments are imminent. These additional claims can be best avoided with a software-supported licence management. In this case, an automatically generated license balance is provided at the touch of a button in which all used assets are compared to the existing licenses. A need for re-licensing can thus be reliably identified.
Flexible inventory of the internet of things
Compliance with licensing agreements goes hand in hand with effective management of all devices that log into the company’s network. Not an easy task, because depending on the type and function of a device, procurement runs through the departments without the direct involvement of IT. In addition, license management requires information about which software and which drivers are installed on the devices.
With a powerful inventory solution, system information can be captured from up to 3,500 data points per device. It does not matter whether a device is constantly on the network or only logs in occasionally, depending on the device and the type of use, different inventory methods come into play.
Thus, in the case of an agentless process, services distributed on the network remotely access the respective devices according to specified schedules and pass on the obtained data to the asset management database. But the agentless method only captures systems that are logged into the network at the time of the scan. It is therefore not sufficient for infrastructures with a high percentage of mobile devices. In this case, the agent-based inventory is also used, for which a software agent is installed locally.
As a rule, no third-party software may be installed on devices in development environments, on highly sensitive control systems in production or at energy suppliers. These devices are also not accessible via the company network for security reasons. Here, the inventory should be “offline,” for example, via a USB stick. The collected data is stored in the stick, and later transferred to the asset management database.
Automated patch management for a secure it infrastructure
With a fully inventoried IT infrastructure, companies don’t just achieve the necessary compliance, they also successfully address security risks. This is also part of comprehensive protection and includes a prompt, mostly automated, application of current patches and updates on all affected devices. There is a reason that the Federal Office for Information Security, or BSI for short, counts patch management among the top 10 measures for cybersecurity.
Intelligent, holistic solutions for IT and Software Asset Management (SAM) combine license management, inventory, software distribution and patch management. You are therefore also able to compare all applications with a security database on a daily basis and also have the ability to list any potential security risks. From this overview, the new software should then be distributed or the outdated software uninstalled. The compliance requirements for each device must be taken into account and special maintenance intervals must be kept.
If these are adhered to, threats from cybercriminals, such as the WannaCry attacks that first hit the headlines in May 2017, can be largely prevented. This attack was only successful because companies had renounced the Windows security patches released in March 2017 – a circumstance that applies to many other cases of cybercrime.
Secure Business Continuity
At this point, another aspect that has a direct impact on the productivity of companies must also be addressed: If systems are monitored by means of sensors and actuators on an ongoing basis, critical conditions of production facilities can be identified beforehand and competent technicians can intervene in time. This does not result in a reduction in performance or a standstill. This control capability requires high-performance service management, based on the appropriate incident management. Processes that have been familiar in IT service management for a long time.
Practical examples show how much IT management has changed in this regard, moving away from a tool-specific approach to cross-departmental processes. At the same time, the responsibilities of IT have been consistently expanding. For example, it previously had an overview of the IT systems used in a heterogeneous system environment, but not of the license-based software that is required to use it. Today, by using a modern suite for IT and software asset management, the entire IT infrastructure of the group can be mapped and IT planning and management can be considerably simplified.
With the management of devices of the (Industrial) Internet of Things, IT expands its area of focus around the demanding field of responsibilities. Thanks to their many years of service knowledge they are already prepared for its processes. The challenges posed by a rapidly growing number of different devices can be solved with next-generation IT solutions and software asset management, or SAM 4.0 for short. These already combine the four essential building blocks of discovery, automation, cybersecurity and compliance. As such, they make it easier for a company to move forward on the path of digital transformation and IT thus provides a significant contribution for the entire company.