An inability to properly manage their IT assets is placing many North American organisations at a significant security and financial risk, according to a recent study.
Examples of such mismanagement cited in the study, by US IT services provider Softchoice, include missing antivirus programs, unpatched software, prevalence of malware and poorly managed hardware lifecycles.
The study relies on inventory data from some 90,000 desktops and servers, representing approximately 200 organisations from across the US and Canada. This data was assembled over two years.
According to Softchoice, the information was collected through a process dubbed Softchoice Policy TechCheck. Participating companies were asked to complete a survey detailing their organisation’s stated IT policies, practices and standards. “They then provided Softchoice with a copy of the data from their inventory solution for analysis. The two information sources were compared in order to identify the gaps between stated IT policies and practices and the realities of the desktop environment itself. The aggregated statistics formed the basis of the study.”
“The study suggests there’s a breakdown within IT departments when it comes to verifying the effective state of their technology assets,” says Edwin Jansen, manager of the Softchoice services group responsible for the study.
“Our findings show many organisations either do not realise the value of maintaining effective IT asset management practices or believe there are no major [issues] they need to be worried about. This is clearly not the case.”
While most organisations believe themselves to be well protected from a security perspective, of the PCs surveyed in the study, 6% were found to be missing antivirus software entirely and 5% were missing the most current antivirus updates. On average, 23% of PCs within organisations were found to be missing major operating system service packs.
“There’s a real gap between how secure people think they are and what protections have actually been deployed to the desktop itself,” says Dean Williams, a services consultant for Softchoice and the author of the study. He says this disconnect could have negative consequences, even for organisations that have invested substantially in network and desktop security solutions.
On average, 49% of the PCs surveyed were found to have moderate to severe infestations of adware, spyware and other malware.
Also, 63% of participating organisations say they are attempting to actively maintain a hardware asset lifecycle within their organisations. Of this group, 39% of the hardware assets inventoried were found to be beyond the organisation’s stated lifecycle or PC retirement schedule.
PCs typically pay for themselves many times over. However, at the 36-month mark the costs of supporting and maintaining these systems begin to increase. By 42 months they often surpass the outlays made in the first 12 months.
“The popular wisdom seems to be that keeping a PC in use longer means less money spent,” says Williams. “But issues such as increasing support costs, decreased resale value and even potential costs for disposal give credence to the notion that managing a predetermined retirement age for PCs has measurable cost benefits.”