This post covers media, hardware and software management. We will look at some key tips for managing media and using asset management for software and hardware.
- Media management. Media management is the act of maintaining media for your software and data. This includes operating system images, installation files and backup media. Any media that you use in your organization potentially falls under this umbrella. There are some important media management concepts to know:
- Source files. If you rely on software for critical functions, you need to be able to reinstall that software at any time. Despite the advent of downloadable software, many organizations rely on legacy software that they purchased on disk years ago and that is no longer available for purchase. To protect your organization, you need to maintain copies of the media along with copies of any license keys.
- Operating system images. You need a method to manage your operating system images so that you can maintain clean images, update the images regularly (for example, with security updates), and use the images for deployments. Not only should you maintain multiple copies at multiple sites, but you should also test the images from time to time. While you can always rebuild an image from your step-by-step documentation, that lost time could cost your company money during an outage or other major issue.
- Backup media. Backup media is considered sensitive media. While many organizations encrypt backups on media, you still need to treat the backup media in a special way to reduce the risk of it being stolen and compromised. Many companies lock backup media in secure containers and store the containers in a secure location. It is also common to use third-party companies to store backup media securely in off-site facilities.
- Hardware and software asset management. At first glance, asset management might not seem related to security operations, but it actually is. For example, if a vendor announces a critical vulnerability in a specific version of a product that allows remote code execution, you need to quickly act to patch your devices — which means you need to be able to quickly figure out if you have any devices that are vulnerable. You can’t do that without effective asset management (and, in some cases, configuration management). Here are some key tasks for an asset management solution:
Capture as much data as you reasonably can. You need to know where a given product is installed. But you also need to know when it was installed (for example, whether a vulnerable version was installed after the company announced the vulnerability), the precise version number (because without that, you might not be able to effectively determine whether you are susceptible), and other details.
- Have a robust reporting system. You need to be able to use all the asset management data you collect, so you need a robust reporting system that you can query on demand. For example, you should be able to quickly get a report listing all computers running a specific version of a specific software product. And you should then be able to filter that data to only corporate-owned devices or laptop computers.
- Integrate asset management with other automation software. If your asset management solution discovers 750 computers running a vulnerable version of a piece of software, you need an automated way to update the software to the latest version. You can do that by integrating your asset management system with your configuration management system. Some vendors offer an all-in-one solution that performs both asset management and configuration management.
For solution, online support and query.