An inability to properly manage their IT assets is placing many North American organizations at a significant security and financial risk, says a recent report.
Examples of such mismanagement cited in the report include missing anti-virus programs, unpatched software, prevalence of malware, and poorly managed hardware lifecycles.
These issues are pervasive and affect North American companies as well as their information workers, says the report released by Softchoice Corp, a Toronto-based provider of IT products and services.
The document relies on inventory data from some 90,000 desktops and servers, representing over 200 organizations from across the U.S. and Canada. This data was assembled over a two-year period.
According to a company release, data was collected through a process dubbed Softchoice Policy TechCheck. Participating companies were asked to complete a survey detailing their organization’s stated IT policies, practices and standards. “They then provided Softchoice with a copy of the data from their inventory solution for analysis. The two information sources were compared in order to identify the gaps between stated IT policies and practices and the realities of the desktop environment itself. The aggregated statistics formed the basis of the study,” the release said.
“The study suggests there’s a breakdown within IT departments when it comes to verifying the effective state of their technology assets,” said Edwin Jansen, manager of the Softchoice services group responsible for the study. “Our findings show many organizations either do not realize the value of maintaining effective IT asset management practices or believe there are no major [issues] they need to be worried about. This is clearly not the case.”
While most organizations believe themselves to be well protected from a security perspective, of the PCs surveyed in the study, six per cent were found to be missing anti-virus software entirely and five percent were missing the most current anti-virus updates. On average, 23 percent of PCs within organizations were found to be missing major Operating System (OS) Service Packs.
“There’s a real gap between how secure people think they are and what protections have actually been deployed to the desktop itself,” said Dean Williams, a services consultant for Softchoice and the author of the report. He said this disconnect could have negative consequences, even for organizations that have invested substantially in network and desktop security solutions.
On average, 49 per cent of the PCs surveyed were found to have moderate to severe infestations of adware, spyware and other malware.
Sixty three per cent of participating organizations said they were attempting to actively maintain a hardware asset lifecycle within their organizations. Of this group, 39 per cent of the hardware assets inventoried were found to be beyond the organization’s stated lifecycle or PC retirement schedule. PCs typically pay for themselves many times over; however, at the 36 month mark, the costs of supporting and maintaining these systems begin to increase and, by 42 months, often surpass the outlays made in the initial 12 month period.
“The popular wisdom seems to be that keeping a PC in use longer means less money spent,” said Williams. “But issues such as increasing support costs, decreased resale value and even potential costs for disposal give credence to the notion that managing a predetermined retirement age for PCs has measurable cost benefits.”
However, he conceded that “putting this practice into action is easier said than done”, as the results of the Softchoice survey suggest.
In all, Policy TechCheck and survey statistics from 210 organizations were utilized for the analysis. A wide variety of industries were represented in the study including healthcare, technology, insurance, financial, non-profit, education, government, and manufacturing. The organizations ranged in size from 28 to 4,452 PCs; the average number of PCs per participating organization was 456.