Matt Fisher, Chief Storyteller, Certero
How to select the right IT asset discovery & inventory tool for your ITAM & SAM programs
Discovery vs Inventory: what’s the difference?
Although the terms discovery and inventory are often used interchangeably, they are in fact distinct stages of a successful Software Asset Management or IT Asset Management program. In short, discovery is (as the name suggests) the process of finding all the devices connected to the network, ensuring there are no blind spots. Only once you have discovered the device, can you then inventory it to collect information about its configuration (class, make, model, memory, disk, processor etc.), who’s using it, where it’s located and what software is installed on it.
Many tools will position themselves as discovery when in fact they are really only competent at inventorying devices their agents are deployed to, they will do very little to help you discover unknown devices.
This makes selecting the right tool for your environment especially important. Get this wrong and your SAM, ITAM, ITSM and governance programs will suffer downstream.
If you’re 100% certain that you know every device connected to your network and how to deploy client agents or point agentless scanning technologies at them, you don’t need a discovery tool.
More likely, if you acknowledge you don’t have complete coverage of all devices (and you’ll need to decide how important non-computer devices like switches, routers, printers etc. are to your ITAM and other programs), then you’ll need some form of discovery capability.
If that’s you, read on.
What is a good IT asset discovery tool? Why is it important?
A good discovery tool minimizes your blind spots. It will find every device connected to the network, whether or not you already knew about it. It will find Windows PCs, laptops and servers. But it will also find other platforms such as Linux and Unix servers in the data center. It will find network-attached devices and it will help you discover mobiles and tablets connected to the corporate network.
In short, a good discovery tool will give you 100% visibility of all IT assets.
Why then is it so difficult to get a complete picture of the IT assets on the network? Legacy tools like SCCM are designed for a very Microsoft-centric world, which means they are adequate for creating an inventory of the known Windows devices on the network, but extremely limited in their ability to proactively find new or non-Windows devices. Other traditional sources of asset data such as Active Directory are notorious for being difficult to maintain, which makes them unreliable at best.
Even if SCCM and AD combined were able to give you 80% coverage of your IT assets (which is being generous), without a dedicated discovery tool proactively seeking out all types of devices connected to the network, it is virtually guaranteed that you will have blind spots, which means you will have risks. Quantifying those risks can be difficult (they are, after all, unknown unknowns), but as a simple example, if you have 5,000 devices and you estimate you have 80% network coverage, that’s 1,000 devices unaccounted for. Not many organizations would consider that an acceptable level of risk.
Key attributes of a good discovery tool
Having made the business case for investing in a discovery tool, rather than relying on legacy sources or simple inventory tools that only cover previously-known devices, what are the attributes of a good discovery tool?
Here are four key criteria you should use to help with your tools selection process:
Auto-discovery technologies – examine how shortlisted tools perform auto-discovery, scrutinize the methods they use to proactively go out and find new and existing devices connected to the network. Single-method discovery tools will often not provide complete coverage.
Discovery Frequency – some discovery tools create significant network traffic and overhead, which means organizations are reluctant to run them regularly. Consider how tools on your shortlist will affect your network and how often you’ll be willing to run them.
Platform Scope – where do you want to discover your assets? Is it just limited to the desktop? What about virtual environments, the data center or the cloud? Also, what about mobile devices?
Location Scope – how many locations are you managing? Some tools will be fine on a single-domain network, many will struggle to support multinational operations.
If you are considering a combined discovery and inventory tool, it is worth adding two more selection criteria to the process:
Agent and/or agent-less – your tool should be able to support both as some assets will only be discovered by one of these methods.
Usage monitoring – an important consideration if you are looking moving beyond just finding what’s out there and are aiming to optimize your software licenses and asset utilization to deliver significant cost savings going forward.
Why you need complete visibility of your entire IT estate
Some Software Asset Management consultants will tell you that 90-95% coverage of your IT estate is “good enough” to perform SAM tasks such as creating an Effective Licensing Position. Although not exactly best practice, there is some logic in this as if you are dealing with licensing for a vendor like Microsoft, if you can get 95% network coverage, you can reasonably extrapolate the remaining 5%.
However, this same methodology does not apply to other major software publishers – especially in environments such as data centers – or indeed use cases outside Software Asset Management.
Imagine asking your Service Desk to work with 90% accurate data, when they get a service request for a device in the other 10% and they didn’t even know it existed, let alone have any information on it. Or explaining to the finance team that 10% of spend is unaccounted for. Or planning a Windows 10 or Office 365 migration when you have no idea that 10% of your estate will still be on legacy (and possibly unlicensed) software long after you think you’ve finished.
If you view discovery and inventory through the myopic lens of Software Asset Management, it is possible to argue that “good enough is good enough”. But when it comes to supporting wider IT Asset Management, Digital Transformation and Technology Governance initiatives, nothing less than 100% coverage is really good enough.
What about the cloud?
The cloud represents a growing portion of IT spend and also presents new challenges in terms of discovery, requiring quite separate approaches for SaaS and IaaS or PaaS. Looking specifically as SaaS, there are a growing number of tools claiming to offer “SaaS discovery”, usually by either integrating with expense and finance systems to identify spend (and assume that there is corresponding consumption) or by using browser plug-ins to monitor individual employee activity.
Both of these approaches have serious limitations as neither are true discovery. Both methodologies require some kind of existing fingerprint (similar to a software recognition database) which effectively means they will not discover unknowns. They are, in fact, inventory methodologies, not discovery. They also produce a lot of noise and false positives, which is the enemy of many SAM programs.
Certero believes a better approach for SaaS management is to focus in on the major strategic SaaS vendors you spend the most money with (Microsoft, Salesforce, ServiceNow, Adobe etc.) and actively manage spend and consumption through methodologies such as API integrations.
Are you ready to get the full picture?
If you’ve had enough of only seeing part of the IT estate reflected in your inventory reports, it’s time to look at a competent discovery and inventory tool that will give you complete coverage.
Certero for Enterprise ITAM includes complete multi-platform and multi-location discovery of all types of IT assets. It is the backbone of the ITAM and SAM capabilities of the Certero Unified Platform. What’s more, it’s fully integrated into the ITAM and SAM platform, meaning you don’t need to administer or report through a separate interface.
Discovery and inventory is also available as a managed service, where Certero’s experienced ITAM professionals will guide you through the process of building a complete view of your deployed IT assets. This can be delivered as a baseline exercise for you to then self-manage moving forwards, or as an ongoing managed service.
Whatever route is right for you, don’t risk running your ITAM, ITSM and SAM programs with only part of the picture.
