Guide to ITAM

A key step in building a successful security program is identifying and listing down the assets of your organization.

If you are a Security Architect or building up security especially for Startups then you will definitely smile and nod your head in the agreement of challenges that are involved in tracking the company’s assets and its software/vendor licenses.

Assets all over place! Photo by Annie Spratt

This article will assist many startups co-founders, IT and security professionals in effectively managing company assets including laptops, keyboards, and ink toners etc.

Assets are not just physical machines but also assets like Servers, Cloud inventory etc but scope of this article will be limited to hardware and software inventory. (If you have platforms like MDM or EPP then you are a matured ecosystem and this article is not applicable to you)

Tip: AWS has “AWS Config” & GCP has “Cloud Asset Inventory” to track the assets.

Maintaining Excel Spreadsheet or Google Sheets is not scalable and it can become cumbersome to maintain multiple tabs or to link multiple assets. My advice would be if you are more than 10 people then try avoiding manual excels to manage your company’s assets and procurements.

Before we actually jump to solution, let me give you some gyan on ITAM.

Many of you must be familiar with ITSM for Service Ticket Management but one of important ITSM subset is IT Asset Management (ITAM).

Large enterprises will maintain the state of company’s IT assets, asset owners and software license tracking in the form of CMDB. (Not to be confused with “CMD”)

CMDB aka “configuration management database” in ITIL refers to the database that is used by an organization to store/track information of hardware and software assets.

ITAM is a set of business practices that enables company to organize and manage company’s assets, procurement and its billing records. For example, it can help answer questions such as Type of Asset, OS, Serial Number, Warranty Details etc.

ITAM — Not just Asset List >

Maintaining an asset list serves a greater purpose than just inventory management. It enables tracking of assets, unnecessary purchases and optimization of current resources by reducing the costs related to software licensing. Also, it helps in better tracking of assets while employee onboarding or offboarding.

“Stages of an IT asset lifecycle”

IT Asset Lifecycle includes the following stages: “Read Left to Right”

IT Asset Lifecycle

Now that we understand the Whys of ITAM, so I think it is correct time to jump to the Open Source Solution “SnipeIT”.

SnipeIT is FOSS solution built on Laravel, it helps you in managing your company’s assets along with the asset owners, software licenses and other accessories details that are issues to your employees. It is easy to manage as Open Source solution but if you are not planning to self host it then they also provide cloud hosted solution.

You can download the opensource version of SnipeIT using this Github link but I would be using its demo instance for my walk through.

> Use the following “Demo” link to follow this demonstration.

1. Login Using: admin / password

SnipeIT Demo: https://demo.snipeitapp.com/

2. Default Dashboard view after First Login: (Check Left sidebar), also check create option to create new asset, license or user details.

SnipeIT Dashboard view on Left sidebar

3. Click top extreme right option present in menu bar as “cog wheels”. You will see the following admin options.

SnipeIT Admin Bar

Try looking for security setting and enable 2fa and other settings, best way to learn would be to explore available options.

• You can also explore Slack option to send the notification on Slack Channel or you can also check the usual email notification option.

Slack Integration Option in SnipeIT

Some other SnipeIT notification options:

4. Explore Asset page:

Refer to Asset tag details that can be added

5. Asset Checking out & Checking in option:

Asset Check out and Check in option

Checking In and Checking out are two concepts in Snipe-IT

Checking Out: As the name indicates it means we are marking the assets as being in the possession of someone else. (Outwards)

Checking In: When an employee exits the company or a company asset, license, or accessory is not functioning correctly, it should be checked back in to indicate the company’s possession of the asset. (Inwards)

6. Try to explore the Settings option present under left sidebar.

SnipeIT Settings option

7. Explore option called consumables that can be used to maintain the office or stationary related inventory details.

SnipeIT Consumable Option

8. SnipeIT’s People option on left sidebar contains information related to Employee Name, Phone Number, Department etc.

SnipeIT People Option

Click on a particular employee name and you would be able to see all associated information with that person like asset, licenses etc.

SnipeIT User Record

9. Explore several reports that you can generate and you can also refer to audit logs under this section.

SnipeIT and Audits

10. You can also create backup of your entire SnipeIT data as per “https://<Your-Endpoint>.com/admin/backups/”

I hope you find this article useful, please feel free to share it across.

Do reach out to me for any queries or explanation.

~AshishSecDev