Change management: four key components to track

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

Change management has always been a serious concern for organizational IT. Changes - whether good or bad, planned or unplanned - are inevitable. Change management is less about minimizing change, but more about minimizing the risk and disruption caused by the change.

Before you can understand the impact of change in your environment, you've got to understand exactly what's in your environment. Having a clear vision of the big picture right down to the small details of every user and device is the critical foundation for any change management strategy.

While specific data and details may vary across businesses, here are the four general categories you'll need to track for a successful change management strategy:

1. Track all hardware assets. Knowing which IT assets you have and how they are used has become a challenge in today's complex and ever evolving IT infrastructure. Yet it's imperative to know what you have, where those assets are located and how they are configured. Here's a snapshot of the level of detail that should be documented for each asset:

" Equipment type: laptop, switch, printer, UPS

" Model, manufacturer, serial and capacity

" Usage information: CPU, disk

" Projected growth usage: e.g. how much more growth before it must be replaced

" Network settings: IP address, DNS, gateway

" Software installed and updates (patches and date when installed

" Services offered: MS Exchange, website

" Contract details: warranty, support, costs, install date, place of purchase

" Link to documentation and drivers

Having a firm understanding of all the salient details for each asset will allow you to make better decisions about its usage. You'll be in a better position to know if an asset is performing as expected and you're better positioned to support each system through its projected life cycle.

Create a forward-looking plan for each asset - including when an asset should be replaced and with what - in order to take the guesswork out of the process and ensure upgrades are performed uniformly across the organization.

2. Track your software assets. With a software asset management program in place, you know what you have, acquire only what you need, and can keep all your software assets running effectively and safely at every stage of their life cycle. By keeping tabs on all software installed and in use throughout the organization, you ensure that your company is complying with all licensing requirements - neither paying too little or too much for what's being used.

In addition, software management is critical to security. With the rise of botnets, worms and malicious websites, software or patch management has become just as important as having an antivirus solution. For example, the recent Flashback malware outbreak infected more than 600,000 Macs and resulted in two security fixes for Apple's OS X 10.5 Leopard.

9 popular IT security practices that just don't work

With weekly vulnerability and update announcements, patch management is a never-ending task for IT - one that's made even harder as you need to manage critical updates across a mix of devices, applications, and operating systems.

By tracking your software assets, you can make sure that all devices are updated with the latest patches and have the very latest version of any third-party applications such as Mozilla Firefox, Adobe Flash, or Sun Java Runtime.

When tracking software assets, you should consider the following:

" Is the software license valid?

" Who's using the application and do you have the right number of licenses?

" Is each software install up to date with all critical updates and patches?

" Is the software in use? You should always flag and remove any software that no longer has a business use.

3. Track user accounts/behavior. Unless you're the only employee in the company, there's a long list of users who depend on IT equipment and assets to do their work. It's important to know what users are doing inside your network at all times to ensure that applications and hardware assets continue to work to their expectations.

Follow users by user name and monitor big-ticket items like the last machine they used, online status and last log-on, and location. It's always possible to delve a little deeper for more granular information like application usage history, location on map, and last used IP.

In addition, it's critical to ensure that all user behavior is in compliance with IT policies, particularly when industry security mandates are involved. Your tracking system should flag any user behavior that has the potential to pose a security risk. This runs the gamut from the use of removable storage drives to documents saved to unencrypted paths.

4. Track change requests. No matter how well you monitor and manage an asset, change requests are inevitable. For example, there's an unforeseen breakage. A user asks you to address a support issue or add new functionality. Events in one area of your IT environment may impact devices elsewhere.

To avoid being buried in the constant stream of requests, you should implement a system that handles support tickets, change requests, and incidents. This system should track the following for each request or issue:

" Who is the requester? Was it an end user or did a system send an alert?

" Is the request required or optional? What's the priority level?

" When should the matter be addressed?

" What should be changed?

Final thoughts

In order to truly understand the impact of change in your IT environment, you must first understand all the components in your IT environment. This means tracking all devices, hardware, services, users, and software, as well as tracking the relationships between each component. This is a daunting task if you need to track everything manually.

Whenever possible, explore how to automate asset management, monitoring, and collecting information. Through automation, you'll be sure to always have the most accurate and up to date data on hand - so that when issues arise, you'll be able to take swift and decisive action.

Panorama9 is a cloud-based dashboard that helps IT managers do their jobs better and faster. Thorvaldsen is a serial entrepreneur based in Denmark and has more than 20 years experience building startups and SaaS products. Find Panorama9 on Twitter @panoramanine

Read more about infrastructure management in Network World's Infrastructure Management section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Allan Thorvaldsen, CEO and co-founder of Panorama9

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts