An inability to properly manage their IT assets is placing many North American organizations at a significant security and financial risk, says a recent study.
Examples of such mismanagement cited in the study include missing antivirus programs, unpatched software, prevalence of malware, and poorly managed hardware lifecycles.
These issues are pervasive and affect North American companies as well as their information workers, says the study released by Softchoice, a provider of IT products and services.
The document relies on inventory data from some 90,000 desktops and servers, representing over 200 organizations from across the U.S. and Canada. This data was assembled over a two-year period.
According to a company release, data was collected through a process dubbed Softchoice Policy TechCheck. Participating companies were asked to complete a survey detailing their organization's stated IT policies, practices and standards. "They then provided Softchoice with a copy of the data from their inventory solution for analysis. The two information sources were compared in order to identify the gaps between stated IT policies and practices and the realities of the desktop environment itself. The aggregated statistics formed the basis of the study," the release said.
"The study suggests there's a breakdown within IT departments when it comes to verifying the effective state of their technology assets, according to a Softchoice executive," said Edwin Jansen, manager of the Softchoice services group responsible for the study. "Our findings show many organizations either do not realize the value of maintaining effective IT asset management practices or believe there are no major [issues] they need to be worried about. This is clearly not the case."
While most organizations believe themselves to be well protected from a security perspective, of the PCs surveyed in the study, 6 percent were found to be missing antivirus software entirely and 5 percent were missing the most current antivirus updates. On average, 23 percent of PCs within organizations were found to be missing major Operating System (OS) Service Packs.
"There's a real gap between how secure people think they are and what protections have actually been deployed to the desktop itself," said Dean Williams, a services consultant for Softchoice in a statement. Williams authored the study. He said this disconnect could have negative consequences, even for organizations that have invested substantially in network and desktop security solutions.
On average, 49 percent of the PCs surveyed were found to have moderate to severe infestations of adware, spyware and other malware.
Sixty-three percent of participating organizations said they were attempting to actively maintain a hardware asset lifecycle within their organizations. Of this group, 39 percent of the hardware assets inventoried were found to be beyond the organization's stated lifecycle or PC retirement schedule.
PCs typically pay for themselves many times over; however, at the 36 month mark, the costs of supporting and maintaining these systems begin to increase and, by 42 months, often surpass the outlays made in the initial 12 month period.
"The popular wisdom seems to be that keeping a PC in use longer means less money spent," said Williams. "But issues such as increasing support costs, decreased resale value and even potential costs for disposal give credence to the notion that managing a predetermined retirement age for PCs has measurable cost benefits."
However, he conceded that "putting this practice into action is easier said than done," as the results of the Softchoice survey suggest.
In all, Policy TechCheck and survey statistics from 210 organizations were utilized for the analysis. A wide variety of industries were represented in the study including health care, technology, insurance, financial, nonprofit, education, government, and manufacturing. The organizations ranged in size from 28 to 4,452 PCs; the average number of PCs per participating organization was 456.