ENGAGEMENT
For the IT and InfoSec Organization of a major Digital Media company, DayBlink Consulting designed an optimized IT asset management solution. Hundreds of thousands of IT assets (applications, endpoints, appliances, etc.) needed to be rationalized and jointly classified by priority (with a specific focus on Crown Jewels) to allow for rapid and accurate issue handling by Security and IT operations teams.
PROBLEM
The company’s asset landscape was continually evolving due to technology transformation initiatives and ongoing M&A activity. Teams across the enterprise, and specifically Information Security, needed information about IT assets and resources (both physical and virtual) when trying to remediate issues or complete regular maintenance. There were many different asset inventory registers of varying size, complexity and accuracy in which IT asset information was cataloged – leading to long times to identify asset ownership and usage. Multiple classifications and prioritizations within these disparate systems added further complications, leading to conflicts in determining the most important IT resources to the organization. The client required a solution to aggregate and centralize these separated registers and come to an agreed upon asset classification framework.
SOLUTION
DayBlink Consulting was engaged to lead a cross-functional effort to identify and catalog all individual registers of IT assets (both physical and virtual), normalize and rationalize all of those inputs into a common model, and define the “Crown Jewels” as agreed upon by the business units. We coordinated across Security, IT, business verticals and the Operations teams to identify, document and normalize their existing processes for consuming and reporting on IT asset information. We helped build a centralized model that could be ingested by a future state data warehouse and various tools for operational teams to leverage the data and integrate it into their incident management workflows.
Additionally, the DayBlink Consulting team facilitated a certification process where cross-functional SMEs and executives reviewed the analysis outputs and collaboratively classified assets with low, moderate, high or crown jewel status. This allowed the client to publish the critical assets list to key stakeholders and stand up recurring processes to maintain and iterate on the Crown Jewels list.
RESULT
DayBlink Consulting designed a new federated model of IT Asset Management that allowed existing processes and tools to remain in place while being captured in a new centralized and normalized solution (which enabled different asset registries to co-exist). This unified more than 10 individual solutions for maintaining asset inventories and allowed for future processes to quickly define asset ownership and decrease time spent searching for owners among the many (and often outdated) systems. Additionally, we produced design and requirements documents for the solutions that sat over the top of this new model to accelerate reporting, tracking and operational processes tied to individual physical and virtual IT resources.
Our team’s leadership of a cross-enterprise effort to build the initial Crown Jewels list led to an organization-wide agreed upon scoring and classification of numerous assets. This list and the supporting processes guided future cybersecurity investments, and helped increase the scale of the client team’s efforts.