As employees increasingly become remote — or as employees become contractors or on-demand — organizations need a way to effectively track, manage, and secure both physical and digital assets.
According to a survey of more than 15,000 adults conducted by Gallup, 43 percent of employed Americans said that they spent at least some time working remotely. And 31 percent reported that they worked remotely four to five days per week. What’s more, Flexjobs is reporting a 52 percent growth in remote job listings over the past two years with major companies from many fields appearing on their top 100 companies with remote jobs list for this year.
In addition to saving on costs ranging from commercial leases to furniture, many companies find that remote workers are happier and more productive.
But how do organizations manage the hardware and software used by such remote employees? IT departments are usually the ones tasked with making these decisions. Whether they choose to manage their environments themselves or outsource this to a Service Provider, a way has to be found to deliver efficient IT services that support the business for the entire organization, while providing an unobtrusive experience for the organization’s employees and contractors.
IT asset management tools allow for lifecycle management of hardware and software from discovery or deployment to disposal. Two of the most popular ways to collect asset information are the use of agents, and the opposite, simply known as agentless discovery tools.
In the agent method, an application is installed on users’ devices to collect information and manage them. The agent monitors the status of the device and collects inventory information about the hardware and software — for example what applications are installed, how they are used, and who the user is.
In the agentless method, central scanners are used to periodically connect to remote computers and run scans and diagnostics to extract information.
Some factors in the consideration of an agent vs. agentless approach include:
- Size of your workforce and fleet of devices
- Balance between employees and contractors
- BYOD/CYOD policies
- Models and condition of the devices
- Volume and types of data you wish to track
- Locations of offices and employees
- Network environment
- Size of your IT staff
Both approaches have their pros and cons. The decision can be a difficult one for IT teams, and different approaches can be beneficial during different periods in the IT product life cycle. Let’s have a look.
Employees, Devices and Installation
The agentless model does not require software to be installed on the device — but other installations or upgrades are required, most notably scanners or probes on each network sub-net and remote locations. The planning, setup and maintenance costs can add up quickly, especially for organizations with multiple offices. A fast, two-way network connection between the scanning device and the assets are needed in order for this to function, and it can be a tedious task to maintain this when people and devices move around.
Agents on the other hand need to be installed on all managed devices, but once installed, a device can be tracked anywhere, as long as it is connected to the Internet or the company network. The network requirements are much more lax, and so an agent solution is great for organizations where workstations are not always fixed. This is more and more often the case with the increase of remote workers and contractors.
Performance when working with lower-end devices is sometimes brought up as a concern with some solutions, but a well-designed and well-written agent will have an unnoticeable footprint, even on an older PC. Some devices, such as printers, switches or other network devices, may not be able to run an agent at all. In such cases, agentless scanning can be the only option.
Data Collection and Data Types
Agent-based software can collect data wherever the device is, without restrictions. Since the software is installed directly on the device, the information it collects is as accurate and up-to-date as can be.
Agentless data collection has some limitations. If the device is not attached to the network, then data or inventory cannot be collected on the device at all. This is a very common situation for employees or contractors in an organization with a BYOD or CYOD policy. Furthermore, even when devices are connected, the inventories represent only snapshots in time, with no information collected in between. This rules out for example real-time performance monitoring.
When working with real-time data, such as device health or app usage monitoring, an agent-based solution will make more sense. However, in static environments with few real-time concerns, an agentless solution will work very well.
Network Environment and IT Staff
Upgrades to agent-based software are typically automated, but there is an element of maintenance. Agentless environments are also simple to maintain, as only the scanner components need to be kept up to date. If the automation fails, agent-based systems have more moving parts for troubleshooting. On the other hand, when networks change, maintaining the reliability of the scanner devices for agentless operations can be cumbersome, or lead to unreliable operations if neglected.
Perhaps most importantly, perception is everything: some organizations may see agents as an unacceptable risk, or employees may feel that the agent software on their laptop or smartphone is an invasion of privacy. From both corporate and employee perspectives, the pros and cons of each of the approaches need to be weighed in, and company policy set accordingly.
To review, here are the general qualities of each:
- Makes it possible to do realtime monitoring and management
- Works well with remote employees with limited bandwidth
- Each agent does its own scanning and operations based on instructions set by the central IT team
- Designed for centralized environments, where the scanning and deploying are performed
- Requires networks with larger amounts of bandwidth
- Dependent on network connectivity; if the device is not connected, a scan cannot be performed
Choosing an asset management tool is a critical decision for organizations based on several factors and circumstances.
Miradore would be happy to discuss your current software asset management, patch management, and discovery tools, and determine which approach would make the most sense for your organization.