Managing assets physical & information with the help of technology
Software piracy. Stolen guns. Purloining of confidential papers. Government agencies are protecting against all these types of crime — and a whole lot more — with asset management technology. Yet asset management technology. Yet asset management is an extremely wide product category. Vendors apply the term to everything from radio frequency identification (RFID) wireless technology, used by the Department of Defense (DoD) for the past dozen years, to lifecycle management software, now under deployment at the Department of Homeland Security (DHS), among other places.
The types of asset management products useful for physical and/or information security (IS) can be boiled down into three main groups.
-
RFID and other scanning systems for tracking down locations of physical goods. In one asset management scenario, scannable labels are attached to physical assets — whether it is military armaments, cartons of toothpaste or delivery trucks — so as to track their exact locations. For example, the U.S. military uses RFID to keep tabs on supplies as they move from cargo shipments and storage warehouses to use in the field — even in combat.
-
Information security tools for tracking what software and hardware are installed on a network. These so-called “network auditing tools” are mainly the bailiwick of IT specialists, and are used to, for example, identify if there is hardware or software that should not be installed on a network. This technology can avoid legal fines for “software piracy,” or violations of software licensing agreements with vendors. “The fines can be huge,” maintains Rob MacFarlane, president of Micro 2000, one firm specializing in this arena.
-
“Lifecycle management” software for keeping computerized records about property. These products are geared mostly to physical objects, but sometimes are useful for IT assets, too. The software allows users to keep computer-based records about their belongings. Some vendors, such as Sunflower Systems, provide interfaces for connecting their products to network auditing tools, too. Their customers include the Transportation Security Administration (TSA) and Department of Health and Human Services, along with the DHS, says Robert Kaehler, Sunflower’s vice president and general manager.
New directions in all three areas
Although none of these three products are entirely new, they are taking off in some intriguing new directions. The DoD, for example, is now starting to combine the “active” RFID technology in use since just after the first Persian Gulf War with less costly “passive” RFID tags, notes Bruce Jacquemard, executive vice president and general manager, Global Field Operations, for RFID specialist Savi Technology.
Ironically, RFID is sort of a technological descendant of the bar code labels that are on most goods sold in retail stores.
RFID goes to war
The active RFID tags traditionally used by the DoD contain computer chips for built-in processing power and IS security. The active tags can also be read from much further away than passive tags, according to Savi’s Jacquemard. Active RFID, however, is more costly than passive RFID.
Since 1994, Savi has held the sole source contract for active RFID systems used by the DoD. The DoD now implements active RFID for cargo shipment of large containers in 46 countries around the world. More recently, U.S. allies have also started deploying Savi’s technology for their own military operations, including the United Kingdom Ministry of Defence, Denmark’s Ministry of Defence, and NATO’s Afghanistan Supply Chain.
Savi’s active RFID systems encompass RFID tags, handheld RFID readers, and RFID management software. On the other hand, producers of passive RFID tags include Matrics, a company recently acquired by handheld scanner specialist Symbol Technology, and Alien Technology.
Jacquemard adds that Savi has now started working with the DoD on the new hybrid active/passive RFID applications. Specifically, Savi is integrating information in passive RFID tags, attached to contents of containers, into the active RFID tags attached to the containers themselves. “So you’ll literally be able to see ‘what’s inside the box,’” he explains.
Passive RFID gets more secure
Meanwhile, the U.S. Army is already deploying passive RFID in its supply distribution warehouse system, according to Ted J. Rutsch, program manager, federal government business, for V-ONE Corp., an RFID military contractor that provides IS security for passive ID.
The passive RFID effort is part of the Army’s Automatic Identification Technology (AIT) program, says Rutsch. Army personnel use a variety of different personal data collection terminals (PDCTs) for scanning shipments and garnering information from the computer network about where supplies are located.
V-ONE’s IS security works across all of these PDCTs, he says. The technology produces a virtual private network (VPN) for secure authentication, or network access control. Instead of authenticating, or allowing access to, the mobile device — as VPNs generally do — V-ONE authenticates the user.
“This is very important because of the portable nature of these devices. There is a need to be sure that only authorized personnel are using them,” Rausch maintains. At some supply warehouses, for example, military staff must scan in a “personal RFID tag” before gaining access. V-ONE’s system also uses a high-strength encryption known as Advanced Encryption System (AES) to scramble computerized data, so that it cannot be read by unauthorized eyes.
Guarding against software privacy
The second type of asset management product — networking auditing tools — can ensure that employees are not engaging in illicit software piracy.
With software piracy on the upswing, an industry group called the Business Software Alliance (BSA) has been increasingly vigilant about getting court orders to audit organizations for signs of illegally installed software.
In October, the BSA announced that it had recently collected $75,000 in settlement fees from an engineering firm in Virginia, plus $700,000 from companies in the Northeast region of the U.S., $500,000 from Southeast companies, $650,000 from Midwest firms, $250,000 from California companies, and more than $110,000 from two firms in Colorado.
How does unlicensed software make its way onto computer networks? Sometimes, employees introduce the forbidden code by copying software from their home PCs onto systems at work, maintains Micro 2000’s MacFarlane.
Some network auditing tools, such as Micro 2000’s RemoteScope, produce written reports showing all software and hardware products in use within an organization, before a BSA audit even takes place. “Then, you can hand the report over to (BSA) auditors,” MacFarlane says.
Networking auditing tools have other important uses, too. “If an employee is spending some of his time playing a computer game, and I haven’t authorized this, I am going to know,” MacFarlane says.
RemoteScope also contains an alert feature that notifies supervisors about software policy violations on computer networks. Aside from Micro 2000, other makers of network auditing tools include LANdesk Software Inc. and Novell.
Protecting physical property
Originally, organizations used lifecycle management software mostly to keep records about fixed assets such as real estate and vehicles for purposes of financial depreciation. These days, however, these products can be used to maintain information regarding just about anything a company or government agency holds dear.
“We support three levels of assets in our Sunflower Assets software,” says Sunflower Systems’ Kaehler. “Accountable assets consist of assets valued at $1,000 or more that are not ‘fixed assets,’ but that an organization does not want to lose. ‘Sensitive assets’ can be valued at below $1,000.”
Customers maintain records on sensitive assets such as firearms, hazardous waste, paper documents, handheld PCs containing confidential information, and other IT assets.
Records can be kept about the purchase of an asset, maintenance, inventories, transfers of accountability, retirement of the asset, and much more. Other vendors in the same general type of asset management market include WiseTrack and xAssets.