Zombie (Ghost) Assets and How to Stop Them
Zombie and ghost assets sound exciting, like a late-night movie you’d watch around Halloween. While in reality they may not be that exciting, they’re scary if you don’t understand and prevent them. The good news is the steps you need to take don’t necessarily require any special technology (though some might come in handy). Instead, it requires only good old-fashioned management to set up, resource, and run the right processes.
In this post, we’ll explore zombie and ghost assets with a focus on
- What they are
- How they occur
- How they impact your business
- What steps you can take to handle them
We’ll start by discussing what assets are and the importance of an asset statement. Then we’ll discuss zombie and ghost assets and why they matter. Here’s a complete table of contents for the post:
- A Brief Primer on Asset Management
- Asset Life Cycle
- What Are IT Assets?
- What Are Zombie and Ghost Assets?
- How Do Zombie and Ghost Assets Impact Your Business?
- How Do They Occur?
- What Steps Can You Take?
- Benefits of Removing a Ghost/Zombie Asset
A Brief Primer on Asset Management
Before diving into zombie and ghost assets, it’s critical we first understand some key concepts about assets, generally, and IT assets, specifically. In common business language, an asset is anything owned by the business. Typically, a business uses an asset to produce value. For example, a manufacturer owns a factory with manufacturing equipment. Both the factory and the equipment are assets to the business that are used to make products to sell. That said, an asset doesn’t have to be directly involved in value creation, as the office equipment used by management also counts as an asset.
Standard accounting procedures produce three financial statements on a quarterly basis: the balance statement, the income statement, and the statement of cash flows. The first of these, the balance statement, lists the financial value of all assets owned by the business. There’s a lot to how that happens, but the key for our purpose is this: The assets must be accounted for, as they impact the financial position of the company and that position can affect the ability to get loans and to value the business, among other reasons. Also, for public companies in some countries, the statements must be accurate (within some margin) under legal penalty.
Asset Life Cycle
All assets go through a life cycle that typically consists of four steps. First, an asset is acquired or created. Typically, this involves planning for and then purchasing the asset. There are many ways to finance assets depending on the cost and purpose and all of that happens in this phase. Second, and hopefully the largest part of the life cycle, the business uses the asset as intended to produce value. Next, and actually iterative with the using phase, the business performs maintenance activities on the asset, either as needed due to failure or on a proactive schedule. Last, the business disposes of the asset when it’s reached the end of its useful life.
A key part of successful business operations is managing the asset life cycle properly. In doing so, the business ensures the right assets are always available to run the core business, even as assets move independently through the life cycle.
What Are IT Assets?
IT assets are the software and hardware owned or used by a business.
Some of the most common assets you will see in your IT & Test Environments are:
- Server hosting your applications
- Employee computers
- Office printers
- Mobile devices
- Software licenses
Just like other assets, it’s critical to monitor and track IT assets, as they affect the statement of assets for the business. As we’ll learn, ghost and zombie assets are names used to describe IT assets that get into a problematic state that detracts from the accuracy of those statements.
What Are Zombie and Ghost Assets?
Both zombie and ghost assets refer to a type of asset that is improperly represented on the asset ledger, simply in different directions:
- A ghost asset is one that the business has on the books but can’t be located
- A zombie asset isn’t on the books at all, but is on-hand
These may not sound like dire problems when considered on a small scale. But across an entire company, these assets combine to present major issues.
How Do Zombie and Ghost Assets Impact Your Business?
These may not sound like dire problems, but remember the earlier discussion about the asset statement. First, the company must be able to produce an accurate statement of its assets. Second, both types of assets unnecessarily increase risk. One way, maybe the most obvious, is the impact to the asset statement’s accuracy, which puts both company decision making and potentially regulatory compliance at risk. A second way, especially for IT assets, is the item lays outside the standard security program and may be used as an attack vector for cybercrime.
How Do They Occur?
Zombie and ghost assets occur when a business lacks the necessary processes or controls to track and manage assets. Typically, it’s common for a company’s asset tracking to start off on a spreadsheet and move to something more elaborate later, if necessary. For example, a small IT department issues laptops and mobile devices to employees, and they use a spreadsheet to track issuance and return of the devices.
Here are some situations where ghost and zombie assets can occur:
- Employees use a written sign-out sheet to borrow a shared laptop with special presentation software. Then, the laptop goes missing one day, and it’s never reported and no one notices its absence.
- An employee reports a lost laptop to IT and are issued a new one. As a result, IT updates the asset’s life cycle to properly reflect this loss. Later, the employee finds the old laptop and returns it with their other equipment on their last day of work.
- The business buys software licenses without including IT. As a result, such purchases are not reported to the group responsible for IT asset management
What Steps Can You Take?
The first step to take to mitigate the effects of zombie and ghost assets is to take IT asset management seriously and invest resources to do it properly. First, there’s a fair amount of software in IT asset management that simplifies the tracking. Much of this software integrates with accounting software, so it ties nicely into your finance group’s needs. That synergy improves processes across several different departments, and that’s generally a huge time-saver.
Second, even without IT asset management software, assign accountability for asset management to a staff member, if you haven’t done so already. This accountability, when built into job descriptions and goals, provides the necessary incentives to manage this area properly. Don’t assume that the person who’s buying your servers is the right person to handle these duties just because they do a lot of purchasing. Additionally, put actual processes around asset distribution and management. For example, don’t allow staff to borrow assets and self-report such usage via a sign out sheet, whether that’s paper or digital. An accountable staff member is needed to create, manage, and execute processes.
Third, consider RFID or similar technology for tracking the location of physical assets. These tags on hardware such as servers, mobile devices, and similar auto-reporting status and location make ghost assets much more difficult to stay invisible.
Last, in a technology space that’s moving to more cloud services, consider the role of IT assets for operations altogether. One of the big benefits of cloud computing is the transition of costs from capital to operating expenses. On the one hand, this transition may allow you to replace asset purchases with leases and thus avoid the need to track assets altogether. On the other hand, some IT assets will still be needed and leased hardware must still be tracked.
Benefits of Removing a Ghost/Zombie Asset
Your organization is leaving several benefits on the table if it doesn’t actively track and remove ghost or zombie assets. What are some of these benefits?
- Cost reduction. For starters, removing these assets will save you money in the form of insurance payments, taxes, and more.
- Accountability. Removing ghost/zombie assets and putting an effective asset management strategy in place makes it easy for employees to be held accountable when handling the org’s property.
- Safety. Zombie assets are great targets for thiefs, since they’re not in the books. Thus, their removal reduces incentives for thieves to target the organization.
- Efficiency. The removal of these assets, coupled with a strategy to handle assets properly, will result in more efficiency and less wasted time since the signal-to-noise ratio (regarding the organization’s assets) improves dramatically.
In this post, we’ve learned about IT asset management, and the impact ghost and zombie assets have on your business. It’s critical to invest in proper asset management practices to avoid the unnecessary cost and risk of these assets. Otherwise, you’ll be in a tough spot when accounting and IT senior leadership comes calling.
This post was written by Daniel Longest. With over a decade in the software field, Daniel has worked in basically every possible role, from tester to project manager to development manager to enterprise architect. He has deep technical experience in .NET and database application development. And after several experiences with agile transformations and years spent coaching and mentoring developers, he’s passionate about how organizational design, engineering fundamentals, and continuous improvement can be united in modern software development.
02NOVEMBER, 2022 by Sylvia Froncza Original March 11 2019An IT and Test Environment Perspective Traditionally, test environments have been difficult to manage. For one, data exists in unpredictable or unknown states. Additionally, various applications and services...
01NOVEMBER, 2022 by Justin Reynolds.Businesses across the board are spinning their tires when it comes to data and analytics, with many of them failing to unlock maximum value from their investments. According to one study, 89% of companies face challenges around how...
02NOVEMBER, 2022 by Eric Boersma *Original 22 October 2019If you're like a lot of developers, you might not think much about software security. Sure, you hash your users' passwords before they're stored in your database. You don't return sensitive information in error...
14 OCTOBER 2022 by Daniel de OliveiraIn today’s application-based world, companies are releasing more applications than ever before. Software delivery life cycles are becoming more complicated. As a result, large companies require hundreds and even thousands of test...
01NOVEMBER, 2022 by EricStaging Server Success: The Essential Guide To Setup and Use Release issues happen. Maybe it's a new regression you didn't catch in QA. Sometimes it's a failed deploy. Or, it might even be an unexpected hardware conflict. How do you catch...
19 NOVEMBER, 2020 by Michiel Mulders What Makes a Good Test Data Manager? Have you implemented test data management at your organization? It will surely benefit you if your organization processes critical or sensitive business data. The importance of test data is...