Ruslan Rakhmetov, Security Vision
A century ago, to get from one point in the city to another, a person needed to buy a horse, feed it, treat it, and keep it somewhere. But today, we open an app on our smartphone, press a button, and a car is waiting at our door in three minutes. We don't have to worry about changing our oil, paying insurance, or finding a parking space (well, almost). We consume a mobility service, not a car as an asset, and the same is happening in the world of technology. Google's gigantic data centers and banking systems are absolutely identical to the principles by which a prudent homeowner manages their home, car, or even their wardrobe. Behind the apparent simplicity lies a colossal engineering and management machine: for a taxi service to run like clockwork, someone has to manage thousands of cars, the servers running the app, the communication channels, and the payment gateways.
In this review, we will tell you how the digital world is structured and how to bring order to it using the example of IT Asset Management (ITAM) and the logic of the resource-service model (RSM).
1. Assets
2. Configuration units
3. Resources
4. Services
5. Resource-service model
6. Control and security
In a professional IT Service Management environment ITSM has a strict hierarchy of concepts that often causes confusion even among specialists. To the average person, these terms may seem synonymous, but the difference between them is enormous, so let's first examine the main aspects of this field.
1. Assets
An asset, in the broadest sense, is any resource that can be used to create value (this is an economic concept). It's something you own, something that's worth money, and something you expect to put to good use. Assets are described from three perspectives: finances, regulations, and how they are managed. In the context of an IT company, assets include servers, employee laptops, software licenses, patents, and even office furniture.
When you buy a car for 2 million rubles, it becomes your asset: it has residual value, you can sell it, and it depreciates (loses value) each year (this is the financial aspect). You receive a vehicle title, confirming your ownership (the legal aspect). You also pay taxes, purchase insurance, and are responsible for its maintenance (the management aspect).
2. Configuration units
A configuration item is the most difficult term to understand, but it's critical to the Resource-Service Model. It's any component that needs to be managed to provide an IT service. While an asset might describe money and property, a configuration item answers the question, "What is it connected to and how is it configured?" and describes its connections and functionality.
For the company's accounting department, a corporate smartphone is Asset #12345, valued at 50,000 rubles. They care about you not losing it. But for tech support, your smartphone is KE. They don't care about its price, but they do care about what version of Android it runs, what Wi-Fi network it's connected to, and what apps are installed. If you can't access your corporate email, the problem isn't the phone's price (Asset), but its settings.
3. Resources
A resource is a broader concept that includes everything necessary to complete a task, but is not necessarily subject to strict financial accounting as a fixed asset. Resources can be consumable. In information technology, resources include processor processing power, hard drive space, internet bandwidth, and other measurable characteristics.
If your car is an asset, then the gas in the tank, oil, and antifreeze are resources. You don't account for each liter of gas as a separate asset; you simply spend it. The water in your apartment's tap is also a good example of a resource, as is your free time (perhaps the most valuable asset anyone has).
4. Services
A service is the pinnacle of consumption evolution. According to ITIL 4 (a set of IT management best practices), it is a way to deliver value to customers by helping them achieve their desired results without incurring specific costs and risks. In IT, an example of a service that everyone likely uses is email. The user simply needs to send an email; there's no need to purchase a server, install an operating system, configure spam filters, or ensure server room cooling. The IT department or provider (for example, Google) handles all of this. or Yandex).
When you order pizza, the goal is to satisfy your hunger with delicious food. You don't need to buy a pizza oven (an asset), you don't need to learn how to roll out dough (a skill/resource), and you don't need to risk burning your hands. You delegate all of this to the pizzeria and use the service through your smartphone screen without any additional risks. You pay only for the result—a box of hot pizza delivered to your door. That's service.
5. Resource-service model
Now that we've defined the terms, we can construct a Resource-Service Model, a logical map that shows how all the objects and concepts are connected to form a Service. It's like an anatomical atlas: we see not just a person (a service), but also the skeleton, muscles, and circulatory system (resources) and understand how they interact (through the configuration units of organ systems).
Let's imagine the company's PCM as a layer cake.
а) The infrastructure layer will include hardware, cables, buildings, electricity.
b) Platform and application layer – consists of software, databases, operating systems.
c) The business process layer links the actions of people using applications and is responsible for automation.
d) The service layer is the final benefit for the client.
Understanding the PCM changes your thinking because you can stop seeing things in isolation. When renovating, you think not just about pretty outlets, but about how many appliances will be connected to them and where the router will be located to ensure Wi-Fi coverage throughout the apartment (topology planning). When buying a smart kettle, you understand that it depends not only on electricity but also on Wi-Fi, the manufacturer's servers, and the risks involved (for example, if the manufacturer's Chinese server crashes, the kettle may no longer be able to turn on from a smartphone).
So the resource-service module, built using the Security Vision AM module allows you to find all assets, sort them into categories, and plan the life cycle from planning and acquisition to commissioning, maintenance, modernization, and completion of the cycle through decommissioning.
6. Control and security
If you don't know what you have, you can't protect it. In the tech world, inventory management helps combat entropy and "parasites" in the form of shadow assets. These could be "zombie" servers that are running, consuming electricity, requiring licenses, but performing no useful work (they're forgotten after the project ends). Statistics show that up to 30% of servers in data centers may be unused.
At home, these are things you forgot about: buying a new pack of batteries because you didn't realize there were two more in the back drawer, buying a book a second time. And imagine banning your kids from eating sweets, only to have them sneak into their room and eat them under the covers. This is "Shadow Consumption." At the company, the system administrator prohibits the use of Dropbox for work files (for security reasons). Employees feel inconvenienced, so they secretly start sending reports via their personal Telegram, creating a new risk: data leakage. If an employee's personal Telegram is hacked, company secrets will leak. Asset management identifies such "guerrilla" channels and either legalizes them (takes control) or blocks them.
To regularly inventory security, you can, of course, walk around with a barcode scanner and "pick" stickers on laptops. However, specialized services can scan the network and automatically map all connected devices. It's best to do this so the system not only tracks assets but also evaluates their resources, organizes them into configuration units, and links them all with services for risk and benefit assessment, which we'll discuss in more detail in a future article.
This isn't boring bureaucracy for IT professionals, but a true philosophy of order and a way of seeing the world not as a collection of disparate objects, but as a system of interconnected elements serving a single purpose—to benefit people.
Whether it's managing a fleet of tens of thousands of servers for a multinational corporation or organizing a household, the laws are the same:
1) Know what you own, take inventory
2) Understand relationships, topology, and dependencies
3) Calculate the full cost
4) Manage your lifecycle
5) Manage risks, maintenance, and safety of facilities
By mastering these principles, you'll stop being a passive consumer, baffled by technology breakdowns, and become the architect of your own comfort, capable of building reliable systems in an uncertain world. And we can help you with this when it comes to corporate IT systems and cybersecurity.
 (2).jpg)
