The International Association of IT Asset Managers (IAITAM) says only Apple appears to have applied at least some proper ITAM practices for equipment acquisition and detected problems with the Super Micro Computer (Supermicro) servers allegedly containing the tiny microchips installed for hacking and spying purposes.
The fact that Apple spotted the issue in 2015 and stopped using Supermicro servers shows that ITAM procedures work even in the case of a nearly microscopic flaw in the IT assets in question, says IAITAM President and CEO Barbara Rembiesa. IAITAM (www.iaitam.org) is a professional association for individuals and organizations “involved in any aspect of IT Asset Management, Software Asset Management (SAM), Hardware Asset Management, Mobile Asset Management, IT Asset Disposition and the lifecycle processes supporting IT Asset Management in organizations and industry across the globe.”
“Make no mistake about it: This was a preventable hack and Apple deserves credit for doing some things right here,” Rembiesa says. “The global supply chain is complex, but companies do not get a pass because of that when it comes to managing the IT assets that they use or sell to others. Companies need to follow proper Information Technology Asset Management practices to make sure that every piece of equipment is needed, configured and functioning as intended, and is monitored on a continuing basis after use starts. The Supermicro scandal shows that even the biggest companies and government agencies don’t do their homework when it comes to the handling of new IT equipment.”
Bloomberg was the first to report that unauthorized microchips have been inserted into motherboards bound for servers sold by California-based company Supermicro. According to the news account, the secret microchips are capable of altering server code, downloading software to get through passwords and other encryptions. However, other reports says Bloomberg’s reporting is flawed and that Apple, Amazon, and others didn’t suffer from security breaches.