Spotlight: IT Asset Management

Background

As the business use of technology grows rapidly, it is difficult to understand what is being used, by whom, and for what purpose. Your security is only as strong as your weakest link. If you are not tracking technology in the form of business applicaons or infrastructure it could mean a bad day at the office. Parcularly for larger, more complicated organisaons where change has been a constant, establishing effecve IT asset management can be a very difficult endeavour.

Why is IT asset management important for security?

Effecve security relies on an accurate, up-to-date inventory of IT assets. This on its own, however, is not sufficient. You also need to understand the level of potenal informaon risk associated with each asset. These risk levels should steer security investment planning and inform the priorisaon of related security acvity. Configuraon management databases (CMDBs) and other lists of servers and applicaons might feel like ‘job done’, but such data can readily go out of date, contain significant gaps, and only provide superficial informaon.

Our five key steps will bring significant benefits — but it is not easy

  1. Mapping devices to apps and services – understand device connecons, dependencies, and business cricality.

  2. Automated device discovery – all live devices are in a CMDB and decommissioned devices idenfied.

  3. Up-to-date soware inventories – all unpatched and unsupported soware instances are detected.

  4. Asset business cricality impact scores – enables risk priorisaon of security control rollouts and remediation.

  5. Asset hygiene – completed crical fields, e.g. Owners, Hostnames, IP Addresses, Device Type, Asset Cricality.

 

These activities provide an organisaon with the confidence that:

  • All IT assets have been idenfied and security control coverage is understood.

  • Security, technology, and business teams can priorise security remediaon acvity based on the cricality of the business services that the IT assets support.

  • A foundation exists for beer visibility across mulple security domains, e.g. vulnerability, access, and incident.

  • Cyber security control gaps are beer prioritised.

  • Change management is less risky due to improved inventories.

How i-confidenal can help?

We have assisted a number of clients with their IT asset challenges, and developed our experience and ‘know how’ into i-Asset, which enables a structured programme of acvity: 

  • Establishment of key principles and desired outcomes for the IT asset management improvements needed to support effecve cyber security.

  • An implementaon approach that includes requirements for improved IT asset management systems, discovery processes, and operang models.

  • Support for closing gaps against the above requirements ulising our proven i-Remediate approach.