It’s a good question. Why does asset management matter for cybersecurity? In fact, it’s such a good question, we decided to write a white paper about it.
IT Asset Management vs. Cybersecurity Asset Management
When we look at what has been traditionally called “IT Asset Management”, we’re referring to a set of practices surrounding the financial, inventory, contractual, and lifecycle management of an IT asset. In this case, an “IT asset” is really any device or cloud instance that is used for business purposes. Some of the responsibilities of an IT Asset Management program would include:
Inventory – Getting a detailed inventory of all hardware, software, and network assets
License Management – Making sure that all assets are running properly licensed software
Lifecycle Management – Deciding which assets should be decommissioned and managing the software licenses on these assets and updating the inventory
Using the traditional definition, IT Asset Management would fall squarely in the hands of the IT and Desktop Support teams. However, the process of gathering data about every asset and understanding what software is running is critical and foundational to cybersecurity.
In the white paper, we call “Cybersecurity Asset Management” the process of:
- Gathering data from any source that provides detailed information about assets
- Correlating that data to produce a view of every asset and what is on it
- Continually validating every asset’s adherence to the overall security policy
- Creating automatic, triggered actions whenever an asset deviates from the policy
In this context, Cybersecurity Asset Management or “Modern Asset Management” becomes the nexus for cybersecurity projects and decisions.
Examples of Asset Management for Cybersecurity
In the white paper, we look at the intersection of asset management and cybersecurity using the following examples:
- Asset Management and Endpoint Protection – Show me assets that are missing an endpoint agent and assets with the right agent installed, but the agent isn’t working.
- Asset Management and Vulnerability Management – How can I find assets not being scanned by a VA Scanner?
- Asset Management and Cloud Security – How can I discover cloud instances that aren’t being protected and/or are publicly accessible?
- Asset Management and Incident Response – How can I get all of the necessary information from different data silos to help in an investigation?
- Asset Management and Continuous Controls Monitoring – How can I find out any time an asset stops adhering to the overall security policy?
- Asset Management and Security Policy Enforcement – How can I use the sources of asset data to automatically remediate issues?
Download the white paper, “Why Does Asset Management Matter for Cybersecurity?“ to learn more.