Open the digital floodgates, yet trust no one
Hyper-connectedness has led to an explosion of new devices (things), APIs, applications, cloud, mobile, data, networks and legacy services.
Though these digital services are aimed at delivering efficiencies and great customer experiences, the ensuing fragmentation is increasingly making it difficult to get a bird’s eye view of all these services, what’s on them and the security behind each.
The exponential increase in the number of connected assets means that businesses are continuing to expand their attack surface.
With every new asset, user or device added, businesses are increasingly introducing new risks and dealing with the challenge of getting a clear understanding of the number of assets which fall within their trust boundaries.
We all know the adage: “You cannot secure what you don’t know or see.”
Dean Sysman says businesses want to drive growth and operate more efficiently while simultaneously maintain adequate information security. It won’t be easy, though, as there’s a persistent problem that has to be solved before reconciling these two initiatives.
“Asset management is the Toyota Camry of cybersecurity. In a landscape of solutions using AI, machine learning, deception and other sci-fi sounding technologies, getting a credible inventory of all laptops, desktops, servers, VMs, cloud instances, users, and so on, is decidedly unsexy. But despite the lack of luster, understanding all assets and how they adhere to the overall security policy is the only way organizations can both embrace digital
transformation while continuously validating whether assets, users, and devices should be granted access.
Here are five reasons why asset management is necessary for achieving digital transformation and zero trust.
A staggering number of devices
With Gartner Research projecting that the number of connected things will reach 14.2 billion in 2019 and 25 billion by 2021, managing this increasing number of connected assets, devices and users is quickly becoming an urgent security priority for CISOs, CIOs, and frankly, organizations everywhere.
More recent trends like BYOD, mobile devices, remote work and the cloud have led to a significant shift in the way organizations think about which devices they’re responsible for securing. In a world where any device has access to corporate information, the sheer number of devices security teams are tasked with identifying and securing is astounding. As organizations continue to grow, it’s no longer possible or scalable to ensure that every device or cloud instance is covered by the security solutions required by the corporate security policy.
A growing attack surface and opportunistic cyber criminals
The rise in the number of assets means that enterprises across the globe continue expanding their attack surface. Most of the high-profile breaches we hear about today are a result of inadequate cybersecurity asset management. Whether it’s an unpatched Apache server, a public-facing Amazon bucket or a smart fish tank in a casino, organizations are often breached when an attacker can find an easy way into the environment, which frequently happens by exploiting an asset that isn’t accounted for or does not adhere to security policy.
Too many tools with not enough answers
New products, solutions, and services are introduced to the market every day, and as a result, companies purchase and onboard a myriad of products to secure a variety of different assets. The problem is that instead of making life easier and more secure, the sheer volume of these devices ends up creating silos of information, making it more difficult for security teams to answer basic questions about their security posture like “How many Windows hosts do I have?” and “Are they adhering to our security policy?”.
The inevitable march to the cloud
The cloud is fast, cheap and scalable, which is why 85% of companies have adopted and utilized cloud infrastructure moderately or extensively in the past year. Unfortunately, the security solutions once used for on-premise devices don’t always translate to the cloud.
Too much work, too few resources, never enough time
Although the number of connected devices, assets, and users is increasing, skilled security professionals are in short supply, expensive, and overworked.
Considering the ever-expanding attack surface and talent gap, CISOs don’t want to use scarce, highly-trained resources to take on manual, tedious tasks like inventorying every asset. This problem is multiplied when the assets are siloed and distributed across a variety of products, tools, and solutions.
If your organization is onboarding or deploying new technologies, there’s no better time to develop, optimize and strategize cybersecurity asset management.” says Dean.
Posted on February 7, 2019
- “Australia gains the top score on regulations supportive of AVs” according to KPMG
- Fusion’s response on reforming vocational education and training
- The next big thing has arrived – and it’s smarter than humans
- Polytechnic mega-merger will take over apprentices and industry trainees
- Government announces an overhaul of the vocational education sector
- Open the digital floodgates, yet trust no one