The what, why & how of asset management
It is now generally accepted that asset management is an essential component of any robust cyber security strategy. But what is good asset management and what challenges does asset management pose to your business?
An asset is anything that helps you achieve your business objectives.
Asset management is about the policies and processes that help you account for each of your assets throughout their respective lifecycles.
From a cyber security perspective, asset management covers – the software, hardware and information that is essential to the day to day productivity of your business.
The National Cyber Security Centre, (NCSC) advocates the importance of extending this to cover other types of assets, including people, physical assets (buildings and sites) and financial assets.
Asset management will cover how you buy, configure, deploy, decommission and dispose of IT assets and how you recruit, onboard, train, support and off-board staff.
‘Gaps and conflicts in asset management processes typically result in reduced productivity. For example, there may be a delay between a user joining an organisation and being granted the access they need to do their job. However, the knock-on effect is often a reduction in security, as workarounds are sought to limit those productivity losses. This can include things like sharing user accounts, which circumvents access controls and reduces accountability.’
Take a look at the latest guidance on Asset Management from the NCSC which will help you to understand the benefits and essential guidance on what asset management is and how to get started. Visit the full article here, or read on for the highlights.
Benefits of Asset Management
- Ability to identify what technology and information is in your organisation
- Ability to identify and assess vulnerabilities that may present a risk to your organisation
- Ability to apply and maintain proportionate security controls
- Ability to plan future technology cycles
How to get started & what to focus on
- Integrate asset management into your organisation
- Understand your critical services and functions and identify the associated data and technology dependencies so you can prioritise these
- Improve and validate your knowledge
- Only keep what you really need
Here at Ignition Technology we partner with leading cyber security asset management platform Axonius. Axonius gives organisations a Comprehensive Asset Inventory. The solution uncovers security coverage gaps, and automatically validates and enforces security policies.
‘Asset management is fundamental to security. Put simply, you can’t protect what you can’t see or understand.’
According to Axonius’ latest research:
- 72% of respondents reported increased complexity in their environments over the past two years
- Many report widening visibility gaps in their cloud infrastructure (79%), end-user devices (75%), and IoT devices (75%)
To get a comprehensive and credible asset inventory, you can’t just rely on one or two data sources. Instead, you need to aggregate, correlate and normalise asset data from numerous sources. Only then can you get a confident, credible view into any asset.
Axonius is the cybersecurity asset management platform that gives organisations a comprehensive asset inventory, uncovers security solution coverage gaps, and automatically validates and enforces security policies. By seamlessly integrating with over 300 security and management solutions, Axonius is deployed in minutes, improving cyber hygiene immediately.
Written by Sean Remnant, CSO at Ignition Technology Ltd.