Recently we attended the Gartner Security and Risk Management Summit in National Harbor, Maryland. At the summit, we heard a lot about the increasing importance of cybersecurity – the protection and trust of all cyber assets, software and information within an organization. But what we didn’t hear about was the link between IT Asset Management (ITAM) and security practices.
From our perspective, ITAM and security should be aligned and go hand-in-hand.
A good ITAM program requires reliable inventory and discovery as its foundation. A good security program requires the same. The basis of any security program is recognizing your IT assets – hardware and software – so that you can secure them.
Cybersecurity is about identifying and managing risk. One trend we have observed is that companies are not putting a big emphasis on patch management when it comes to vulnerabilities that are several years old. Why is this a problem? Because ignoring a vulnerability is not managing it.
There have been some high-profile software security risks that have been ignored. For example, in 2016, there was a major flaw in Apple QuickTime, an extensible multimedia framework capable of handling various formats of digital video, picture, sound, panoramic images, and interactivity. Homeland Security warned QuickTime users to be careful. Apple decided to stop developing, selling and supporting this product. However, we still see this product on many end points when working with our customers.
Studies show that 37% of installed software is not used. If a software title as a whole or an installation of a product on an endpoint isn’t used, it shouldn’t remain in an environment. Each software license that is unused presents a risk or vulnerability (not to mention that it’s a waste of money).
What about hardware that is not being used? It should be removed, as well as the software that resides on it. Without these unused assets, the attack surface becomes smaller, thus reducing your security exposure.
Eracent understands the challenges and risks associated with cybersecurity. For the past two years, we have invested in cybersecurity through the development of our Software Vulnerability Recognition capability. Also paramount to security is tracking IT assets through their lifecycle to include disposal, and Eracent’s ITMC™ manages this quite well.
A reliable security program is more than managing your firewall and who can get in. Understanding your IT asset inventory, usage and location are all critical to an effective security strategy. The linkage between ITAM and security is obvious, at least to us!