ITAM and Endpoint Security: You Can’t Manage, Secure, and Effectively Defend Against What You Don’t Know You Have
IT Asset Management (ITAM) is inextricably linked to endpoint security. In fact, as shown below, the first two of the Center for Internet Security’s Top 5 Critical Security Controls emphasize just how crucial it is to understand what devices you have and what software is running on them. These controls represent the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks:
As Brian Hoskins, Director of Service Management at NCSI, declared in our recent State of the Union ITAM Virtual Leadership Summit, “What you know you have, you can manage; what you don’t know you have, manages you.”
And this rings even more true when it comes to security. What you don’t know you have, you can’t really secure effectively nor defend against.
“Ghost” Assets: 30% of IT Fixed Assets
Thirty-percent of hardware assets are stolen, missing, lost, or have otherwise “ghosted.”1 That’s quite a substantial percentage and poses significant security risk.
What’s happened to these devices? Are they even still in the organization? Has critical company data left the building—literally? Many organizations still use spreadsheets, purchase orders, or simple network discovery tools to track their assets. Keeping tabs on hardware with these traditional methods is an administrative nightmare. IT assets are assigned, reassigned, and moved from one location to another depending on business dynamics.
But it’s not just the tool side of things that’s lacking; more important, the process is missing. Fifty-six percent of organizations admit that they are only verifying their asset locations once a year, and 10 to 15 percent of them only track their asset location every five years.2 Wow, let that sink in. A lot can happen in five years. For me personally, it’s three kids later; relocating from Europe to the U.S.; laptop, phone changes, and application upgrades; and a lot more.
Knowing what assets you have and where they reside, tracking regulatory compliance, and visibility into cost of ownership are just the tip of your management iceberg.
Hardware Failure Causes 53% of All Data Loss and System Downtime3
If you knew what you have and managed it proactively, you could patch your systems and fully integrate them into your security processes to help avoid security attacks. But again, you can’t protect what you don't know exists.
Making ITAM a key process of your endpoint security efforts will help you:
- Discover and inventory all software and hardware in your organization
- Detect new devices as they come into the organization
- Understand what operating systems are running on your devices, security requirements, and applications that are installed on them
Only then you can really monitor for security breaches and report on anything suspicious and out of security policy.
Or, as Gartner stated at its recent IT Sourcing, Procurement, Vendor, and Asset Management Summit:
- Locate and identify each asset when it connects
- Authenticate each asset to assure it should connect
- Authorize the user to determine if they should connect
Spreadsheets Don’t Work
Still think you can get by with spreadsheets? Think again. According to Gartner, less than 10 percent of new devices connecting to corporate networks will be manageable by traditional methods by 2020.4 In most instances, organizations find more things with an automated ITAM solution than they knew they had.
A recent Gartner client inquiry showed a whopping 60 percent more devices were discovered than were documented.4 Let that sink in—60 percent more. This could be authorized hardware that you spent money on you actually didn’t need to. Or, worse, it could be unauthorized devices entering your organization posing significant security risk. ITAM and endpoint security tools need to work together to understand what unauthorized hardware and software is trying to connect and to keep unauthorized software from executing to effectively protect your organization.
Don’t just purchase and forget. You need to manage your assets effectively across their lifecycle. You need to know what’s going on with your devices, what’s running on them, what’s happening with them, and which users have them. This is important with normal corporate devices, but even more so with BYOD and IoT devices making their way into the organization.
Offboarding: 50% of Former Employees Still Have Access to Corporate Applications5
When employees are hired, they need the appropriate hardware and software to be productive. However, many organizations may not realize the importance of properly retiring and disposing of hardware and software assets once an employee leaves or a device reaches its end of life.
When disposing of hardware assets, you must take precautions to avoid loss of confidential data from security breaches. Not only do organizations run high security risks, they could also incur substantial costs on the missing hardware that former employees take with them—and the software on those devices.
A survey of 329 organizations conducted by Intel and the Ponemon Institute revealed that collectively these enterprises had lost more than 86,000 laptops over the course of one year, costing an astounding $2.1 billion,6 which averages to $6.4 million per business. The price of the actual laptop may seem high, but in reality it’s the least expensive cost involved. Data breaches, lost productivity, and regulatory fines far exceed the base price of a computer.
There are definitely other reasons why it makes sense to closely link and align your IT Asset Management and endpoint security efforts, but gaining visibility into what you have is a good first step.
Take a few minutes to learn more about IT Asset Management solutions from Ivanti, where you can also request a free demo.
M. Day and S. Talbot, "Data Validation the Best Practice for Data Quality in Fixed Asset Management," (White Paper) Asset Management Resources
Gartner IT Sourcing, Procurement, Vendor & Asset Management Summit 2018: Discovery, Security, Management and Disposal: The Lifecycle of Hardware Assets in the Enterprise
Mareike Fondufe is a product marketing manager at Ivanti focusing on IT Asset Management solutions.