In today’s computing world, information security is synonymous with technology. Ubiquitous across every industry and business, the demand for secure workstations, servers, and infrastructure is necessary to maintain a secure operating environment. This imminent need for security often wages war against accessibility and usability. It’s a common problem that all information security experts face: How do you completely secure a given system without severely limiting or removing access to the information contained within? The short answer is that you can’t.
With digital threats becoming more and more sophisticated every day, a coordinated effort is required by all involved in the information technology ecosystem. These threats started placing a heavy focus on the mass acquisition of data and information from secure systems. Whether its intellectual property theft, identify or financial information, or simply aggregate user data, you can find countless examples of this in the last decade. From the mass breach of Equifax in 2017 that resulted in the theft of private information on 143 million Americans, to the internal breach at the Department of Homeland Security earlier this year, even the most sophisticated and well-protected organizations are subject to attacks on their internal data.
There is no one solution to the conundrum of data protection and user accessibility, and it takes a concerted effort from multiple departments across the entire organization to ensure a high level of protection against these threats. While a large portion of this falls naturally on the system and network administration levels, broader asset management is capable of assisting in the mitigation of data breaches and cyber threats. It takes a multi-prong approach to addressing security risks before they become a potential window of access.
Physical hardware represents the easiest window of access to secure. While a large portion of this again rests on information security staff, service and asset management personnel who monitor the tracking of hardware disposal and acquisition can play a role in helping secure these systems. When an asset is tracked as being disposed of or removed, ensuring an extra flag for proper erasure of data and removal of the hardware is completed can be tracked with asset management software. Likewise, incoming systems can be flagged as secure or non-secure within a database based on their location, physical access, and personnel access. Further management can be implemented to separate these assets into tiered systems based on security risk, with appropriate measures to protect their removal. A coordinated effort between IS staff and administrators can go a long way towards protecting physical hardware and the data contained within.
Far more difficult to properly secure than physical hardware, the vast majority of software security will fall on specialized personnel and system administrators. That being said, asset management plays a unique role here, as the tracking of software licensing, upgrades, and installations are typically within the ITAM purview. Simple, easy to miss warning signs like updates being performed outside of their maintenance schedule can raise red flags. Making sure that all security updates are quickly performed can mitigate a huge amount of risk, as can keeping software versions up-to-date to prevent backdoor vulnerabilities. These kinds of seemingly small mistakes can lead to huge breaches in security and are easy to maintain.
Known software vulnerabilities that aren’t subsequently addressed and patched account for the vast majority of severe data breaches. Keeping these update schedules running like clockwork and closely monitoring the installation of new software, licenses, and services have a huge impact on information security.
Cloud-Based Services (IaaS, SaaS, PaaS)
Ever more relevant as each day goes by, cloud-based services will soon account for a huge portion of everyday business computing. These systems not only require their own set of ITAM procedures and guidelines, they present unique security risks that need to be considered. While many cloud-based services will have tight on-premise security, it can be difficult to know who has access, both physical and logical, and secure these systems. On the ITAM side of XaaS, carefully reviewing contracts and service agreements will reduce the likelihood of an issue arising.
As cloud-based platforms become more and more sophisticated, leading to more and more use throughout the industry, cloud security will be a hot topic in the near future. It’s already clear that these services require forethought on the part of asset and security management to mitigate risk.
Representing the biggest risk to secure data, but also being the most straight-forward to secure, the end-user has historically been the weakest link in the information security chain. While asset management ultimately plays a minimal role in protecting the end-user from themselves, it can have a positive influence through careful monitoring. This is particularly relevant for Bring Your Own Device (BYOD) workplaces that allow employees to work through the network on their own, possibly unsecured, devices. Making sure these devices are carefully tracked and monitored via asset management software, fed regular updates, and treated like a company asset is crucial to security.
In the end, this only barely scratches the surface of the potential for asset management to aid in information security on a company-wide level. Through thoughtful coordination and synergy, multiple departments can greatly reduce the chance of a critical data breach and the loss of customer data, intellectual property, or systems. The introduction of new technology will continue to evolve the “information security ecosystem,” forcing it to adapt to its changing environment in order to ensure peace of mind for companies worldwide.