You can’t secure what you can’t see—as our survey respondents know. So why aren’t we seeing IT Asset Management (ITAM) tools that discover everything being used more? Or ITAM being coordinated more consistently with cyber teams to keep digital assets secure?
Deloitte’s IT Asset Management Global Survey 2022-23 invited more than 3,500 key ITAM professionals at companies large and small in over 20 countries to participate, covering all major industry sectors.
More than three-quarters (77%) agreed that having a strong ITAM program to detect and manage all the enterprise’s software, hardware, and firmware is a must for cybersecurity.
Yet fewer than half (45%) say they believe they are making the appropriate investments to ensure that their ITAM function enhances IT asset visibility for their security analysts.
Coordinating ITAM with cybersecurity to identify and understand vulnerabilities and threats is critical, our respondents also said. Yet many organisations, if not most, fall short of this goal as well. Barely more than half (54%) of ITAM staff said they work closely with their company’s cybersecurity team.
Perhaps not coincidentally, a lack of collaboration and communication between ITAM and cyber is now a top concern for organisations.
Clearly, something needs to change. In Deloitte’s analysis, Cybersecurity threats and incidents differ by region (based on Deloitte’s 2023 Global Future of Cyber Survey),15% of respondents from Australia said they had experienced 11 or more significant cybersecurity incidents in the previous year. Among respondents from Japan and China, 13% had experienced significant cyber incidents.
Enterprises are adding new technologies and moving more fully into the cloud. Most often, they use several cloud environments, our report shows. This may make their data, applications, and devices increasingly dispersed and difficult to track. Unmanaged and unmitigated, these data, applications, and devices become ripe for cyberattacks.
Regulators, too, know that effective ITAM is important to IT governance and security. They’re issuing new and updated security standards that highlight the need for enterprises to obtain full visibility of their IT assets. ITAM may soon be a must for regulatory compliance.
Just having ITAM isn’t enough. For strong security, organisations need ITAM that delivers a number of tasks, and performs them well. These include:
Often, however, enterprise ITAM software lacks some of these capabilities or doesn’t perform the tasks adequately, our survey shows.
The news is encouraging in some respects. We see companies making progress in key areas in their use of ITAM for security. This year’s survey reveals that they’re becoming more proficient at using ITAM tools for:
We’ve seen progress in all areas, but more needs to be done. To protect your systems, networks, and data from intrusion and unauthorised use, your ITAM teams and tools need to work together with your cyber teams and their tools.
In fact, helping to secure your technologies is one of ITAM’s most valuable purposes. Regulators understand this, as recent developments show.
As your software inventory and array of devices grows, having a central asset deployment command center is key to managing and securing it all. But many of our respondents lack this essential function. We’ve seen this, ourselves, in our work with clients.
On the other hand, when ITAM and cyber work together, the results can be very effective. ITAM can be invaluable for such tasks as:
Fully knowing your enterprise’s full array of IT assets is a cybersecurity must. This includes your devices, software, endpoints, connections, and other assets. You must also understand how these assets connect with one another and with organisational systems and services. Not having this knowledge could open the door to a cyber breach.
For many, creating the map that provides this information is a tedious, time-consuming task. To accomplish it, you will need input from ITAM and specialised dependency mapping tools. Before beginning, it’s imperative that you thoroughly understand what you are doing, why you are doing it, and what the scope of the task will be.
With so many tasks to perform, it might be easy to focus on the details and lose sight of the big picture, which is your overall goal. Strive for a big-picture view of your organisational systems and networks and how to protect them. A top-down, panoramic IT asset approach is the best way to ensure ongoing success.