Which Assets Actually Need Continuous Monitoring?
As they embark on continuous monitoring, a chief challenge for state governments is understanding the extent of their IT landscape. Gaining a comprehensive inventory can be difficult, given the pace at which new devices and hardware assets are acquired, installed, replaced and retired.
Software can be even more challenging because of cloud-based assets that are perhaps not fully known or understood by security teams, and because of the presence of shadow IT — applications in use without the knowledge of the IT or security team. Contract employees, remote workers and those who use personal devices for work-related purposes all require monitoring for cybersecurity risk.
How Asset Management Can Increase Visibility
The first step in implementing effective continuous monitoring is taking a thorough inventory of all IT assets. IT asset management (ITAM) entails cataloging, tracking and maintaining an organization’s technology assets. Asset management involves both software and hardware assets.
Software asset management should begin with a comprehensive inventory of software installed in the data center and in the cloud. The latter is especially important. Forty-nine percent of surveyed state governments reported most of their systems and solutions are now in the cloud; a total of 93 percent noted that some, most or all their systems are cloud-based. A thorough inventory of software assets can help state and local governments automate decision-making and risk reduction.
Hardware asset management identifies devices — including virtual machines, IP-addressable devices and removable media — that have access to the network, and it determines whether or not they are authorized.