ITAM and IT Security

What are the most common areas of synergies between ITAM and IT Security/Cybersecurity ?
How ITAM can generate an added value to IT Security?
On which areas/in which situations ITAM can be considered as a strategic partner for IT Security/Cybersecurity?

1 Like

Interestingly, I did an interview with a cybersecurity consultant the other week, and the answer wasn’t what I expected!

Here is the interview for you to read as there is quite a bit there: ITAM and cyber security - let’s chat (learnworlds.com)

Hopefully it’s helpful!

Kylie

2 Likes

Hi Jarek,

The ITAM data is the most valuable for cybersecurity. They need to know what is deployed in the network environment, what it is being used for, who using it and what is its purpose. They can use the ITAM data and make it as a ‘asset registry’ based on the NIST framework and determine what is ‘authorized vs. unauthorized’ assets that should be on the network.

Having a definite asset registry, they can expand like what is the end of life / service for those assets, do those assets have vulnerabilities and so on… putting a risk score together. ITAM is about mitigating financial and legal risks to the organization and should include security.

I could go on, but it would be a book :wink:

Thanks!
Lisa

2 Likes

A few ways ITAM is valuable to cybersecurity include:

  1. Assessing levels of exposure for day zero response – If there is a newsworthy breach and an organization needs to quickly find all the assets tied to a certain software title, ITAM programs can provide this normalized mapping. “Oh no, this version of ABC publisher on 213 laptops, including the CFO’s, we need to patch it right away.

  2. Restricted Software lists – preventing stuff sitting on employees’ laptops in the first place that shouldn’t be there, exposes the corporate network (E.g. BitTorrent, games, personal tax software, etc). Depending on company policy, ITAM programs can potentially proactively remediate these from machines.

  3. Life cycle dates for end of support and patches – ITAM programs can track versions of software titles that will no longer be supported and patched. That way the customer can get ahead of exposure and proactively plan upgrades/decommission well in advance before the publisher stops supporting it.

  4. Distributed software spend / formerly known as shadow IT - ITAM programs can help you get a complete picture of the estate, software coming in through approved and non-approved channels and thus help cyber understand their total potential attack surface.

"When an operating system reaches its End of Life (EOL), it becomes a prime target for hackers. The stream of patches, security updates, and research into vulnerabilities from the system’s provider ends, leaving the system and the user more defenseless than ever” – Secure world.io

The NIST reference framework for an IT Asset Management system states:
IT asset management (ITAM) is foundational to an effective cybersecurity strategy and is prominently featured in the SANS Critical Security Controls and NIST Framework for Improving Critical Infrastructure Cybersecurity

Having ITAM and cyber teams that can work together can save your companies a lot of trouble! Authorised Software install costs Maersk $300m

Here is how ITAM can engage their SecOps counterparts

I’m biased, but would go so far as to say ITAM is a necessity for cybersec :slight_smile: :

3 Likes

Many thanks for the valuable answers, suggestions and tips. They were a lot of valid points touched. On top of them, I would like to highlight the need to alignment on governance models. ITAM collaborating with IT Security can leverage Policies and Standards, cross-referencing them and completing each other, making sure that the governance principles & rules defined in Company Policies are consistent and not contradicting each other.
It need to be taken into account that IT Assets are in center of both ITAM and IT Security, both disciplines require often the same info about IT Assets are just looking at them from different perspective. ITAM is looking at the IT assets from license/contractual compliance perspective (entitlement vs deployment) and added value creation perspective (Business-IT Alignment). While IT Security is looking at IT Asset from Defend/Protect perspective. Analyzing the data requirements, one will find quickly that there is a large portion of data which is required by both disciplines. Both disciplines require highly accurate IT Asset inventory, with quite large, common set of data attributes. It`s of both interest to have a well defined IT Asset Lifecycle related process like IT Asset deployment, meintenance or decomisioning and disposal. As a result, ITAM and IT Security should work together not only on operational or “project based” level, but find a framework to cooperate on governance level, making sure that IT Security and ITAM Policies and Standards are consistent and relating each other. Rather than duplicating requirements, trying to merge them and join forces to enforce them in IT operations.

1 Like