BT explains why real-time asset discovery should be high on the agenda of every CIO and CISO
When everything appears to be ticking over in an organisation’s IT estate it’s easy to assume that its asset awareness strategy is up to scratch.
Then a major incident hits and all kinds of organisations discover they don’t know what’s on their network, what risk these assets pose or how to mitigate the threats. Lack of asset awareness delays critical incident responses and allows threats to spread across networks, amplifying damage to organisations and disrupting business.
Asset discovery goes beyond security
While incidents like WannaCry were a wake-up call for most security teams, the deficiencies they highlight have wider consequences we shouldn’t ignore. Yes, from a security point of view you need to know what’s plugged into your network and what you’re accountable for, but asset assessment is also vital for compliance, cost and management reasons.
Insufficient asset knowledge means you don’t know where your data is and can easily result in non-compliance with regulatory mandates such as GDPR, HIPAA, PCI, FISMA and many more, triggering heavy fines. Plus, an inability to track software and hardware accurately through an up-to-date inventory has significant cost implications, too. You could be wasting money by paying for too many licenses, or not paying for enough. One client we worked with turned out to be paying for hundreds of thousands of pounds worth of licensing they didn’t need.
An inaccurate inventory also leaves you open to paying to support and operate unnecessary assets. When we run inventory exercises, we often discover a whole load of equipment still powered on, for example, consuming electricity and taking up valuable data space.
From a management point of view, an accurate picture of your assets is essential to identifying technology that needs to be refreshed or replaced if it’s coming to the end of its life. And without this accurate picture, you’ll struggle to work out how you can best consolidate your supplier contracts.
A healthy network knows its vulnerabilities
WannaCry underlined the fact that, where network discovery is concerned, some visibility is effectively no visibility. Not only is that one device that’s missing from your asset inventory an easy entry point for hackers to get into your network, it’s also a point of potential network failure due to a lack of device health information, monitoring or support. Yet, according to Gartner (Market Guide for Operational Technology Security, 2017), half of enterprises only perform asset management once a year and 20 per cent only once every five years.
'Asset management becomes even more vital when you remember that devices are joining your network all the time, introducing more vulnerabilities'
Asset management becomes even more vital when you remember that devices are joining your network all the time, introducing more vulnerabilities — from vending machines to air conditioning systems, the Internet of Things is increasing the volume of devices on your network exponentially. And to this you have to add the threats posed by the creep of shadow IT devices onto your network. The picture gets even bleaker when you consider that less than ten per cent of new devices connecting to corporate networks will be manageable by traditional methods by 2020 (ForeScout Technologies, Internet of Things Solution Brief, 2017).
Futureproof your asset discovery
Customers look to asset discovery services for a variety of reasons. Some aren’t confident that their inventory is complete. Others are concerned the information in their database is inaccurate or is spread across a variety of systems, only some of which automatically update. And, in some cases, the listing is complete and correct, but it doesn’t include all the attributes they need to report on.
Because we build and control networks, we have visibility across them and access to everything on them. We’re able to use this data to build a comprehensive picture of assets, automating and orchestrating the discovery of devices on a network. Not only does this deliver an inventory that’s always up to date, our customers are able to put policies in place that identify any new device being plugged into their network. They can then isolate and control the device, moving it from their critical assets into a different segment. As a growing number of network advances rely on a solid inventory database to function, our asset discovery service is a new way of managing assets that’s specifically designed to meet the challenges of today, as well as those of the future.
Click here to read BT's report - SD-WAN is the cornerstone of network transformation