The Importance of Asset Inventory and CMDB

Ransomware attacks make for splashy headlines as numbers and dollar amounts increase each year. Almost 300 companies were hit last year to the tune of $45 million in ransom demands.

There are so many moving parts to track new asset inventory and more cloud usage, especially as work becomes more distributed. Remote work introduces some of the biggest threats to your system with 20 percent of companies reporting a security breach via remote workers.

This is where having an up-to-date IT asset inventory closely tied to your configuration management database can help you stay one step ahead. Let’s take a look at the roles they play in your cybersecurity plan.

Risks of Poor IT Asset Inventory Management

While ransomware gets the big headlines, it’s just one potential risk of not keeping up well with your assets and configuration items.

Malware pops up often, especially when you have employees with unmonitored control of assets. This might be because they’re using unprotected VPNs or mobile devices to access company data when they work remotely. 

IoT attacks have become more frequent as companies add assets that should make work easier. This becomes one more entry point for attacks that you might not expect. All of these items need to be able to be remotely managed and easily identified when in use.

Poor patch care is almost inevitable if you aren’t tracking assets and Configuration Items (CI) well. Outdated operating systems or missing security patches begin to pile up when you can’t tell what is loaded onto each asset.

An incomplete or inaccurate CMDB leads to assets with unsupported hardware or software and ultimately an outdated inventory. It should be a trustworthy single source of truth about all the CIs you have.

Using Asset Inventories and CMDB Together

Asset inventories and CMDB are frequently confused since they complement each other. However asset management and configuration management are different.

The confusion often arises from the fact that all CIs count as assets but not all assets count as CIs. This sometimes causes companies to think they can choose between them rather than needing to call on both to handle IT.

To break it down further, asset inventory tells you how many laptops, monitors, and printers you have along with their age and who has them. CMDB tells you what’s on those laptops, which monitors and printers connect to them, and whether those assets connect elsewhere as well.

Asset inventory management begins with a detailed list of all your hardware and software and generally concerns itself with the financial attributes of those assets. That includes what you paid for it, how old it is, and what it’s worth now. IT uses that type of list to help to monitor when an asset needs to be retired rather than repaired, for example.

The CMDB keeps up with your CIs, that is the service and component attributes of the assets. This might be software license, operating system version, or whether an asset should have VPN access. It covers everything you need to know about the asset for IT purposes – what it’s used for, what it’s dependent on, and what it is a part of.

Using them together lets you see not just that you have 10 laptops, but which ones are allowed to access the system and whether all of them have properly licensed software, for example. You can cut down or eliminate blind spots in your security that can pop up thanks to cloud computing, IoT, and mobility.

Best Protection Practices

Once you have your asset inventory and CMDB in place, it’s critical to establish good practices to ensure you get the most out of it. Your system setup should allow for deep scanning of the network to identify devices to ensure only those allowed are connected.

Consolidating all your IT asset data into a single system is just the first step toward security. The database and inventory lists need to be kept up-to-date and complete so they can serve as the baseline for all your tech.  activity. Your entire team should have complete visibility of the system as well.

Your team should stay on top of patches and updates for all your assets, something that can be helped by automated asset discovery by your system. That should lead to a more accurate inventory and profile of all CIs so your IT team can quickly stay on top of what needs patches and where those assets are.

Your security system should be able to track down unknown devices, which could end up being a personal computer or phone of an employee. Ensure that the system can see when these connect so they can be tracked down and verified.

Finally, your system needs the ability to mitigate incidents quickly. This means being able to identify and isolate impacted assets to keep any problems from spreading.

Keep an Accurate Asset Inventory and CMDB

Cyberattacks come no matter how many security protocols you put in place, and you can’t protect assets you don’t know about. An accurate asset inventory tied to your CIs make it easier to keep track of everything. This allows you to take a more proactive approach to prevent attacks and protect your digital assets.

Need a better way to keep track of your security solutions? Request a demo of our platform that pulls together data from them all to give you a single source of answers about your security operations.

Share

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Table of Contents

Check Out More of Our Blog Posts: