Cybersecurity asset management trends point to increasing complexity

Nathan Burke, chief marketing officer at Axonius, has over 15 years of technology and leadership experience. He is passionate about bringing new technologies to solve real cybersecurity problems.

Nathan Burke, Chief Marketing Officer, Axonius

Increasing visibility into government infrastructure remains a key challenge to combat security threats. And though agencies most likely have all the security tools they need, IT leaders still struggle to see how those tools are properly deployed across their networks and devices.

The pandemic and remote work environment certainly accentuated these challenges, but these aren’t the only factors driving visibility and security risks, according to a recent study Axonius commissioned with Enterprise Strategy Group (ESG).

The second annual Cybersecurity Asset Management Trends report surveyed IT and cybersecurity professionals across organizations in North America to understand current asset visibility challenges and trends. According to the findings, 72% of respondents reported that modern IT infrastructure complexity has continued to grow over the past two years.

If you think back 10 to 15 years, most organizations had a pretty standardized set of devices or applications on the network. However, the state of IT environments today raises a lot of questions about what an IT asset is. Is an Amazon storage instance an asset? Or an IoT device? What about ephemeral devices that may live for only an hour?

Organizations have not only increased the types of devices that need to be managed, but the pace of change, which requires almost a more robust and up-to-date asset inventory.

Additionally, with different device types, organizations have also acquired different solutions to manage or secure them. The report findings indicate that on average, organizations depend on eight different tools to pull together asset inventories. And the average asset inventory will take 86 person-hours to generate.

Post-pandemic response presents new opportunities

Though the shift to remote work accentuated complexity and visibility challenges within government IT infrastructure, the preparation for employees to return to the office presents IT leaders with a notable opportunity to get back to the basics of asset management and cyber hygiene.

When federal employees return to the office, they will bring with them devices that either were not managed by agency IT or which have not been updated over the last year. The security risks of these visibility gaps may be striking for agency leaders.

And though it remains to be seen how government agencies will navigate hybrid-work structures, industry trends suggest the demand for remote work capabilities are on the rise. On average, respondents in the survey expect 40% of their organization’s workforce will work remotely after the COVID-19 outbreak is controlled — an increase from 23% prior to the pandemic.

In addition to remote work needs, the rapid development of digital services is making it more difficult for IT to answer simple questions about their assets.

Eight in 10 people in the survey acknowledged facing visibility in gaps in the cloud, up by 10% from last year. Respondents also reported widening visibility gaps with end-user devices (75%) and IoT devices (75%).

The study suggests that IT and business teams are getting applications, cloud services, and devices out to their workforce faster than what security teams can keep up with.

Moving from a reactive to proactive security position

While there is no shortage of security challenges that agencies are facing, the goal for now involves focusing the resources they have where they can deliver the most impact.

The recently issued cybersecurity executive order from the Biden administration promises to give cybersecurity modernization efforts greater attention. Though most agencies already have enough security and device management tools, many teams lack the visibility they need to be confident in complying with new security efforts.

Using a cybersecurity asset management platform offers a greater opportunity to close those visibility gaps.

The Axonius cybersecurity asset management platform, for instance, gives agencies the ability to gather asset and vulnerability data across an organization’s entire network into a centralized view. The platform connects to all of an agency’s different asset management and security tools to collect and analyze their respective data — regardless of the asset type.

The totality of that data, when combined and correlated, provides a powerful overall picture. But it also allows an organization’s IT team to query how any and every asset either adheres to, or deviates from, their security policies. The results often prove eye-opening. For example, one  Axonius customers recently ran a query to test the deployment of an endpoint protection tool and discovered that it was only installed on 40% of those devices that required endpoint protection.

Once vulnerabilities are exposed, an agency can decide what action to perform. So, if the query finds an endpoint that is missing an agent, an automated action can be programmed to install it, update a database or submit a ticket.

Taking steps towards achieving full visibility across federal agencies’ network environments will always come down to knowing what is on the network.

What we recommend above all: Use the momentum created by the pandemic and recent security incidents to encourage strategic conversations among agency leadership on implementing an operational plan for full network visibility today.

Learn more about how Axonius can help your organization address security risks with modern asset management solutions.