“Asset visibility” is a recognised core concept in Information Security and there are few factors which are more important today than knowing exactly what you have in your estate. Assets can be anything from physical devices also known as hardware, buildings or other infrastructure and non-tangible resources for example cloud resources, and data. Gaining asset visibility is the cardinal starting point for rolling out any cybersecurity programme assuming of course that the aim is to implement the programme successfully. Of course, I cannot refer to people (once upon a time, but hopefully never again referred to as “wetware” or “meatware”) as assets but it is important that you recognise their contribution and importance in the security of any organisation. Humans are the most essential link in any cybersecurity chain.
After the answers to these have been obtained following an asset discovery exercise, the following may be the next set of considerations:
With the increasing types and numbers of devices and applications and the volume, variety and velocity of production of new data and recognising the reality of Bring Your Own Device (BYOD) and working from home options being adopted by an increasing number of companies due to the benefits they provide (cheaper or zero office rent costs, lower company bills, potentially more productive employees, etc.) – it is critical that organisations gain real-time, trustworthy visibility into which controls affect the assets that are in use as part of their estate and where the gaps in their security coverage is.
Knowing which controls you have in place or otherwise in real-time helps you plan for the best way to secure your asset estate. Identifying the controls needed to ensure the security of these assets and, unwittingly or otherwise, to support compliance requirements is a smart approach to security today. The alternative is an absence of visibility into some very vital security measurements.
Organisations can choose to capture, measure and review their organisation’s controls using lists and documentation which they create, share and manage manually. Alternatively organisations can offload the task to an automated system that consumes their controls in real-time if they have any controls in place and provides them with actionable insights into the coverage across all their assets, recommendations for the smartest way to improve your cybersecurity posture over a pre-agreed period as well as making recommendations for managing the current risks using mitigation techniques, among other approaches.
The options are quite clear: you can choose to drive to the market, or you can walk there – but you can’t complain if the person who opts to shop online gets there first and gets the best produce. Visibility, Speed and Relevant recommendations.