New security breaches are reported more frequently today than ever before. According to the ITRC mid-year report for 2017, the number of tracked data breaches in the US increased to 791, up by 29% from the figures in 2016. Inappropriate handling of IT assets and inadequate access control may expose critical information to an attacker. IT Asset Management has an important role in safeguarding an organization against security breaches. Many organizations do not realize this and keep ITAM confined to inventory functions for life-cycle management. In many organizations, especially the ones without dedicated teams looking over the security of IT assets, ITAM is the department that is tangentially responsible for this. We discuss the top security measures by which an organization can safeguard itself against security breaches by effectively using ITAM.
Establish IAM Based Access Control for Assets
The first step the ITAM department of an organization must take is to be integrated into the Identity and Access Management (IAM) system. Giving the ITAM department the ability to control which entity has access to which assets and under what constraints enables a tighter information flow. Only the right entity that has the right reasons to have access to an asset is allowed to use it. The idea is very simple, but the implementation and integration into ITAM can be a difficult task. All medium to large size organizations use some form of IAM authentication today. It can be a directory based system via LDAP that implements the RBAC model.
For Software Asset Management (SAM), the ITAM department must make sure that access control is provided using a Single Sign-On scheme built upon LDAP or Oauth2. The IT department can be tasked to do this. For Hardware Asset Management (HAM), hardware keys like Yubikey can be used to enable two-factor authentication. ITAM here involves keeping track of which keys have been provisioned to be used for which assets.
Establish An Audit Trail
While having a tighter access control system is a good start, effective IT asset management requires an organization to effectively manage the access logs too. The attack vector for a security breach can be from within the organization itself. A rogue employee can do more damage from within than an attacker can dream of from outside. Establishing an audit trail enables the organization to pinpoint the faulty link in case of a security breach. It also helps in identifying the weak points in processes beforehand. Keeping track of access logs is the first step. The next step is keeping track of the entity that authorizes other entities to have access to particular IT assets. Authorization orders can be tracked by signing them by that entity’s private keys. Several document management systems are available that use e-signatures and can be integrated into the ITAM process easily.
Safeguard Against Malware Attacks
This problem is particularly pronounced in SAM because software adds a whole new dimension of interfaces a system has to deal with, this, in turn, increases the attack surface as well. The policies here must be made assuming that the system is, in fact, breachable – if not today then tomorrow. While this is the responsibility of the IT department, smaller teams within the department might overlook this requirement. ITAM department must oversee that these security measures are properly followed and keep track of this. Firstly it must make sure that the software assets are fully backed up periodically. Wannacry ransomware made sure that organizations around the world take backups seriously. The ITAM department must also make sure that the third party services that are integrated into an organization’s system are properly audited and adhere to a standardized interface for integration.
In case of HAM, the ITAM department must make sure that all interfaces to critical systems are enumerated. This involves keeping track of what systems are supposed to be connected the internet, or to the intranet, or even be air gapped. All other interfaces to such systems should be discarded. This is also in accordance with the same philosophy behind establishing access control mechanism – only allow what is needed.
Establish Automated Monitoring
As already mentioned, the weakest link in a process is most likely the human element. Effective ITAM involves making sure that most of the processes are automated, monitoring being the most important of those. This can help in tightening access control as well. The ITAM department may want to track of network usage or the processes that are active on a particular system. This can be achieved by using an ITAM service that supports integrated automated monitoring. Custom solutions can be built in-house as well.
Manage The Updates
Tracking the version of deployed software is a key requirement for successful SAM. This is important for cost proposition as well as security proposition. The ITAM department must make sure that all systems receive critical updates in time. This responsibility overlaps with the IT department as well. In this case, the ITAM department must fill in the role of an overseer and enabler.
Preventing security breaches is a very difficult task, and ITAM can be of immense help here. The IT department is responsible for operating the assets; the ITAM department must be responsible for obtaining and securing the assets. Keeping ITAM confined to inventory management just means losing an important vantage point. The sooner organizations take note of this, the better.