Connect with us

Business

IT inventory management in the age of cyber security

Protect yourself (and your business)

data hacker hiding data
Image: Dr. Hempel Digital Health Network

Cybersecurity has become one of the most talked about issues in recent times. A decade ago, IT Inventory – a businesses’ computers and assets – could be managed in a simple spreadsheet but, over the last few years, organizations have realized that data, network security, and IT asset management are interlinked, and more importantly, IT inventory needs to be tightly tracked to safeguard businesses and employee security and productivity.

All organizational IT departments have a responsibility of keeping track of all available IT inventory. In particular, the IT inventory should include tracking issues such as compliance regulations, licenses for software programs, updates, contracts, etc.

Additionally, the entrance of cloud technologies in recent years further increases the complexities of IT inventory practices. With the aid of tools designed to specifically assist in IT inventory, IT departmental managers should keep inventories covering the following:

Software Inventory Management

Managing software inventory provides IT departments with various challenges. For instance, IT personnel have to monitor the installation of unauthorized software programs on company systems. Employees may also install software programs acquired from third-party sources, hence lacking official security patches and updates from their original vendors.

Though this is more applicable to company data rather than inventory, businesses also have a right to educate employees about the responsibilities of ethical data management. Torrent sites, for example, are an effective way of sharing files across the web, but they open a gateway to a PC’s other stored data.

Additionally, those in charge must also ensure that all software used in the company receives timely security updates that must be installed as they are released to prevent instances of zero-day exploits. A zero-day exploit is an attack executed after a flaw in software has been discovered but a security update is yet to be developed.

Software programs also provide interfaces for accessing a company’s network or computer resources. As such, only authorized individuals should be given access to any software. This can be a challenge given the different roles that employees assume hence needing to use different types of software programs.

Implementing an IT inventory management tool can assist an IT department to roll out new updates as soon as they are released, ensure that licenses nearing expiration have been renewed, ensure adherence to existing compliance regulations, etc.

Failure to conduct software inventory management can be a huge risk for an organization. A good example of this was the 2018 attack on British Airways, where 380,000 passenger information was affected. A research report published by Yonathan Klijnsma of RiskIQ revealed how software lines of code (scripts) were exploited by malicious actors to steal critical data.

According to the researcher, this incident occurred as a result of poor management on the software at the airline, that allowed hackers to manipulate a newly changed script running on BA’s baggage claim information page. If the organization was practicing effective software inventory management with a focus on security, it would have ensured that the changed code was assessed to enforce its safety.

Hardware Inventory Management

Every organization depends on an array of hardware for various technological functionalities. At the least, companies use workstations and servers to facilitate business processes such as data storage and interaction with customers. An effective hardware inventory management practice entails correct tagging and tracking of hardware throughout its entire lifecycle.

This is to ensure that firmware updates are installed whenever they are available, thus ensuring they are protected from new emerging threats. Hardware inventory management also entails tracking the addition of new hardware to ensure safe practices are observed during installation.

Currently, several organizations allow Bring Your Own Device (BYOD) policies to enhance employee performance. This strategy is another key reason for the need for cybersecurity inventory management.

An article by Charles Cooper on CSO Online reveals that BYOD experience in recent years has involved data leakage incidents, unauthorized access to company information, and employees downloading unsafe content and applications, results that have left IT executive uncomfortable with the security implications of allowing employees to use their personal devices for work.

One solution offered for this challenge involves imposing strict hardware inventory management, commonly referred to as Choose Your Own Device (CYOD). In this strategy, employees can be limited to access certain apps, devices, and functions that are covered by centralized policy-based administrative controls and network settings.

Editors’ Recommendations:

Comments
Advertisement

More in Business