White Paper: AXONIUS
What Do We Mean by “IT Asset Management”?
When we look at what has been traditionally called “IT Asset Management”, we’re referring to a set of practices surrounding the financial, inventory, contractual, and lifecycle management of an IT asset. In this case, an “IT asset” is really any device or cloud instance that is used for business purposes. Some of the responsibilities of an IT Asset Management program would include:
1. Inventory – Getting a detailed inventory of all hardware, software, and network assets
2. License Management – Making sure that all assets are running properly licensed software
3. Lifecycle Management – Deciding which assets should be decommissioned and managing the
software licenses on these assets and updating the inventory Using the traditional definition, IT Asset Management would fall squarely in the hands of the IT and Desktop Support teams. However, the process of gathering data about every asset and understanding what software is running is critical and foundational to cybersecurity.
In this paper, we’ll look at what we call “Cybersecurity Asset Management” or the process of:
1. Gathering data from any source that provides detailed information about assets
2. Correlating that data to produce a view of every asset and what is on it
3. Continually validating every asset’s adherence to the overall security policy
4. Creating automatic, triggered actions whenever an asset deviates from the policy
In this context, Cybersecurity Asset Management or “Modern Asset Management” becomes the nexus for cybersecurity projects and decisions.