Consolidating Technology Management: Good For IT and Security, Strategic For The Business
By refreshing obsolete or broken enterprise technology management processes, security teams can increase efficiencies and reduce (otherwise avoidable) cyber risks.
May 10, 2024
Enterprise technology management has experienced radical shifts in recent years. Digital transformation and the shift to the cloud expanded the definition of a technology asset and exponentially increased the number of enterprise technology assets under management. Then came the pandemic, which caused workers to migrate from hubs to distributed home offices. Seemingly overnight, technology management processes became infinitely more complex and logistically challenging.
As asset-related business processes – from onboarding and offboarding workers to IT audits to SaaS and hardware management – become even more cross-functional and business critical, the way to mitigate technology asset-related risk is to align all the relevant stakeholders through better asset governance. And what better way to do that than to provide better visibility into and control over how enterprise technology is managed?
Today, most companies manage a diverse portfolio of hardware, software, network, and cloud assets across a highly distributed workforce. By refreshing obsolete or broken enterprise technology management processes, security teams can increase efficiencies, reduce (otherwise avoidable) cyber risk, and align their business processes to reflect the cross-functional, intertwined state of business operations.
How to enact sound technology management
The first step in updating and automating technology related business processes is to create and populate a single source of truth - a centralized technology database that pulls data from asset-related datasources – device management systems, security systems, identity management systems, procurement systems, etc., and then aggregates, normalizes and updates them accordingly.
While simple in theory, consolidating and normalizing technology data that resides in multiple stakeholder-specific databases is a major undertaking. To do it right requires cultural and organizational change, and security must interact and mesh with other IT groups in new ways.
And as veteran security leaders can attest, change, even when it’s needed, doesn’t always come easy. While the rapid ascendency of the CISO role reflects the extent to which security has become aligned and integrated into the business, security is not managed in a vacuum.
Security may be quarterbacking what policies are set, but IT teams are doing the implementing. And because attack surface management usually entails managing high volumes of alerts and change requests, security teams, already overwhelmed by the workload, pass off change requests to the IT team, who resent the degree to which security related tasks increase their workload. It’s the exact same dynamic that creates so much friction between DevOps and Security teams – same conundrum, different use case.
The benefits of a single, centralized enterprise technology database not only aid security teams in their efforts to manage asset-related threats but also enable them to more effectively interact with IT Ops and other stakeholders on core business processes, so many of which depend on effectively managing technology assets. Centralizing enterprise technology management will enable security teams to spot risk sooner, fix it faster, and gain a better understanding of how it arose in the first place.
That may sound like a heavy lift, but there is a clear path forward. CISOs and CIOs, who these days are collaborating more closely than ever, recognize that updating technology management processes provides the opportunity to mature from managing asset-related risk to reducing it. If security relies on a specialized tool to manage technology assets for security and compliance, then other business units will do so as well, creating the data silos and blind spots that allow asset-related risks to arise.
Furthermore, as asset-related business processes become increasingly cross-functional and business-critical, it makes sense for security to have a multifaceted and more contextual understanding of how asset risk arises in the first place. The way to mitigate technology asset-related risk as these functions become exponentially more complex and riskier is to align all the stakeholders through better asset governance. And what better way to do that than to provide centralized visibility into and control over how enterprise technology is managed?
This approach also serves to further integrate security into the business because it breaks down silos that are currently still in place. Net/net: Centralizing enterprise technology management presents a strategic opportunity to implement the governance needed to better understand, manage, and ultimately reduce asset risk. After all, an ounce of prevention is worth a pound of cure - right?
So, what are we waiting for?
Arthur Lozinski is the Co-founder and CEO of Oomnitza.
Related articles:
About the Author
You May Also Like