The Next Evolution of ITAM, Beyond CMDB and ITSM

by

Barcodes and Stickers - The Old World

I'm old. When I began my career, IT asset management (ITAM) meant going around, from computer to computer, and putting stickers with barcodes and numbers on every piece of hardware. Assets were clearly defined as servers, desktops, monitors, and occasionally, if you travelled a lot, a laptop. Tracking these systems meant keeping a spreadsheet of details mapping owner to asset and tracking the changing data over time. 

JupiterOne - The Next Evolution of ITAM

Today things are very different. CMDB (Configuration Management Database) and ITSM (Information Technology Service Management) have superseded the old school barcode and excel way of tracking assets. We now track assets and configuration models as software defined items that provide some kind of value to the business. The concept of what an asset is has changed drastically over the last 20 years to now include nearly everything you can draw a box around, adding new cloud specific asset classes, and tracking connectivity between assets automatically and continuously. The CMDB world will never be the same.

A New World of Cyber Assets

JupiterOne - The Next Evolution of ITAM

Over the years, enterprises have built up huge databases of assets, generally tied to IP addresses and device configuration details, making it nearly impossible to maintain and update the information. While the data provides significant value to the business, without the ability to continuously ensure that all of the data is accurate, most of the time customers find themselves asking questions that can not be answered. Additionally, it's more difficult than ever to keep asset data up to date in a cloud native world where assets are ephemeral and transient. Driving asset management based on IP address is antiquated and doomed to failure.

Relationships Bring Context

At a broader level, traditional asset management technologies were not designed to analyze the relationships between assets. This analysis of connectivity is where the true value resides in a modern cyber asset driven infrastructure and security program. The ability to ask your management systems questions that get to the heart of what you need to know necessitates the ability to understand the relationships between all of your assets. What really matters are the verbs that describe these relationships. Verbs such as "has", "owns", "accesses", and more, are how you find important information. As a mental exercise, try to ask a question of your infrastructure or security systems and see if you can do it without using a verb. It's nearly impossible.

API and Cloud Driven Change

JupiterOne - The Next Evolution of ITAM

We must change how cyber assets are considered. In the modern world both the security and infrastructure toolchains are completely accessible via APIs. This is a very important distinction. When traditional asset management systems were designed, data collection had to be done in a much more manual or semi-automated manner. Since API driven development models took over, we have been given the opportunity to collect so much more information and data in a completely automated way, it is changing how we build our technology management solutions.

The move to cloud changed the definition of asset faster than anyone could have imagined. Adding new classes such as cloud workloads, CSP configuration, datastores and data buckets, cloud identities, and much more require a more detailed and continuous view into the state of your assets. Over the last couple of years the speed and pace of innovation has grown dramatically, pushing us faster and faster into this cloud native environment. Companies born in the last few years have almost exclusively been cloud-native, cloud-first designs.

Cyber Asset Management - Growth for the Future

CMDB and ITSM systems aren't going anywhere, but they are being displaced by Cyber Asset Management. CMDB is the meat and potatoes of your infrastructure and should be the driving force behind many of the technical decisions you and your team make every single day. It's going to stay that way for a long time, but it makes sense to broaden your definition of what a good CMDB is and to include asset classes and systems that are designed for cloud native technologies and the relationships between them. Long live cyber asset management!

The Next Evo of ITAM - 06JupiterOne - The Next Evolution of ITAM

 

Modern Visibility in Cyberseccurity
Tyler Shields
Tyler Shields

CMO JupiterOne. Former Forrester analyst. 20+ year veteran of the cyber security world.

Keep Reading

Introducing Continuous Controls Monitoring (CCM) | JupiterOne
November 7, 2024
Blog
Introducing Continuous Controls Monitoring (CCM)

CCM delivers real-time visibility, proactive risk management, and streamlined compliance for security.

Now Available: JupiterOne’s Public Postman Workspace | JupiterOne
October 31, 2024
Blog
Now Available: JupiterOne’s Public Postman Workspace

Explore JupiterOne’s Public Postman Workspace to streamline your workflows and enhance your security operations.

Prioritizing Exploitable Vulnerabilities to Protect Your Business Critical Assets | JupiterOne
October 16, 2024
Blog
Prioritizing Exploitable Vulnerabilities to Protect Your Business Critical Assets

Vulnerability scanners flood teams with alerts, but CTEM helps prioritize based on exploitability and business impact, ensuring focus on the most critical threats.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.