The Next Evolution of ITAM, Beyond CMDB and ITSM

by

Barcodes and Stickers - The Old World

I'm old. When I began my career, IT asset management (ITAM) meant going around, from computer to computer, and putting stickers with barcodes and numbers on every piece of hardware. Assets were clearly defined as servers, desktops, monitors, and occasionally, if you travelled a lot, a laptop. Tracking these systems meant keeping a spreadsheet of details mapping owner to asset and tracking the changing data over time. 

JupiterOne - The Next Evolution of ITAM

Today things are very different. CMDB (Configuration Management Database) and ITSM (Information Technology Service Management) have superseded the old school barcode and excel way of tracking assets. We now track assets and configuration models as software defined items that provide some kind of value to the business. The concept of what an asset is has changed drastically over the last 20 years to now include nearly everything you can draw a box around, adding new cloud specific asset classes, and tracking connectivity between assets automatically and continuously. The CMDB world will never be the same.

A New World of Cyber Assets

JupiterOne - The Next Evolution of ITAM

Over the years, enterprises have built up huge databases of assets, generally tied to IP addresses and device configuration details, making it nearly impossible to maintain and update the information. While the data provides significant value to the business, without the ability to continuously ensure that all of the data is accurate, most of the time customers find themselves asking questions that can not be answered. Additionally, it's more difficult than ever to keep asset data up to date in a cloud native world where assets are ephemeral and transient. Driving asset management based on IP address is antiquated and doomed to failure.

Relationships Bring Context

At a broader level, traditional asset management technologies were not designed to analyze the relationships between assets. This analysis of connectivity is where the true value resides in a modern cyber asset driven infrastructure and security program. The ability to ask your management systems questions that get to the heart of what you need to know necessitates the ability to understand the relationships between all of your assets. What really matters are the verbs that describe these relationships. Verbs such as "has", "owns", "accesses", and more, are how you find important information. As a mental exercise, try to ask a question of your infrastructure or security systems and see if you can do it without using a verb. It's nearly impossible.

API and Cloud Driven Change

JupiterOne - The Next Evolution of ITAM

We must change how cyber assets are considered. In the modern world both the security and infrastructure toolchains are completely accessible via APIs. This is a very important distinction. When traditional asset management systems were designed, data collection had to be done in a much more manual or semi-automated manner. Since API driven development models took over, we have been given the opportunity to collect so much more information and data in a completely automated way, it is changing how we build our technology management solutions.

The move to cloud changed the definition of asset faster than anyone could have imagined. Adding new classes such as cloud workloads, CSP configuration, datastores and data buckets, cloud identities, and much more require a more detailed and continuous view into the state of your assets. Over the last couple of years the speed and pace of innovation has grown dramatically, pushing us faster and faster into this cloud native environment. Companies born in the last few years have almost exclusively been cloud-native, cloud-first designs.

Cyber Asset Management - Growth for the Future

CMDB and ITSM systems aren't going anywhere, but they are being displaced by Cyber Asset Management. CMDB is the meat and potatoes of your infrastructure and should be the driving force behind many of the technical decisions you and your team make every single day. It's going to stay that way for a long time, but it makes sense to broaden your definition of what a good CMDB is and to include asset classes and systems that are designed for cloud native technologies and the relationships between them. Long live cyber asset management!

The Next Evo of ITAM - 06JupiterOne - The Next Evolution of ITAM

 

Modern Visibility in Cyberseccurity
Tyler Shields
Tyler Shields

CMO JupiterOne. Former Forrester analyst. 20+ year veteran of the cyber security world.

Keep Reading

Proactive IAM Security: Transforming Identity Security with Actionable Insights | Okta Integration with JupiterOne
December 19, 2024
Blog
Unlocking Proactive Security: How Okta and JupiterOne Elevate IAM Insights

Unlock proactive IAM security with Okta and JupiterOne, gaining real-time insights, enforcing least privilege, and reducing risks in dynamic cloud environments.

Transitioning from Vulnerability Management to Exposure Management | JupiterOne
December 13, 2024
Blog
Transitioning from Vulnerability Management to Exposure Management with JupiterOne

Explore Gartner's latest report on Exposure Management and learn how your organization can prioritize vulnerabilities and minimize exposures.

The Ultimate CAASM Guide for 2025 | JupiterOne
November 20, 2024
Blog
The Ultimate CAASM Guide for 2025

Discover how Cyber Asset Attack Surface Management (CAASM) is providing enhanced visibility of internal and external assets in 2025.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.