Why Securing Both Managed and Unmanaged Connected Assets is Critical
By Curtis Simpson, CISO
Digital transformations have resulted in significant improvements in productivity, efficiency, cost savings, and more for organizations across industries. This innovation is driving the exponentially growing number of assets being connected to business networks around the globe. As a direct result, it’s predicted that the number of Internet of Things (IoT) devices worldwide will reach 75.44 billion by 2025, up from 26.66 billion in 2019.
The number of connected assets goes far beyond IoT devices alone, however, and includes IT, cloud, connected medical devices (IoMT), operational technology (OT), industrial control systems (ICS), 5G, etc.
Further, there are two main categories under this umbrella of connected assets – those that are managed and those that are unmanaged.
Security Challenges Introduced by Unmanaged Devices
Managed assets, like computers and cell phones, have a managed security agent already installed. Unmanaged assets have internet connectivity and operate on business networks, but have no managed security agent. Unmanaged assets include the likes of MRI machines and other connected medical devices and technologies, operational technology (OT) such as PLCs or HVAC systems, connected physical security devices, and much, much more.
It’s anticipated that the number of unmanaged assets alone will surpass 50 billion devices by 2025, so it’s critical that organizations be aware of this distinction. Otherwise, unmanaged devices can fly under the radar of security teams, creating blind spots in the network for those only focused on managed devices, ultimately introducing opportunities for exploitation and business impact.
Research has found that IT professionals do not have a true count of devices connected to their network, reflecting a false sense of confidence in these organizations’ security postures: 94% of respondents said they have a live view of all their connected assets, however nearly half (48%) of respondents still use spreadsheets like Excel or Google Sheets to track their connected asset inventory, with 55% saying they use multiple tools.
How Asset Visibility and Security Can Help
If you can’t see an asset, you can’t protect it. That’s why asset visibility and security is critical to an organization's security stack, as it takes into account security for all assets, managed and unmanaged.
With increased visibility into both categories of connected assets on the network, security teams are empowered to discover all assets in their environment and to keep an updated IT asset inventory with this information. With this, IT teams can keep a continuous, real-time pulse on their inventories as new devices are brought online and old assets are disconnected from the network. This level of insight is essential to securing these endpoints, as it enables security teams to better manage the vulnerabilities they have to respond to, helping them to effectively prioritize as needed to disconnect or quarantine suspicious or malicious devices before cyberattackers can exploit these assets to move around the network.
It’s critical for business leaders to effectively balance innovation and security. New technologies are intended to benefit businesses, so it’s essential that security leaders don’t let them become a double-edged sword that introduces security gaps. It may seem daunting, considering the massive explosion of connected assets and today’s complicated threat landscape. Armis is here to help.