Cyber Asset Management Overwhelming IT Security Teams
IT security teams are overwhelmed by cyber asset management. As corporate assets are being moved to cloud storage, IT security management is being strained to the breaking point as larger attack surfaces are created to expose organizations to increasing cyber risks.
API-first, cloud-first, and digital transformation initiatives are rapidly reshaping the enterprise technology ecosystem. Consequently, cybersecurity suffers.
Security professionals can no longer handle the asset lifecycle using traditional, manual approaches due to the growing complexity of modern attack surfaces.
Workload unprecedented
Modern security teams manage more than 165,000 cyber assets, such as cloud workloads, devices, network assets, applications, data assets, and users. Over 120,000 security findings are accumulated in the backlog of security teams, which are overworked, understaffed, and underskilled.
Key Findings
In the enterprise, cyber assets vastly outnumber employees. On average, an organization has more than 500 cyber assets per employee. Successful security requires automation.
Typically, organizations have a device ratio of 110:1 between employees and devices. Security teams manage an average of 32,190 devices. Almost 90 percent of modern devices involve the cloud. Only 1 percent of net assets are static IP addresses, while 56 percent are network interfaces. A dynamic attack surface requires new, automated security approaches.
A Look at the Numbers
Three hundred seventy-two million security findings were collected from 1,272 organizations, including enterprises, mid-market organizations, and small businesses.
90% of device assets in a modern organization are cloud-based. Less than 10 percent of all devices are physical devices, such as laptops, tablets, smartphones, routers, and IoT hardware.
As a result of the pandemic, businesses turned to cloud technology to support remote work and maintain some semblance of normalcy.
Pay attention to the cloudy forecast.
Security teams often overlook the indirect relationships between users, devices, networks, and critical data. According to the report, only eight percent of queries requested JupiterOne to analyze second or third-degree relationships between assets.
According to SCAR, cloud-native security tools are needed for automated decision-making and data-driven security. Having complete visibility of their cyber asset landscape and asset relationships will significantly benefit security teams.
second-degree or third-degree relationships between assets, noted the report.
Organizations need to invest in cloud-native security tools that allow for automation and data-driven decision-making, SCAR recommends. This will help security teams gain true visibility of their cyber asset landscape and asset relationships