We are living in the era of the fully connected enterprise. CTOs and CISOs have long since realized that data and information trapped inside of siloes is far less valuable and useful. This is why one of the fastest growing areas of IT tools is low-code and no-code automation tools. Integration of all necessary IT systems allows for more accurate and timely views of systems, enabling data alignment and workflows. This integration then further enables a shift towards orchestration of all IT assets under management with a single unified platform, accessible via a single pane of glass. No team benefits more from this capability than the cybersecurity units of enterprises.
Technology orchestration essentials
Orchestration means the automation and enhanced coordination of management of critical IT assets. Building this muscle is now critical for defending the enterprise from nascent threats. The speed and diversity of attacks has dramatically increased while the complexity and breadth of the IT estate (driven by a ubiquitous remote workforce) has grown exponentially.
- In 2020, the US-CERT Vulnerability database published a record number of CVEs for the fourth year in a row.
- It takes roughly 38 days for IT and security organizations to patch a vulnerability on average.
- High or critical risk vulnerabilities in external facing web applications rose from 19.2% in 2018 to 34.78 per cent in 2019 while high risk vulnerabilities in network layer applications doubled during that period, according to Vulnerability Management vendor Edgescan.
- We have seen growing numbers of critical and Zero Day vulnerabilities against Android and iOS devices.
- Hackers are increasingly targeting cloud computing services like Amazon Web Services S3 storage service.
In this dynamic and risk-laden environment, basic IT Asset Management is no longer sufficient to protect the IT Estate. Standard and legacy ITAM systems that are siloed or only superficially integrated cannot:
- respond fast enough to properly maintain security
- often contain inaccurate or out-of-date information
- require manual intervention for anomalies
- complicate IT audits and compliance checks by generating conflicting data or requiring significant amounts of manual collection
To address these issues, newer platforms like Oomnitza go beyond ITAM to address the orchestration of the entire technology portfolio.
How technology orchestration sharpens cybersecurity across the enterprise
In most enterprises, IT assets are managed with a collection of systems including standard ITAM, MDM, SAM, and CMDB systems. All play a role and are necessary. Connecting them all is painful because it requires work to build an infrastructure that automates data collection and normalizes data formats. Agentless integration approaches solve this problem by leveraging agents from all these systems to collect information into a single and constantly updated database of record. Using existing agents minimizes the load and footprint requirements associated with technology orchestration and allows for faster roll out.
Beyond integration, bi-directional data flows are important because they enable orchestration. By orchestration, we mean that an IT administrator or cybersecurity team member can create rules and policies that automatically enforce and manage security considerations for the IT estate. For example, if a laptop is detected as having encryption disabled, then a rule may kick in to prevent that device from accessing key cloud computing or cloud storage assets from IP addresses outside of the corporate network. Further, the owner of the laptop and the IT administrator for the laptop might receive an email and Slack notification of the potential risk.
Just as firewalls and threat management systems create policies based on insights or new types of security risks, technology orchestration can automatically suggest new policies that will enhance security. Beyond risk management, it can dramatically reduce the effort and time spent for security teams on asset management topics by enabling more fluid coordination with IT teams and by creating a single collaboration space where everyone can have the same view of the current status of everything in the IT Estate. From this single view, IT and cybersecurity teams can collaborate to constantly tune policies and orchestration playbooks to maintain a strong security stance.
Lastly, orchestration of the technology portfolio allows for cybersecurity teams and risk management teams to proactively enact compliance measures. Technology orchestration can automatically detect out of compliance assets and push notifications to the proper stakeholders. Even further, it can automate compliance remediation by using two-way data syncing and flows to empower patching or configuration management changes based on compliance status.
Disappearing are the days of comparing spreadsheets of asset status or manually updating service and security tickets to request remediations. Technology orchestration renders these clunky and error-prone practices unnecessary while giving enterprises better security and affording security teams the two greatest gifts – time back to work on bigger things and peace of mind.