No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Who’s Monitoring IT Assets? “Survey says…”

How Corporations Are Addressing Technology Asset Management (TAM)

by Mark Gaydos
July 16, 2019
in Data Privacy
server farm or datacenter

Businesses need to manage large numbers of network-connected devices, but how much control do we really have on our technology assets? Nlyte’s Mark Gaydos provides highlights from a recent Nlyte survey on how managers control assets now and what’s changing.

As organizations digitalize and their compute infrastructures grow, IT resources don’t necessarily flow to the places that need them most. Allocating manpower to ensure IT compliance adherence is one of those resources that often gets neglected. As a result, companies often find themselves guilty of data failures due to weak compliance measures. While being found as “noncompliant” isn’t a crime, it does damage public confidence in a company — Equifax is still recovering.

GDPR, HIPAA, PCI, SOX and other mandates are put in place by various agencies as checks and balances that provide best-practice guidance. When it comes to IT compliance, there are two basic areas: internal compliance for assuring adherence to an organization’s specific rules and regulations and external compliance, which adheres to the government-established laws. Then there are the “in between” internal and external mandates imposed by organizations such as the Payment Card Industry Data Security Standard (PCI DSS) that provides added security for financial transactions or the voluntary use of the Basel III framework.

Pulling IT staff away from daily tasks to address compliance issues can have its own faults. There is an internal cost associated with shifting IT functions from helpdesk responses and revenue-generating infrastructure upgrades to concentrate on documenting IT processes and procedures. Fact is, there are many other tasks that often take precedence over the daily network scans that ensure the network will make an auditor happy. The belief that compliance issues are a constant focus varies greatly from the C-Suite folks in corner offices to the cable-pulling IT staff keeping the data flowing.

Compliance Assumption Gap

Pulling information together from isolated data sources to provide the required material for audit and compliance reports can be a major obstacle for organizations to contend with. Often these data sources include everything from spreadsheets to post-it-notes, among other third-party applications across myriad workgroups.

Who is watching what, and how often? The answer to this seemingly simple question can vary greatly depending upon who you ask within a company. A new survey, titled “Technology Asset Management Global Survey: Today’s Challenges of Device Proliferation,” sheds some light into this question’s answer.

The global survey took a poll of 1,516 technology asset decision-makers within organizations employing 1,000 people or more. Of the respondents, 96 percent say that hardware and software technology asset control is a top-5 priority for the business — that is no surprise. However, what is a surprise is that almost one-third (31 percent) of those enterprises are still tracking their asset management control manually. When the IT department has limited time to conduct compliance-related tasks, this manual process is daunting and can lead to pushing compliance endeavors further down the calendar page. Thirty-five percent of C-Suite members confirmed that data is captured manually as part of an IT asset management process, but also that it’s known to be quickly out-of-date and prone to human error.

IT assets need to be monitored frequently, but the assumption rate that this occurs varies widely. The Technology Asset Management Global Survey (Survey) found that C-Suite respondents believe assets are being scanned hourly (27 percent) or daily (35 percent), yet those at the manager level are less confident (8 percent and 28 percent, respectively).

Daily network scans are important because new devices are connected quite often and undetected IT assets are compliance and security risks. When it comes to undetected devices, the Survey found:

  • 28 percent of C-Suite leaders and 29 percent of managers believe that 10 percent of their assets are undetected and unprotected.
  • 35 percent of C-Suite leaders and 14 percent of managers believe that 20 percent of their assets are undetected and unprotected.
  • Only 24 percent of asset managers believe that 80 to 100 percent of their devices had the latest security software and firmware patches.
  • 33 percent of IT devices are infrequently connected to the network, according to asset managers.

Simply put, missed network scanning equates to a greater vulnerability, which inevitably leads to compliance issues. This is confirmed by 15 percent of organizations reporting that somewhere between 80 and 100 percent of devices are not proactively managed — an open invitation for risk.

Although most IT devices are up to date (on average, 67 percent have the latest security software and firmware patches), less than half (49 percent) have a solution that scans and validates all devices in order to provide an audit trail for security patch management. In addition, the Survey found that almost half (48 percent) of devices are not proactively managed at all. While that 67 percent figure having the latest software and firmware is better than average, it validates that only one-third of IT assets controlling such data as personal finance, health care and social security numbers are at risk, outdated or unmatched.

Conclusion

IT asset scans and recordkeeping cannot be managed manually if organizations wish to be in compliance with imposed mandates and regulations. Even if barcode technology is used, once a section is finished and the auditing employee moves on, somebody could come in right behind and install or remove a device. Achieving IT compliance must be a systematic and automated process that continuously identifies, monitors and audits the full network to achieve and maintain adherence.

With data moving to the cloud, into virtual realms and pushed to the edges of the network, the IT infrastructure is far too vast to know what is — and is not — in compliance by glancing at a spreadsheet. Using a technology asset management tool to help simplify the adherence process is a good idea. As the “Survey says,” over 1,500 large organizations believe they are most likely to gain business efficiency (41 percent), overall cost savings (40 percent) and data/corporate security (39 percent) benefits by using a TAM solution.


Tags: Technology
Previous Post

What Does it Take to Be a Great Corporate Director?

Next Post

CCPA Compliance: Preparing for the California Consumer Privacy Act

Mark Gaydos

Mark Gaydos

Mark Gaydos is Chief Marketing Officer at Nlyte, where he leads worldwide marketing and sales development. He oversees teams dedicated to helping organizations understand the value of automating and optimizing how they manage their computing infrastructure. Mark has more than 20 years of enterprise software marketing experience helping technology companies establish leadership and rapidly grow revenue. He previously served as the SVP of marketing at Engine Yard and has held a variety of executive marketing roles at enterprise companies such as Oracle, SAP, and Engine Yard. Mark has an M.B.A. in management science from San Diego State University and a B.A. in economics from the University of California, Santa Barbara.  

Related Posts

regulatory storm

The Regulatory Storm Is Coming. Compliance Can Help Tech Leaders Batten Down the Hatches

by Stuart Breslow
September 14, 2022

The “move fast and break things” mentality that serves tech entrepreneurs well when they’re getting their companies off the ground...

logicgate black kite integration

LogicGate Risk Cloud Adds Black Kite Integration for Third-Party Risk Management

by Corporate Compliance Insights
March 30, 2022

LogicGate’s Risk Cloud compliance platform has added integration with Black Kite, which offers cyber ratings, Open FAIR financial risk quantification,...

protecht series a

Protecht Group Lands $30M in Series A Funding From Arrowroot Capital

by Corporate Compliance Insights
February 22, 2022

Risk management software and services provider Protecht has secured a $30 million Series A funding round from Arrowroot Capital. Founded...

Thomson Reuters: Fintech, Regtech and the Role of Compliance in 2022

Thomson Reuters: Fintech, Regtech and the Role of Compliance in 2022

by Corporate Compliance Insights
December 14, 2021

The sixth Thomson Reuters regulatory intelligence report is shining light on the role of fintech and regtech across the financial...

Next Post
illustration of man's ID on a fish hook

CCPA Compliance: Preparing for the California Consumer Privacy Act

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT