Qualys survey shows that Only half of companies classify asset management as safety-critical
In a survey, Qualys examines the role of asset management in the security strategy of companies and how security teams approach vulnerability management.
Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based IT, security and compliance solutions, announces the results of a survey on asset management. 306 employees from IT companies with more than 250 employees took part in the survey*. The results show that for half of the respondents in their company, asset management does not play a central role in IT security. In addition, only half of the companies use a standardized tool for this purpose.
A complete overview of all existing assets is the basic prerequisite for ensuring IT security in the company. Only when all assets are made visible can security updates be carried out regularly for them. It is not uncommon for attacks by malicious actors to succeed by using a vulnerability in an unpatched system as an entry point to quickly paralyze the entire corporate network from there.
The results of the survey show that only 51 percent of companies consider asset management to be safety-critical at all. As a result, for half of the respondents, asset management is not part of the security strategy. For the majority of respondents (69 percent), the IT department is responsible for asset management, and 71 percent assume that the patch teams can fix vulnerabilities and misconfigurations within the proposed time frame. The question of whether there is a complete overview of all assets in the company is answered in the affirmative by 61 percent, 11 percent assume that there are no assets in the global network in the company and the remaining 10 percent do not or cannot provide any information. 18 Percent say that there is a lack of information about their assets.
The survey also examined whether a standardized tool for asset management is used centrally in the participants’ companies or whether asset management is distributed among different departments. For half of the respondents (50 percent), asset management is carried out using a standardized tool. 20 Percent rely on different tools in different departments. The remaining 30 percent have no asset management installed in the company (13 percent) or cannot / do not want to give an indication of this (17 percent). The participants were also asked whether they can rely on their existing inventory systems and whether they know whether their asset information is always up to date. 60 Percent of the respondents state that they can rely on their systems. A total of 18 percent cannot rely on their system because different systems are used for asset management (9 percent), there is no automation and the systems are maintained manually (5 percent), or the consolidation of data is too complex due to the high fragmentation of the infrastructure (4 percent).
Since vulnerabilities occur regularly and must be responded to immediately, patch teams are best placed to use automated solutions for this purpose. Making assets visible and managing them in the corporate network via manual ways takes a lot of time, which an IT security team can invest more sensibly in other tasks. In addition, an automated solution is more reliable in terms of recording the current security status of each asset in the network and displaying threats in real time. Because in the event of an attack from the outside, every minute counts. Standardized cloud-based tools, such as Cloud Security Asset Management (CSAM) from Qualys, help companies to keep track of their assets at all times, to keep them up to date with the latest security status and to be able to react quickly in an emergency. Because you can only protect what you can see.