Next on the Network Security Hype Cycle: CAASM

Companies need to address security weaknesses in their networked applications as well as those that are not controlled by IT, and CAASM can finally provide a solution.

The Gartner Hype Cycle for Network Security has identified Cyber ​​Asset Attack Surface Management (CAASM) as an emerging technology. This could help businesses and enterprises reduce their vulnerability without reducing the visibility of cyber assets.

We’ve spilled so much ink talking about how Covid-19 has disrupted normal and accelerated digital transformation at breakneck speed. We will not stop now. With this acceleration comes heightened scrutiny from threat actors ready to exploit weaknesses in hasty deployments.

Covid-19 has pushed organizations towards rapid digitization. The other possibility? Catastrophic business interruption. So companies expanded customer-facing APIs and doubled down on engagement apps designed to revamp normal operations of the economy into something that would work for pandemic lockdowns.

Cybersecurity for this increase is not easy. Companies had to walk a very thin line between making their business available to customers and employees now working from home and locking down weaknesses. In response to this pressure, enterprises have embraced the Zero Trust architecture and seen a further maturation of network access control. The response also stimulated a new area of ​​interest.

Turning the Hype Cycle: Managing the Attack Surface of Cyber ​​Assets

CAASM makes cyber assets more visible to businesses. It allows an organization to bring together external and internal assets through API integration. It interrogates them, then fixes vulnerabilities while providing better security control.

Companies are paying attention to this because it goes beyond the containerized approach to security and provides broad visibility into everything a company is managing in its network. It reduces the threat of human error by reducing manual collection processes and moves businesses away from less comprehensive in-house solutions.

CAASM can fill gaps due to missing or outdated information and provide visibility into an organization’s security tool coverage. It improves safety hygiene by ensuring that all safety measures work in the environment.

Gartner identifies the following drivers for CAASM adoption:

  • Businesses have complete visibility into all digital assets for the first time, enabling greater security coverage. Companies see the gaps and ensure that security measures are corrected across the environment.
  • Companies are also dramatically reducing the time and effort spent on compliance audits. CAASM reduces laborious manual recovery systems and unites all assets in a single environment. When audits take place, no one has to search for missing information.
  • It consolidates all assets into one platform with a single, standardized view. All teams have access to this view, including all stakeholders responsible for security or who could benefit from such a consolidated view and query capability.
  • Businesses can finally integrate third-party and shadow IT systems into the fold. CAASM meets with less resistance than other solutions and could provide vital control to IT.

Some barriers to full adoption remain

CAASM is on Gartner’s “up” list for good reason. It is experiencing increasing maturity, but still, some obstacles remain to its full market saturation.

Resistance to more tools

Some companies might look at CAASM and see their existing tools. The cost and time to adoption may seem excessive for networks with adjacent processes and tools that accomplish similar things.

Businesses need to understand the engine behind CAASM. The single point of view for all applications and APIs, including those beyond IT control, provides the opportunity to address weaknesses and reduce human error.

Large asset stores

When these products are licensed under the rubric of “consumed assets”, they could prove prohibitively expensive for large companies with millions in assets. This will be a significant challenge for companies offering these services in the future.

However, as the field matures, we might see more cost-effective solutions that factor the weight of asset access into those numbers.

Scalability and current tools remain limited

Because it’s so new, companies can have difficulty scaling CAASM and finding tools that integrate with it. Integration teams can also block access.

The good news is that being on Gartner’s hype cycle inspires companies to address both of these challenges. Companies looking to adopt these measures can keep an eye on emerging resources as the cycle progresses.

Meeting the challenges of CAASM

Companies looking to invest in this new technology should determine their main objectives to help direct investments. For example, companies may decide that gaining visibility into all assets is the primary focus of spending. Others may conclude that greater automation capability is the end goal. These clear guidelines can facilitate the adoption of any new technology.

Organizations can also do themselves a great favor and list all the APIs currently in use to ensure that the CAASM provider of their choice can access each one. Organizations can ensure they have all required accounts and access points before they begin to reduce frustrating onboarding delays.

And speaking of inventory, companies can extend that inventory to all vendors currently under contract. They can learn about vendor plans for future CAASM integration capabilities to determine if a roadmap exists.

More than anything, extending usage beyond IT security teams (anyone involved in compliance, management, or system administration) could be the key to full enterprise adoption. CAASM is not meant to stay within the narrow confines of core IT teams. It works because it provides visibility and feedback to all stakeholders for a company’s digital assets.

Although Gartner identifies an adoption rate of less than 1% today, this emerging solution could be the next big thing in cybersecurity. Companies need to address security weaknesses in their networked applications as well as those that are not controlled by IT, and CAASM can finally provide a solution.

Kevin M. Risinger