Unmanaged IT Assets: What You Don’t Know CAN Hurt You

Unmanaged IT assets

Written by Jackie Bilodeau

I am the Communications Director for CGNET, having worked for CGNET off-and-on since the early 1990's. I enjoy hiking, music, dance, photography, writing and travel. Read more about my work at CGNET here.

March 16, 2023

When was the last time you took a look at all of your IT assets?  And I mean, ALL of them?  There are several reasons you will want to find out if any of your organization’s assets are not being appropriately managed:

Unmanaged IT assets

  • are often the first place attackers can find (and gain more) traction
  • slow down incident investigations
  • allow attackers to bypass firewalls
  • may lack security patches, particularly if they are old, outdated devices

One report from 2021 noted that 69% of organizations “admit that they have experienced at least one cyber-attack that started through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset.”

IT in the shadows

Another 2021 report  found that 32% of organizations believe “shadow IT” assets are the greatest challenge for IT asset management.  Shadow IT refers to unmanaged assets and infrastructure whose setup circumvented the approved channels and processes. It can be categorized two ways:  Accidental or intentional. Accidental shadow IT happens, for example, during organizational change when IT oversight may be neglected. Intentional shadow IT on the other hand, is when a user deliberately bypasses approved procedures when adding an asset to the system. Whichever way it came to be, a shadow asset may not be adequately protected, patched or updated. And no matter the scale, shadow IT can lead to BIG problems like data breaches, data loss and compliance failure. It is critical you find these hidden IT assets and bring them into the light.

The solution: Conduct a FULL asset inventory

While it sounds like a formidable task (and frankly, the first time it will likely be a lot of work) it’s absolutely necessary to get an asset inventory in order to close up the gaps in your security.  I won’t get into too much detail about the process (for that, I’ll refer you to this post from my colleague Dan Callahan).  But the bottom line is that you need to find and catalogue these 3 things:

  • Everything – managed or currently unmanaged – you have in terms of hardware, applications and operating systems
  • The locations of all of these
  • Everything your devices are connected to

One quick and crucial point: When it comes to your asset inventory, don’t forget to include any IoT devices that may connect to your network. For example, smart thermostats, smoke detectors, lighting, etc. These often get overlooked when considering cybersecurity protocol and may provide easy access to outsiders. One of our customers found this out the hard way.

It’s worth all the work

Here’s the good news: While yes, it can be quite a lot of work conducting an initial inventory, once it is done the upkeep should be a breeze. (Well, as long as the upkeep is regularly…upkept.)  And knowing everything you have is the first step to reining it all in and getting your unmanaged IT assets accounted for.  The payoff is that you’ll be protecting your organization from a potential disaster.

You May Also Like…

You May Also Like…


Submit a Comment

Your email address will not be published. Required fields are marked *

Translate »
Share This