Internal Considerations
Topics to reflect on internally when considering a new product or solution.
If your organization decides to transition from an on-premises IAM deployment to a cloud-based approach, you will need to carefully assess the gap between the technical capabilities desired by your organization and those offered by the vendor. Thus, there are some technical prerequisites that should be considered before selecting an ASM solution. These prerequisites are listed below:
Does your organization have the following solutions in place? If so, which vendor solutions provide connectors for your organization’s specific tools?
Examples include:
ITSM, SIEM, SOAR, 3rd-party CTI, Customer IAM for admin authentication / federation, UEM and/or MDM, VMS, PAM, CIEM
- EPDR / XDR
Does your organization have the capacity to run an ASM solution?
Since EASMs are SaaS, engaging a vendor does not significantly increase the need for additional labor on the part of the customer. EASM reports can be delivered to management for strategic planning and IT security personnel for dispositioning discovered issues. CAASM solutions may require additional customer staff to manage.
Executive buy-in and the business case for ASM.
You can’t protect assets if you don’t know they exist. Many organizations are surprised to learn that they have exposed assets like storage buckets, VMs, containers, or test or pre-production servers on their DMZs. Any unsecured exposed asset is a potential vector for a cyber attack. Executives today are increasingly aware of the risk of financial loss and damage to business reputation due to cyber attacks. ASM solutions offer greater visibility and opportunities to lower risks. ASM solutions can aid with adhering to (though not mandated) by some cybersecurity regulations and frameworks, such as NIST CSF and EU NIS2.