Operational technology (OT) - technology used to control manufacturing or production devices - can be hard to inventory and secure. Organizations that operate multiple network systems or use tools that can’t easily be deployed on OT infrastructure must ensure their scanning efforts don't undermine containment efforts, and that threat actors can't leverage tools that accesses multiple networks for malicious purposes.

In contrast, cloud inventory can be perceived as easy because things tend to be more automated. But as non-IT employees are being given the permission to create cloud-based assets, it can be hard to maintain control of your cloud inventory. Moreover, some on-premises asset inventories may not include cloud assets automatically. Both inventories are needed to account for potential blind spots.

The journey to the cloud can provide a clean start. Maximize the opportunity by creating clean and proper processes. Leverage native capabilities of cloud environments, followed by third-party tools. Some cloud providers make things so easy to get started, it can be tempting to underestimate your role in securing your assets, but you must pay close attention to your cloud resources as these are becoming the new toys for threat actors.

Asset management is one part of a set of controls; it supports other controls like deployment of security tools and monitoring capabilities, but this is just the first step. We recommend using an asset management tool, but there’s no reason to spend your whole security budget on the best one.

Michelle Waldron Michelle Waldron
Cyber Services Team Leader - East
Philadelphia, PA

The information set forth in this document is intended as general risk management information. It is made available with the understanding that Beazley does not render legal services or advice. It should not be construed or relied upon as legal advice and is not intended as a substitute for consultation with counsel. Beazley has not examined and/ or had access to any particular circumstances, needs, contracts and/or operations of any party having access to this document. There may be specific issues under applicable law, or related to the particular circumstances of your contracts or operations, for which you may wish the assistance of counsel. Although reasonable care has been taken in preparing the information set forth in this document, Beazley accepts no responsibility for any errors it may contain or for any losses allegedly attributable to this information.