Asset management paves the way to NIS2 compliance
Having a clear understanding of your hardware and software assets is crucial for effective IT management and protecting your corporate environment. This becomes even more important with the upcoming NIS2 directive.
In short
- A comprehensive picture of hardware and software assets is vital for effective IT management, especially with the NIS2 directive taking effect later this year.
- NIS2 affects many companies and requires comprehensive cyber risk management.
- The first step towards NIS2 compliance is determining the current status of your IT and OT assets. Detailed hardware and software inventories can be produced automatically by a UEM
solution designed to handle both IT and industrial automation systems.
If you're packing for a summer vacation, you usually make sure you have everything important – Passport? Toiletries? Swimsuit? Check. Diving goggles? Hmmm... they're…
somewhere… so you'll look after locating the easy-to-find things.
Many IT teams take a similar approach when management asks for an IT asset inventory. The easy things are the Windows servers and clients, software licenses and
network devices in use. But the situation gets murkier when it comes to iOS and Android devices, and various systems like the Linux server that
runs the management software for the surveillance cameras.
Adding to the uncertainty is your understanding that colleagues in production are using old out-of-support Windows software on control computers for operational technology
(OT) systems. Those endpoints may as well be on a different planet as far as network visibility is concerned.
Lack of overview increases cyber risks
Such a foggy and fragmented picture of IT and OT assets could soon prove to be just as – or even more – problematic for IT teams as the left-behind gear you needed during
vacation. That's because the requirements of EU's new Network and Information Security directive (NIS2) must be enacted into law in member countries by October.
The background: NIS2 significantly expands IT security requirements defined
in the previous 2016 NIS directive in response to escalating threats and increasing cyberattacks. In many EU states, NIS2 broadens the scope of critical infrastructure to
include companies in essential or significant sectors, extending its reach to organizations in waste management, chemical production, and to digital service providers.
NIS2 requires affected organizations to implement comprehensive cyber risk management, including supply chain security. That means that companies doing business with
organizations explicitly covered by NIS2 also have to demonstrate NIS2 compliance.
First step towards NIS2: Determining the status quo
The first step toward NIS2 compliance is to determine the status of all of your IT assets. That involves identifying all hardware and software in use, assessing associated risks and
implementing appropriate mitigation measures.
Companies that use a Unified Endpoint Management (UEM) solution have a head start. That's because a UEM system includes hardware inventory as well as software asset and license
management. A sophisticated solution such as the baramundi Management Suite (bMS) also covers peripherals, mobile devices, Linux systems and network and mobile devices. In addition, the bMS supports industrial OT systems such as
Siemens SIMATIC controllers and legacy Windows systems running specialized software in production environments.
Asset management paves the way to NIS2 compliance
Comprehensive IT and OT asset management enabled by UEM is a solid departure point for your journey to NIS2 compliance. The bMS also provides essential support for staying on course with
centralized update and patch management, uninstallation of unwanted software, and automatic resetting of endpoints after a cyberattack for faster
resumption of business. That's important because NIS2 requirements include measures to prevent or minimize operational disruptions.
IT teams should start their journey to stronger cybersecurity as soon as possible, not only because of NIS2, but also because of the increasing number of security threats
and costly cyberattacks. The worst-case scenario is that a company is targeted by cybercriminals because it failed to implemented the necessary security measures. Then the situation is
serious. In addition to loss of business data and reputations, there is also the threat of fines. In an emergency, the managers responsible for non-compliance will not be
able to disappear behind the corporate veil – even if they had their passport and travel gear ready to go.
Read more
Between malware and NIS2: improving IT security & compliance
- Tags:
- nis2,
- cybersecurity
Windows 11's new group policies: The benefits for IT admins
- Tags:
- windows11,
- win11