By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

What is CAASM - And Does Your Business Need It?

Posted by
James Mignacca
Published on
April 21, 2022

As a cybersecurity or IT professional, you’ll know that the industry’s alphabet soup is a running joke. But in truth, the ‘soup’ is necessary. The threat landscape changes every day, and so must the security industry and its best practice guidance.

According to a recent report from Accenture, 63% of high-growth companies have adopted a work-from-anywhere model. Workplace definitions are changing while inadvertently hyper-expanding the workplace risk surface.

Traditional data protection focuses on a business’s perimeter and the assets (hardware and software) that operate within its “walls.” Yet today’s borderless workplaces mean the perimeter no longer exists, and an almost limitless attack surface exists.

Distributed workforces and a greater reliance on connected devices and cloud services mean that sensitive data is everywhere. Without visibility, data becomes more vulnerable to attack. Add data sprawl to the mix, and suddenly businesses face a challenge that traditional security technology wasn’t designed to fix.  

Falling into the CAASM

Last year Gartner identified Cyber Asset Attack Surface Management as an emerging technology in its 2021 Gartner Hype Cycle for Security Operations.

By definition, CAASM technology “enables organizations to see all assets (both internal and external) through API integrations with existing tools, query against the consolidated data, identify the scope of vulnerabilities and gaps in security controls, and remediate issues.”

By translation, this technology proposes to fix a challenge that many businesses face: gaining and maintaining complete visibility into all assets used by the company – and through a single pane of glass.  

At a granular level, every hardware, software or cloud-based asset is as valuable as the data it contains. And in today’s world, every asset collects, shares and stores sensitive structured and unstructured data types that elevate cyber risk.

As a category, CAASM exists because of the rapidly changing threat landscape and the importance of having a hardy security posture. Whether you’re a large enterprise or a midsized business playing catch up, the question becomes: how do you ‘do’ CAASM?  And do you need yet another solution to achieve it?

Read the full article from Spiceworks here.