Ghosts, zombies, and shadows are not just the stuff of spooky movies and Halloween haunts. These descriptors pop up across several asset management categories: “ghost assets,” “zombie assets,” and “shadow IT” being familiar terms.
In physical asset/inventory management, a ghost asset is “an asset that you no longer have access to at your business, but which is still shown as an active and available asset on your register or in your asset management system.”
In IT asset management, ghost assets are “devices whose purpose withered and passed on some time ago but were not removed or repurposed.” Or, alternatively, “a ghost asset is a piece of hardware that goes missing from your organization’s radar – never to be seen again.”
So is a ghost asset something that no longer exists, something that’s missing, or something that exists but isn’t being used? The only thing that’s clear is that there’s no single definition of “ghost assets”.
So what about cybersecurity? Do security practitioners need to worry about “ghost assets” too? They certainly sound scary - but how should cybersecurity teams define ghost assets?
Ghost assets in cybersecurity: A definition
In cybersecurity, ghost assets are assets that exist in your environment that you can’t see. They may be invisible because of an incomplete, out-of-date asset inventory, or be the result of shadow IT. Regardless of where they came from, they lurk in your environment and can create new, dangerous vulnerabilities without you being aware.
What do ghost assets cost you?
In the Total Economic Impact study JupiterOne recently commissioned from Forrester, the analysts listed several core challenges they found JupiterOne customers faced prior to implementing the JupiterOne CAASM solution, and one of these challenges was directly related to this issue of ghost assets. They wrote,
“Critical processes lacked standardization in key areas, particularly related to data hygiene, risking myriad “ghost assets” lurking in the cloud, costing the organizations money while adding to their risk profiles.”
Ghost assets pose a number of very real cybersecurity problems, including but not limited to:
- Undetected vulnerabilities and attack paths that you’re not aware of until it’s too late
- Compliance issues that arise when you can’t track down every asset, or an auditor notices one before you do
- Identity and access risks from failing to decommission accounts and devices when an employee leaves or is terminated
Forrester reported in the Total Economic Impact report for JupiterOne that, “With JupiterOne, the composite organization decommissions ghost assets and thereby neutralizes the potential risk of ungoverned assets, [and]...avoids almost $2.4 million in security risk and balance sheet inefficiencies.”
How to find (and bust) asset 'ghosts'
Ghost assets are a real cybersecurity problem. How do we find and bust them? You’ll need to identify ghost assets in your environment first in order to address them and neutralize the risk they pose.
The simplest way to get full visibility into your cyber assets is with a cyber asset attack surface management (CAASM) platform. CAASM tools (like JupiterOne) integrate with your CSPs (like AWs, Azure, GCP)”, Vulnerability Management, and IAM tools, aggregate asset data from all of those sources, then normalize that data so you can get a complete asset inventory and status.
The best CAASM platforms will also give you visibility into asset relationships, so you have complete context around not only what is in your environment, but what is truly critical to prioritize, monitor and maintain.
A CAASM solution will also ensure your asset inventory is always up to date, so once you’ve completed your “ghost busting” mission, you can rest assured that no more ghost assets will lurk undetected for long.
To learn more about CAASM and how JupiterOne can help your organization gain visibility into your cyber asset universe, watch a demo here.
Happy ghost busting!