[CyberBank]

Everyone is trying to get a piece of the pie :) trickiest thing right now is defining what an "asset" truly is.

An asset could be ephemeral cloud infrastructure, an uncompiled piece of code, an API endpoint, a server, a compiled application, a third party vendor, a group of microservices, a fax machine, an employee, a filing cabinet with sensitive information, a virtually defined CI/CD pipeline, and a million other things. At what point do you cross line from paranoia to proper asset inventory, tracking, triaging, remediation, etc. How do you find commonality between all of these devices, critical infrastructure, and data?

Bonus points of trickiness, how do you manage inventory when it changes constantly like cloud, like a third party, a web app, etc. Things like certificate management get extremely dicey. Where do you cross the line between data management, asset management, etc. It's currently the most open area of IT and Cyber that there is, and no one, in my opinion, has a grip on it.

[RandomTisk]

I've never even seen a company that properly tracks assets when they're only defined as "servers" and "software packages". The closest I saw with hardware, before virtualization really took over, was when the datacenter wasn't allowed to hand out IP addresses to new servers without them being in the master inventory list. Then virtualization happened and things got bad again. Any company with Devops is going to run into challenges too.