The Impact of 5G Technology on the Internet of Things and Society
Kriativ-tech Volume 1, Issue 11, Edição Nº 11 – 4-12-2025
Authors
Tiago Dias, Student, ISTEC Lisboa - Instituto Superior de Tecnologias Avançadas Lisboa, Portugal
Paulo Duarte Branco, Associate Professor at ISTEC Lisboa, CIAC-PLDIS, ISTEC Lisboa - Instituto Superior de Tecnologias Avançadas Lisboa, Portugal
José Pereira Reis, Invited Assistant Professor at ISCTE
Media
To cite this article
Tiago Dias, Paulo Duarte Branco, José Pereira Reis The Impact of 5G Technology on the Internet of Things and Society
Abstract
The Internet of Things (IoT) and fifth-generation mobile networks (5G) represent two of the most transformative technologies of the 21st century. When integrated, they offer a synergistic foundation for advanced applications in numerous fields, from healthcare to transportation, agriculture, industry, and smart urban infrastructure. IoT enables devices to sense, transmit, and act on data autonomously, while 5G provides the ultra-fast, ultra-reliable, and high-capacity network environment these devices require to function at scale. The confluence of these technologies is driving the emergence of interconnected ecosystems that are reshaping business models, service delivery, and public life. This paper explores the impact of 5G on IoT, assesses their combined influence on society, and discusses both the technological advantages and the risks—particularly in terms of security, privacy, and ethical concerns. Through an in-depth examination of their architectures, capabilities, limitations, and real-world deployments, we conclude that the integration of 5G and IoT holds tremendous potential to revolutionize daily life, but achieving this promise will depend on addressing foundational challenges in regulation, trust, and inclusivity. We evaluate how 5G and IoT together are redefining the digital landscape, while also identifying key challenges that must be addressed for their widespread and sustainable adoption.
Keywords
5G, Internet of Things, security architecture, data ethics, regulatory frameworks, distributed systems, edge computing, trust management
References
Ahad, A., Tahir, M., & Yau, K. (2019). 5G-based smart healthcare network: Architecture, taxonomy, challenges and future research directions. IEEE Access, 7, 100747-100762. https://doi.org/10.1109/ACCESS.2019.2930628
Albadran, S. (2021). Evaluation of development level and technical contribution of recent technologies adopted to meet the challenges of 5G wireless cellular networks. Symmetry, 13(4), 635. https://doi.org/10.3390/sym13040635
Alhayani, B., Kwekha-Rashid, A. S., Mahajan, H. B., Ilhan, H., Uke, N., Alkhayyat, A., & Mohammed, H. J. (2022). 5G standards for the Industry 4.0 enabled communication systems using artificial intelligence: Perspective of smart healthcare system. Applied Nanoscience, 12(4), 2515-2532. https://doi.org/10.1007/s13204-021-02152-4
Attaran, M. (2021). The impact of 5G on the evolution of intelligent automation and industry digitization. Journal of Ambient Intelligence and Humanized Computing, 12(2), 5977-5993. https://doi.org/10.1007/s12652-020-02521-x
Auat Cheein, F. (2020). The role of 5G technologies: Challenges in smart cities and intelligent transportation systems. Sustainability, 12(16), 6469. https://doi.org/10.3390/su12166469
Banik, S., Cardenas, I. S., & Kim, J. H. (2019). IoT platforms for 5G network and practical considerations: A survey. arXiv preprint. https://arxiv.org/abs/1907.03592
Batool, A., Sun, B., Saleem, A. F., & Ali, J. (2021). Convergence of 5G with Internet of Things for enhanced privacy. arXiv preprint. https://arxiv.org/abs/2107.04594
El-Saleh, A. A. (2023). Measurements and analyses of 4G/5G mobile broadband networks: An overview and a case study. Wireless Communications and Mobile Computing, 2023, 6205689. https://doi.org/10.1155/2023/6205689
Ghaffarianhoseini, A. (2024). IoT-enabled smart cities: A hybrid systematic analysis of key research areas, challenges, and recommendations for future direction. Smart Cities, 7(1), 38-64. https://doi.org/10.1007/s44327-024-00002-w
Gohar, A., & Nencioni, G. (2021). The role of 5G technologies in a smart city: The case for intelligent transportation system. Sustainability, 13(9), 5188. https://doi.org/10.3390/su13095188
Hao, Y. (2021). Investigation and technological comparison of 4G and 5G networks. Journal of Communications and Computer, 18(1), 23-28. https://doi.org/10.17265/1548-7709/2021.01.003
Ivanova, E. P., Iliev, T., Stoyanov, I., & Mihaylov, G. (2021). Evolution of mobile networks and seamless transition to 5G. IOP Conference Series: Materials Science and Engineering, 1032(1), 012008. https://doi.org/10.1088/1757899X/1032/1/012008
Kar, S., Mishra, P., & Wang, K. C. (2021). 5G-IoT architecture for next generation smart systems. IEEE Transactions on Network Science and Engineering, 8(4), 2847-2861. https://doi.org/10.1109/TNSE.2021.3118875
Khan, R., Kumar, P., Jayakody, D., & Liyanage, M. (2020). A survey on security and privacy of 5G technologies: Potential solutions, recent advancements, and future directions. IEEE Communications Surveys & Tutorials, 22(1), 196-248. https://doi.org/10.1109/COMST.2019.2933899
Kumari, A., Gupta, R., & Tanwar, S. (2021). Amalgamation of blockchain and IoT for smart cities underlying 6G communication: A comprehensive review. Computer Communications, 172, 102-118. https://doi.org/10.1016/j.comcom.2021.03.005
Lin, X. (2025). 3GPP evolution from 5G to 6G: A 10-year retrospective. Telecom, 6(2), 32. https://doi.org/10.3390/telecom6020032
Moin, S. (2020). Blockchain for 5G-enabled IoT for industrial automation: A systematic review, solutions, and challenges. Mechanical Systems and Signal Processing, 135, 106382. https://doi.org/10.1016/j.ymssp.2019.106382
The Era of Mobile Devices
Kriativ-tech Volume 1, Issue 11, Edição Nº 11 – 04-12-2025
Authors
Geraldo Oliveira Sales Junior, Student, ISTEC Lisboa - Instituto Superior de Tecnologias Avançadas Lisboa, Portugal
Paulo Duarte Branco Associate Professor at ISTEC Lisboa, CIAC-PLDIS
Media
To cite this article
Geraldo Oliveira Sales Junior, Paulo Duarte BrancoThe Era of Mobile Devices
Abstract
The era of mobile devices presents, in chronological order, the technological evolution leading to the current computing configuration as observed at the beginning of the 2020s. Grounded on a literature review, this study highlights the macrostructural events that decisively influenced the development of mobile devices.
Keywords
Mobile devices, History of computing, Technological evolution, Digital mobility
References
Alajrami, S., Romanovsky, A., & Gallina, B. (2016). Software Development in the Post-PC Era: Towards Software Development as a Service (pp. 662–671). https://doi.org/10.1007/978-3-319-49094-6_53
Ali, A. X., McAweeney, E., & Wobbrock, J. O. (2021). Anachronism by Design: Understanding Young Adults’ Perceptions of Computer Iconography. International Journal of Human-Computer Studies, 151, 102599. https://doi.org/10.1016/j.ijhcs.2021.102599
Android - Wikipedia.org. (2024, April 4). Android. https://en.wikipedia.org/wiki/Android_(operating_system)
Apollo Guidance Computer - Wikipedia.org. (2024, April 4). Apollo Guidance Computer. https://en.wikipedia.org/wiki/Apollo_Guidance_Computer
Apple A17 - Wikipedia.org. (2024, April 4). Apple A17. https://en.wikipedia.org/wiki/Apple_A17
BlackBerry - Wikipedia.org. (2024, April 7). BlackBerry. https://en.wikipedia.org/wiki/BlackBerry
Brock, D., & Laws, D. (2012). The Early History of Microcircuitry: An Overview. IEEE Annals of the History of Computing, 34(1), 7–19. https://doi.org/10.1109/MAHC.2011.85
Electronic organizer - Wikipedia.org. (2024, April 4). Electronic. https://en.wikipedia.org/wiki/Electronic_organizer
Ericcsson.com. (2024, March 31). The Lauhrén system. https://www.ericsson.com/en/about-us/history/changing-the-world/small-steps-great-advances/the-lauhren-system
Graffiti (Palm OS) - Wikipedia.org. (2024, April 4). Graffiti (Palm OS). https://en.wikipedia.org/wiki/Graffiti_(Palm_OS)
HEATH, N., & BEST, J. (2011). From the abacus to the iPhone The 50 breakthroughs that sparked the digital revolution (N. HEATH & J. BEST, Eds.). CBS Interactive UK.
History of mobile phones - Wikipedia.org. (2024, April 1). History of mobile phones. https://en.wikipedia.org/wiki/History_of_mobile_phones
iPhone - Wikipedia.org. (2024, April 4). iPhone. https://en.wikipedia.org/wiki/IPhone
iPod - Wikipedia.org. (2024, April 4). iPod. Https://En.Wikipedia.Org/Wiki/IPod.
MackBook Air - Wikipedia.org. (2024, April 4). MacBook Air. https://en.wikipedia.org/wiki/MacBook_Air
Miller, C. (2023). A guerra dos chips: A batalha pela tecnologia que move o mundo (Editora Globo, Ed.; 1a edição). Editora Globo.
Moore, G. (2021). Cramming More Components onto Integrated Circuits (1965). In Ideas That Created the Future (pp. 261–266). The MIT Press. https://doi.org/10.7551/mitpress/12274.003.0027
Motorola DynaTAC - Wikipedia.org. (2024, April 1). Motorola DynaTAC. Https://En.Wikipedia.Org/Wiki/Motorola_DynaTAC.
Qualcomm. (2024, March 30). Our Company. https://www.qualcomm.com/company#about
Samolu, K. (2012). The History of the Abacus. Journal of School Mathematics, 65, 58–66. https://kb.osu.edu/server/api/core/bitstreams/5ec33729-835c-5b97-8993-f6ea84bd7617/content?utm_source=chatgpt.com
Sony.com. (2024, April 7). Personal Audio. https://www.sony.com/en/SonyInfo/CorporateInfo/History/sonyhistory-e.html
United Nations. (2024, April 8). Mais de três quartos da população mundial possuem um telefone celular. https://news.un.org/pt/story/2023/12/1825432
Windows Embedded Compact - Wikipedia.org. (2024, March 29). Windows Embedded Compact. https://en.wikipedia.org/wiki/Windows_CE
Wondery. (2024). Mac vs PC - Podcast Guerras Comerciais. In https://wondery.com/shows/guerras-comerciais/episode/6436-apple-vs-microsoft-podre-ate-o-caroco/. https://wondery.com/shows/business-wars/episode/5296-apple-vs-microsoft-rotten-to-the-core/
Computing Service Models: General Concepts and Differences Among IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service)
Kriativ-tech Volume 1, Issue 11, Edição Nº 11 – 4-12-2025
Authors
Diogo Correia, Student, ISTEC Lisboa - Instituto Superior de Tecnologias Avançadas Lisboa, Portugal
Andreia Teles Vieira, Assistant Professor at ISTEC Lisboa, CIAC-PLDIS
Media
To cite this article
Diogo Correia, Andreia Teles VieiraComputing Service Models: General Concepts and Differences Among IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service)
Abstract
This study focuses on cloud-computing service models, specifically the differences among IaaS (Infrastructure as a Service), PaaS (Platform as a Service) and SaaS (Software as a Service). Cloud computing is a fundamental technology in today’s business environment, offering advantages such as scalability, cost-efficiency and flexibility. The project seeks to demystify each service model by highlighting its unique characteristics and ideal use cases. IaaS provides virtualised infrastructure, PaaS supplies development platforms, whereas SaaS delivers software applications as a service. The aim is to present a detailed analysis that helps readers identify which model best suits their needs, thereby optimising cloud adoption to achieve greater efficiency and innovation in business.
Keywords
Cloud Computing, IaaS (Infrastructure as a Service), PaaS (Platform as a Service), SaaS (Software as a Service), Scalability, Cost Efficiency, On-demand Self-service, Elasticity, and Scaling
References
[1] Braga, A. S., Silva, G. M., & Barros, M. C. (2012). Cloud computing. Instituto de
Computação-Universidade Estadual de Campinas, 18.
[2] Sousa, F. R., Moreira, L. O., & Machado, J. C. (2009). Computação em nuvem: Conceitos, tecnologias, aplicações e desafios. II Escola Regional de Computação Ceará, Maranhão e Piauí (ERCEMAPI), 150-175.
[3] Oliveira Freitas¹, L., & Neto, A. P. F. COMPUTAÇÃO EM NUVEM: UMA BREVE REVISÃO BIBLIOGRAFICA. energia, 3, 12.
[4] Cogo, G. S. (2013). Análise da intenção de adoção da computação em nuvem por profissionais da área de TI.
[5] Mansur, A. F. U., Gomes, S. S., Lopes, A. D. A., & Biazus, M. C. B. (2010, August). Novos rumos para a Informática na Educação pelo uso da Computação em Nuvem (Cloud Education): Um estudo de Caso do Google Apps. In Foz do Iguaçu: Anais do XVI Congresso Internacional ABED de Educação a Distância (p. 35). Sn
[6] McCoy K. (2017) “Target to pay $18.5M for 2013 data breach that affected 41 million consumers”. USAToday, May 23rd 2017 edition, Money section
[7] Oliveira, C., Fambrini, F., de Oliveira, M. G. C., & Moreira, W. (2020). Computação em
Nuvem
Digitalization and digital marketing: the impact on the Portuguese economy
Kriativ-tech Volume 1, Issue 11, Edição Nº 11 – 14-12-2025
Authors
Ricardo Gonçalves, Master in Data-Driven Marketing, with specializing in Marketing Intelligence, ISTEC Lisboa - Instituto Superior de Tecnologias Avançadas Lisboa, Portugal
Media
To cite this article
Ricardo Gonçalves Digitalization and digital marketing: the impact on the Portuguese economy
Abstract
This article is based on a research whose objective was to identify and analyze the evolution of digital and digital marketing, finding explanatory factors, and its impact on the Portuguese economy, as well as to know the current and emerging challenges for Portuguese companies in the digitalization era and its importance for business survival and competitiveness.
The research has shown that technological progress, namely the registered evolution, dissemination and adoption of digital, are fundamental for the competitiveness and survival of companies and for the economic growth of the country.
Keywords
Technology, digital, digital transition, digital marketing, portuguese economy
References
[1] Dias, Jacqueline (2012). The influence of content marketing on consumer behavior: Analysis of engagement in social networks. Dissertation submitted as partial requirement for obtaining the degree of Master in Advertising and Marketing. ESCS-IPL
[2] Gobira, João (2020). Marketing and digital transformation: how does it relate to the new economy? Available at https://www.startse.com/noticia/mercado/marketing-e-transformacao-digital-qual-a-relacao-disso-com-a-nova-economia ; consulted on 08-05-2022
[3] Peçanha, Vitor (2020). What is Marketing: everything you need to know about the art of winning and retaining customers. Available at https://rockcontent.com/br/blog/o-que-e-marketing/; accessed on 10-05-2022
[4] American Marketing Association (?). Definitions of Marketing. Available at https://www.ama.org/the-definition-of-marketing-what-is-marketing/; retrieved on 11-05-2022
[5] Kotler, Philip, et al. (2012). Marketing Management. In MISIS - Interdisciplinary Journal of Philosophy, Law and Economics. São Paulo - Pearson Education. Volume IV, Number 2 (Issue 8), July-December 2016.
[6] Kotler, Milton, et al. (2020). Marketing strategy in the digital age. World Scientific Publishing Co. Pte. Ltd. Singapore
[7] Kotler, Philip, et al. (2021).Marketing 5.0: Technology for humanity, Conjuntura Actual Editora, Coimbr
[8] Coutinho, Rui (2020). A brave new digital world, more human than ever. Available at https://www.pbs.up.pt/pt/artigos-e-eventos/artigos/um-admiravel-mundo-novo-digital-mais-humano-do-que-nunca/; consulted on 12-05-2022
[9] FIA (2021). Digital Transformation: What it is, Key Causes and Impacts. Available at https://fia.com.br/blog/transformacao-digital/; accessed on 12-05-2022
[10] Rabelo, Agnes (2020). Digital Transformation: what is it and what are its impacts on society. Available at https://rockcontent.com/br/blog/transformacao-digital/; accessed on 14-05-2022
[11] Boston Consulting Group (2018). The impact of digital on the Portuguese economy.
[12] Boston Consulting Group (2021). The road to a bionic Portugal: the digital maturity of the business fabric in Portugal.
[13] Gonçalves, João (2021). Technology, Empowerment and Economic Development. In Kriativ-Tech n.9, October
Zero Trust Architecture Overview
Kriativ-tech Volume 1, Issue 11, Edição Nº 11 – 4-12-2025
Authors
Sérgio Pinto, Invited Assistant Professor, ISTEC Lisboa - Instituto Superior de Tecnologias Avançadas Lisboa, Portugal
Abstract
The Zero Trust Architecture (ZTA) represents a significant paradigm shift in network security by moving away from the traditional perimeter-based model. Instead, it follows the principle of “never trust, always verify”, operating under the assumption that threats may originate both inside and outside the network. This shift requires rigorous verification of every user, device, and application requesting access to protected resources, regardless of their location. Consequently, the core elements of ZTA include strict identity verification and context control for every access request. Moreover, ZTA represents a transformative approach to addressing the limitations of traditional security frameworks. By emphasizing continuous authentication, least-privilege access, microsegmentation, and continuous monitoring, it establishes a robust foundation for protecting sensitive information in an increasingly complex threat landscape. As cyber risks evolve, adopting Zero Trust principles will be critical for organizations seeking to safeguard digital assets while ensuring that trust is never assumed but always verified.
Keywords
Cybersecurity, Zero Trust, “Verify, Control and Enforce”, Authentication, Least Privilege, Monitoring, Segmentation.
References
[1] N. Howe, S. Ganguli, and G. Festa, Seven Elements of Highly Successful Zero Trust Architecture: An Architect’s Guide to the Zscaler Zero Trust Exchange. Zscaler, 2024. [Online]. Available: https://info.zscaler.com/resources-ebooks-seven-elements-of-highly-successful-zta
[2] E. Ok, J. Willams, and J. Nicee, “Understanding Zero Trust Architecture,” 2025. [Online]. Available: https://www.researchgate.net/publication/389713227_Understanding_Zero_Trust_Architecture
[3] O. E. Ejiofor, O. Olusoga, and A. Akinsola, “Zero Trust Architecture: A Paradigm Shift in Network Security,” Computer Science & IT Research Journal, Apr. 2025. [Online]. Available: https://www.researchgate.net/publication/390558157_Zero_trust_architecture_A_paradigm_shift_in_network_security
[4] O. Christopher, T. Tenebe, E. Etu, A. Ayuwu, J. Emakhu, and S. Adebiyi, “Zero Trust Architecture: Trend and Impact on Information Security,” International Journal of Emerging Technology and Advanced Engineering, 2022. [Online]. Available: https://www.researchgate.net/publication/361758378_Zero_Trust_Architecture_Trend_and_Impact_on_Information_Security
[5] National Institute of Standards and Technology (NIST), Zero Trust Architecture, NIST Special Publication 800-207, 2020. [Online]. Available: https://csrc.nist.gov/pubs/sp/800/207/final
[6] J. Keshav, “Zero-Trust Security Models Overview,” 2023. [Online]. Available: https://www.researchgate.net/publication/377247838_Zero-Trust_Security_Models_Overview
[7] D. Holmes, “The Definition of Modern Zero Trust,” Forrester, 2022. [Online]. Available: https://www.forrester.com/blogs/the-definition-of-modern-zero-trust/
[8] J. Hietala, “Zero-Trust Architecture: Why Trusting No One Is a Smart Way to Protect Your IT Infrastructure,” Red Hat, 2022. [Online]. Available: https://www.redhat.com/architect/zero-trust-architecture
[9] Zscaler site, available: https://www.zscaler.com/resources/security-terms-glossary/what-is-zero-trust-architecture
[10] Cloudflare site, available: https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/
[11] Crowdstrike site, available: https://www.crowdstrike.com/en-us/cybersecurity-101/zero-trust-security/zero-trust-architecture/
VI Abbreviations
AI: Artificial Intelligence
IdP: Identity Provider
IAM: Identity and Access Management
IoT: Internet of Things
OT: Operational Technology
NIST National Institute of Standards and Technology
SSL/TLS:Secure Socket Layer / Transport Layer Security
VM: Virtual Machine
ZT: Zero Trust
ZTA: Zero Trust Architecture
Demystifying Platform Engineering: A Study from Theory to Practice
Kriativ-tech Volume 1, Issue 11, Edição Nº 11 – 4-12-2025
Authors
Tiago Arrulo, Student ISTEC Lisboa
Paulo Duarte Branco, Associate Professor, ISTEC Lisboa, CIAC-PLDIS
Media
To cite this article
Tiago Arrulo, Paulo Duarte Branco Demystifying Platform Engineering: A Study from Theory to Practice
Abstract
The increasing complexity of the modern software development landscape has motivated organizations towards Platform Engineering, as a structured approach to enhance development workflows, improve system reliability and accelerate software delivery. This article provides an analysis of Platform Engineering, exploring its theoretical foundations, benefits and challenges. Using both quantitative data from industry surveys and qualitative data gathered from interviews with industry professionals, the article highlights how Platform Engineering improves developer experience, boosts team productivity and delivers business value. Real-world examples, including a case study from the UAE, reinforce the practical implications of adopting platform-centric strategies. Finally, the study highlights that while Platform Engineering presents organizational benefits, its successful implementation requires significant investment, cultural shifts and strategic alignment between technological capabilities and organizational practices.
Keywords
Developer Experience, Internal Developer Platform, Platform Engineering
References
[1] E. Bottcher, “What I Talk About When I Talk About Platforms.” Accessed: Dec. 15, 2024. [Online]. Available: https://martinfowler.com/articles/talk-about-platforms.html
[2] C. Fournier and I. Nowland, Platform Engineering: A Guide for Technical, Product, and People Leaders, 1st Edition. O’Reilly Media, 2024.
[3] R. Van De Kamp, “Paving the path towards platform engineering using a comprehensive reference model,” 2023. [Online]. Available: http://www.software-engineering-amsterdam.nl
[4] “Platform Engineering That Empowers Users and Reduces Risk.” Accessed: Dec. 14, 2024. [Online]. Available: https://www.gartner.com/en/infrastructure-and-it-operations-leaders/topics/platform-engineering
[5] “Platform tooling landscape.” Accessed: Dec. 15, 2024. [Online]. Available: https://platformengineering.org/platform-tooling
[6] “The State of Platform Engineering Report 2023,” 2023. Accessed: Dec. 14, 2024. [Online]. Available: https://www.puppet.com/resources/state-of-devops-report
[7] M. Campbell, “Platform Engineering Challenges: Small Teams, Build Versus Buy, and Building the Wrong Thing.” Accessed: Jan. 06, 2025. [Online]. Available: https://www.infoq.com/news/2023/02/platform-engineering-challenges/
[8] “Challenges of platform engineering and potential risks.” Accessed: Jan. 06, 2025. [Online]. Available: https://www.stackspot.com/en/blog/challenges-of-platform-engineering-and-potential-risks
[9] “2024 State of DevOps Report: The Evolution of Platform Engineering,” 2024.
[10] “Accelerate State of DevOps 2024,” 2024.
[11] M. El Khatib, H. Alawadhi, and M. Al Mansoori, “Platform Engineering in Manufacturing: Role, Effect, Challenges and Opportunities,” International Journal of Business Analytics and Security, vol. 4, no. 2, p. 2024, doi: 10.54489/ijbas.v4i2.364.
[12] V. Kunchenapalli, “Good Developer Experience with Platform Engineering and Devops,” Int J Res Appl Sci Eng Technol, vol. 12, no. 3, pp. 2240–2244, Mar. 2024, doi: 10.22214/ijraset.2024.58839.
Attack surface management (ASM): Strategic pillar of modern cybersecurity operations
Kriativ-tech Volume 1, Issue 11, Edição Nº 11 – 14-12-2025
Authors
Ivo Ricardo Dias Rosa, Invited Assistant Professor, ISTEC Lisboa - Instituto Superior de Tecnologias Avançadas Lisboa, Portugal
Media
To cite this article
Ivo Ricardo Dias Rosa Attack surface management (ASM): Strategic pillar of modern cybersecurity operations
Abstract
In an increasingly dynamic digital landscape, the expansion of the attack surface has become one of the foremost challenges for modern cybersecurity. Traditional perimeter-based defense models are no longer sufficient in the face of distributed digital assets, widespread cloud adoption, and the proliferation of connected devices. In this context, Attack Surface Management (ASM) emerges as a strategic pillar, enabling organizations to adopt a proactive stance in identifying, monitoring, and mitigating cyber risks. This article explores the core principles of ASM, outlining key categories of the attack surface and addressing both EASM (External Attack Surface Management) and CAASM (Cyber Asset Attack Surface Management) approaches. Strategic benefits—such as continuous visibility, integration with Security Operations Centers (SOCs), and risk-based prioritization—are discussed, along with technical and operational challenges tied to ASM implementation. Practical use cases and performance indicators are presented to support effective exposure management. Ultimately, ASM is positioned as a cybersecurity maturity accelerator, essential for building a resilient and adaptive security posture aligned with regulatory demands and business continuity imperatives in an ever-evolving digital ecosystem.
Keywords
Attack Surface Management (ASM), External Attack Surface Management (EASM), Shadow IT, Threat Intelligence, Risk-Based Prioritization, Cybersecurity Maturity, CI/CD Security, Security Operations Center (SOC), Exposure Management, Regulatory Compliance.
References
[1] M. C. Montoya, D. C. Yates, and P. N. Otto, “Managing Your Digital Attack Surface,” ISACA Journal, vol. 4, pp. 1–5, 2021.
[2] Gartner, “Market Guide for Attack Surface Management,” Gartner Research, 2021.
[3] S. Adair and C. Hessel, “Seeing Your Organization Through the Eyes of an Attacker,” Dragos White Paper, 2020.
[4] ENISA, “Threat Landscape for Attack Surface Management,” European Union Agency for Cybersecurity, 2023.
[5] Palo Alto Networks, “Understanding EASM: External Attack Surface Management,” Palo Alto Whitepaper, 2022.
[6] Rapid7, “InsightVM and ASM Integration Guide,” Rapid7 Documentation, 2021.
[7] M. Curphey, “DevSecOps and ASM Automation,” OWASP Global AppSec, 2020.
[8] Trend Micro, “ASM with API-first Security Architecture,” Trend Micro Blog, 2021
[9] BitSight, “Security Ratings vs. Attack Surface Management: Understanding the Differences,” BitSight Whitepaper, 2022.
[10] Randori, “Real-Time Visibility with ASM,” Randori Attack Surface Report, 2021.
[11] SecurityScorecard, “How Security Ratings Complement ASM,” SecurityScorecard Insights, 2021.
[12] Recorded Future, “Dark Web Monitoring for ASM,” Recorded Future Intelligence Report, 2020.
[13] Forescout Technologies, “Visibility and Control of OT and IoT Assets,” Forescout Whitepaper, 2022.
[14] IBM, “Zero Trust and Endpoint ASM,” IBM Security Report, 2021.
[15] McAfee, “Shadow IT: A Growing Risk,” McAfee Threats Report, 2020.
[16] SANS Institute, “Prioritizing Risk in Attack Surface Management,” SANS White Paper, 2022.
[17] FireEye, “Threat Intelligence for ASM,” FireEye Threat Research, 2021.
[18] Proofpoint, “ASM and Credential Phishing Trends,” Proofpoint Quarterly Report, 2022.
[19] Splunk, “ASM Data in SIEM/SOAR Workflows,” Splunk Security Essentials, 2021.
[20] ISO/IEC, “ISO/IEC 27001:2022 - Information Security,” ISO Standard, 2022.
[21] GitLab, “Shift Left with DevSecOps and ASM,” GitLab DevSecOps Handbook, 2021.
[22] Gartner, “Continuous Threat Exposure Management: A New Framework,” Gartner Report, 2022.
[23] Tenable, “Managing False Positives in ASM,” Tenable Blog, 2021.
[24] Cisco, “ASM Integration Challenges,” Cisco Cybersecurity Series, 2020.
[25] Forrester, “The Limits of Attack Surface Visibility,” Forrester Consulting, 2021.
[26] Netskope, “Discovering Shadow IT Assets,” Netskope Cloud Report, 2020.
[27] Check Point, “Identifying Shadow Cloud Instances,” Check Point Research, 2021.
[28] OWASP, “API Security Top 10,” OWASP Foundation, 2023.
[29] Deloitte, “Cyber Due Diligence in M&A,” Deloitte Insights, 2021.
[30] Bugcrowd, “Zombie Servers and Forgotten Assets,” Bugcrowd ASM Report, 2022.
[31] Axonius, “Asset Inventory Metrics for ASM,” Axonius Tech Brief, 2021.
[32] Gartner, “KPIs for ASM Platforms,” Gartner Research Note, 2021.
[33] Mandiant, “Measuring Exposure Time in ASM,” Mandiant Threat Report, 2022.
[34] ServiceNow, “CMDB Integration with ASM,” ServiceNow Whitepaper, 2021.
[35] Qualys, “Unmanaged Asset Discovery in ASM,” Qualys Whitepaper, 2021.
[36] NIST, “Cybersecurity Framework Implementation Tiers,” NIST CSF, 2020.
[37] ISACA, “Bridging the Gap between IT and Security,” ISACA Cyber Leadership Study, 2022.
[38] CrowdStrike, “Feeding ASM with Endpoint Intelligence,” CrowdStrike Tech Blog, 2021.
[39] Gartner, “Maximizing ROI from ASM Investments,” Gartner Strategic Planning Assumptions, 2021.
[40] Accenture, “ASM Maturity Assessment Framework,” Accenture Cyber Strategy, 2022.
[41] Microsoft, “ASM and Adaptive Security Architecture,” Microsoft Security Blog, 2022.
[42] World Economic Forum, “Cybersecurity Leadership and Communication,” WEF White Paper, 2021.
[43] KPMG, “Cyber Resilience in a Digital World,” KPMG Security Insights, 2022.