Reduce risk and costs with software asset management
By Roland Chan, Senior Director, Compliance Programs, BSA | The Software Alliance
Monday, 13 June, 2016
Businesses should mitigate risk by taking full control of their software inventory.
The number of different types of software used in the workplace is growing faster than ever, producing new opportunities and enabling businesses to operate much more efficiently. But, if this critical asset is not managed properly, it can result in risk which could significantly hurt your company.
It's also producing an ever-growing list of security risks for critical systems and data. As cybercriminals routinely seek to find and use vulnerabilities in software, for many, non-compliant software presents an open door for cyber attacks and exploitation from hackers.
Software asset management (SAM) is a vital component of securing an organisation's security architecture. By implementing an efficient SAM program, those responsible for the organisation's software inventory can enhance the security of critical data and systems, pinpointing instances of unsupported applications.
Organisations are dedicating large percentages of their budgets to different types of software. Given this, it makes sense that inefficient software inventory management can lead to a lack of clear understanding of all software assets and whether software is actually being used (or not).
For many organisations, important questions such as whether a licence is current or compliant or not are often overlooked. This often translates into costly penalties during audits if non-compliant software is discovered. In addition, unused software means companies are wasting valuable resources. Indeed, according to IDC FutureScape: Worldwide Software Pricing and Licensing 2016 Predications, software licence complexity will indirectly cost organisations an average 25% of their software licence budget in 2016, with a large portion wasted on unused software.
How to fix the situation? There are four steps.
Step 1: Conduct an assessment. Gather and maintain reliable and consistent data that your business can use to assess whether your software is properly licensed. Find out what software is installed, whether or not it should be there and whether all your users have the correct licences.
Step 2: Align to your business needs. Look at forms of licensing that may be more cost-effective (such as cloud subscriptions); identify possible cost savings (for example, re-using licences, if allowed by the vendor); and make better use of maintenance clauses to ensure you are getting appropriate value for the expenditure.
Step 3: Establish policies and procedures. Ensure that SAM plays a role in the IT life cycle in your business. For ISO-aligned SAM to be effective, the practices need to support the business's IT infrastructure and management needs to support the SAM process. Acquire software in a controlled manner with records to support the choice of platform and the procurement process; deploy software in a controlled manner; remove software from retired hardware and properly redeploy any licences; and routinely install patches and upgrades.
Step 4: Integrate within the business. Ensure that SAM is integrated and supports the entire business. Integrate it into all relevant life-cycle activities within the business, not just IT life cycles; improve on the data management processes build in Step 1; and ensure employees understand the proper use of software and the legal, financial and reputational impact their software-related actions can have on the organisation.
Is the Australian tech skills gap a myth?
As Australia navigates this shift towards a skills-based economy, addressing the learning gap...
How 'pre-mortem' analysis can support successful IT deployments
As IT projects become more complex, the adoption of pre-mortem analysis should be a standard...
The key to navigating the data privacy dilemma
Feeding personal and sensitive consumer data into AI models presents a privacy challenge.