In honor of National Cyber Security Awareness month, we want to talk about the relationship between Software Asset Management (SAM) and cyber security. More specifically, the role that SAM plays when it comes to shadow IT.
Shadow IT is just one way to refer to devices or software outside the ownership or control of an organization’s IT department – so it’s not as scary as it sounds. However, shadow IT can pose a serious security threat when left unchecked.
Shadow IT has been on the rise in recent years due to increasingly popular, easily available SaaS products and common bring your own device (BYOD) practices. It can easily be argued that SaaS and BYOD are good for a company – empowering employees and speeding up processes. In many ways, shadow IT allows a company to stay agile and increases productivity. In fact, Gartner has been saying that it’s time for IT departments to embrace shadow IT and make the best of it.
However, here’s the kicker: having a lot of different software floating around uncontrolled can be an extreme security concern. In 2016, Gartner predicted that about one-third of successful attacks on enterprises in 2020 would be on their shadow IT resources.
Do you see why things get tricky here? Organizations should embrace shadow IT because it empowers employees and makes their jobs easier, but it also exposes organizations to considerable risk. So what’s the solution?
Software Asset Management (SAM)
Good SAM makes controlling shadow IT easier.
A large aspect of SAM is knowing what software and licenses you have and where they’re located. You can’t secure what you don’t know exists – pretty obvious, but a lot of organizations struggle with this (see Equifax 2017). SAM brings together people, processes, and technology across an organization to ensure complete control and visibility into the IT estate.
A mature SAM program brings the right people together. Effectively managing IT across an entire organization requires attention from all departments, and good SAM will have established policies and processes that ensure everyone is on the same page. Staying compliant and secure requires effort from an entire organization and SAM makes that possible. Training and awareness are also key to ensuring everyone works toward a common goal.
Having the right processes in place will mitigate much of the risk of shadow IT. Establishing processes that make purchasing new software quick and easy will give the IT department transparency while still allowing lines of business to stay agile.
Effectively communicating these processes within the organization is essential. Training employees on software purchasing and BYOD protocols will go a long way in reducing shadow IT risks.
In addition to all this, having an effective SAM process allows you to take corrective action as quickly as possible. When vulnerabilities are detected, an automated SAM process allows you to quickly tie software and hardware (like laptops, servers, networking equipment, etc.) to user accounts. This will ensure that no active vulnerabilities go unnoticed or unpatched.
Technology is essential to discovering shadow IT. SAM tools exist for this – they can be a great way to help discover software and hardware assets. This is the first step to enable higher control functions, from information security and business continuity to measuring license consumption vs. entitlement. Some tools have the capability to manage the SaaS deployments within your organization. There are many SAM tools on the market and it’s important that each organization gets the tool that will best cater to its needs. The right SAM tool can make a huge difference when it comes to managing shadow IT.
But, and this a big but, you would be seriously mistaken if you thought that once you’ve installed your SAM tool all your problems will be gone. That’s just not how it works. Unfortunately, too many organizations have been led to believe that a SAM tool is a ‘silver bullet’ that will solve all their problems. That’s simply not true. A tool is just one part, albeit an important part, of SAM and security. Even the fanciest tool will fall flat if it is not a part of the larger SAM picture.
SAM Managed Services
A SAM Managed Service is where the magic really happens. Adding a SAM Managed Service to your arsenal allows you access to experts and technology that will help support you on your security journey. The benefits of a SAM managed service go far beyond the realm of cyber security and combating shadow IT, though that is absolutely an excellent reason for it. Licensing compliance, an optimized IT estate, and potentially huge financial savings are additional reasons for a managed service.
Here at Anglepoint, we know what it takes to build and run successful SAM programs. We’ve helped organizations across the world reap the benefits of mature SAM – whether they started with no SAM program or were already well on their way to maturity. Schedule a time that works for you to talk with one of our experts about what a SAM managed service can do for your company. These consultations are free and focused entirely on your needs.