By Matthew Poulter, SAM business manager at First Technology National
Today’s businesses run on software, which make them a soft target for cybercriminals. However, many organisations don’t even have a complete view of what software they have within their organisation. The intangible nature of software makes it a tricky asset to manage and maintain.
Software can be vulnerable for many reasons. The major vendors spend a substantial amount of time and resources updating software to reduce vulnerabilities. This, in conjunction with security solutions such as antivirus and anti-malware, can be a very good defence against cybercrime.
Unfortunately, organisations often don’t have a comprehensive view of their software estate and therefore cannot identify whether there are vulnerabilities in their infrastructures. In some cases where computers are not correctly configured as part of an organisation’s infrastructure, software can go undetected and fall outside of the scope of IT security, leaving the business vulnerable.
A Software Asset Management (SAM) practice looks at all the software, across all computers of all users within an organisation. The visibility this affords an organisation gives them the ability to identify if there are any obvious risks. This can include out of date or un-patched software and computers that are not covered by antivirus and password policies.
It’s easy for businesses to forget that they still have older Operating Systems (OS) in their organisation, and they may fail to keep these secured and updated.
To help identify and address risks, SAM takes a common-sense approach to security, working alongside the business’s security department. SAM can help a business employ best practices to align with security policies and maintain overall security of the business.
SAM is not done in isolation and leverages a framework of best practices which look at the business’s software from a holistic point of view, tying it in to various other aspects of the business. Ideally, businesses should work alongside SAM partners to facilitate improved software management which has a knock-on benefit to security and compliance.
Avoiding the impact
All it takes is a single-entry point into a network via an unprotected piece of software to decimate an entire business’s IT environment. Businesses should take precautions to ensure they not only know what software they have, but also that it is adequately protected.
Often, it’s a relatively simple fix, one which can be identified and implemented once a SAM cybersecurity assessment is completed.