A colleague passed me a Wall Street Journal CIO Network report with the lead story titled, “Cyber security in the Wake of Sony”. While reading, I winced at the line when the attendees were asked the question, “who [here] hasn’t been hacked.” Only one hand went up, and that CIO got a lot of skeptical looks. In light of recent cyber security breaches, I would have also looked at that CIO with a skeptical eye too.
Each one of these cybersecurity breaches of recent past involved different entry points (which makes addressing cyber security even more challenging), but there are steps that organizations can and should take to minimize those entry points. I want to focus on one of those entry points as it is something that can be done before a breach, and perhaps save money at the same time.
Recently, the 1E IT Financial Analyst team published a study which analysed data from over 1.8m desktops across 74 companies. I was astonished to learn that, on average, more than a quarter of installed software is not being used. If the software has not been used, one has to wonder if it’s been updated with patches and updates to help ensure security. Further, from past life, if the software is unauthorized (illegal), it has a greater likelihood of being infected with malware creating even more possible entry points, according to a study done by the University of Singapore and IDC.
But how does this relate to ITAM? I believe there are three reasons:
- Cybersecurity is everyone’s job. Those in ITAM need to be vigilant and ensure that their software is both legal (to stop possible entry points from malware) and updated with the latest patches and updates. This can only be done if you have processes in place to ensure a full and accurate accounting of what is installed across all of your devices.
- Look for opportunities to lessen the risk. Is all of the software installed across your network actually being used? If not, there are tools like AppClarity that will provide this information and give you options on ways to remove it. Further, can you reduce the number of vendors in your organization. Doing this allows you to lessen the number of different applications that need to be updated with patches/updates.
- Establish policies and procedures – and verify they are working. All too often, policies are created and forgotten about. If a policy was established, it was done for a reason (at least at the time). If the policy is in place, test it to see that it is doing what it was designed for. If not, you know what to do. If you find the policy is out of date, fix it. Be a change agent – reduce the risk.
I don’t mean to suggest that dealing with cybersecurity challenges can always be overcome solely with effective IT Asset Management, but it certainly reduces the size of the hole that is probably already in your organization. Reducing the size of the cybersecurity hole equates to reducing risk. Further, knowing what you have installed, and are actually using, can also save money. These seem like wins to me. IT Asset Managers should challenge themselves to add this to their remit (if not already done so) and track and report these wins which any CIO (well, maybe not the one who did not raise his hand) will want to see.