Cybersecurity has become one of the top concerns for both commercial enterprises and government agencies. In its October 2014 FutureScape for CIO Agenda report, IDC predicted that by 2017, 80% of the CIO’s time will be focused on analytics, cybersecurity and creating new revenue streams through digital services. They also predicted that by 2016, security will be a top 3 business priority for 70% of CEOs of global enterprises.
And this slideshow on Information Management’s website on the Top 10 CIO Priorities for 2015 showed that Security is the number one priority of State CIOs. This is based on the annual survey by the National Association of State Chief Information Officers (NASCIO). Security in the NASCIO case, “covers everything from risk assessment and governance to security frameworks, data protection, training and awareness, and mitigating insider threats. Also, state governments are trying to determine what constitutes “due care” or “reasonable” efforts on security.”
IDC has recently published a research report- IDC PeerScape: IT Asset Management — Practices to Enhance Cybersecurity. In the PeerScape report, IDC uses the example of a world class enterprise to describe 5 best practice processes for IT Asset Management (ITAM) that can reduce business risk associated with cybersecurity. The organization in this case study has more than 50,000 employees and contractors, an annual IT budget of over $500 million, and more than 4000 software titles and versions in use.
In the IDC report, they state that it’s “time to rethink the role and contribution of ITAM to overall IT governance.” The report also provides “actionable guidance in reducing the business risk and increasing the critical knowledge of key applications that are associated with cyber threats as well as resolving critical application downtime.”
The first practice in the IDC report is: Focus ITAM on the Most Immediate Cybersecurity Threats.
The problem they identified is that obsolete IT hardware assets and software that is either end-of-life (EOL) or has not been properly patched and updated represent critical vulnerabilities that expose organizations to cyber attacks. The IDC report cites statistics from the Verizon Data Breach Investigations Report (DBIR) for 2015, which showed that "99.9% of the exploited vulnerabilities were compromised more than a year after the common vulnerabilities and exposures (CVE) was published." And, according to the United States Computer Emergency Readiness Team (US-CERT), as many as 85% of targeted attacks are preventable by applying a security patch. But many enterprises don’t apply available patches in a timely manner according to the HP Security Briefing, Episode 22: The Hidden Dangers of Inadequate Patching (June 2015).
How can Software License Optimization solutions help address these cybersecurity challenges? First, the collection of accurate hardware and software inventory data is critical to understanding what is installed in the IT environment. Tools that can analyze the raw inventory data and accurately identify not only installed software titles, but also versions and editions, are required. Knowing what’s installed and when software products reach end of life enables organizations to either update or remove applications that may present cybersecurity vulnerabilities. These tools also report on unlicensed applications in the IT environment and enable enterprises to remove unauthorized software that may also represent a security risk.
In addition, software asset management and license optimization tools can alert the organization to maintenance contract expiration dates and help avoid lapsed contracts that lead to unpatched software and obsolete hardware. See a couple of examples of the information reported in the management dashboard below.
An enterprise app store that is integrated with the Software License Optimization solution allows organizations to provide end users with a list of authorized hardware devices and software products. This reduces the risk that users will download and install unauthorized applications that may have significant security vulnerabilities.
Another important tool in the enterprise arsenal is one that helps with application rationalization and consolidation. By removing redundant applications, the organization reduces the time and effort required to properly update and patch software, making it easier to ensure that the entire portfolio is up to date.
To learn more about Flexera's FlexNet Manager Suite products and how they aid cybersecurity, please read the datasheet: Cybersecurity Strategy Must Include Software License Optimization.
Attend this webinar: Software License Optimization – Critical to an Effective Cybersecurity Strategy. Bill Keyworth, VP of Research from IDC and author of the IDC PeerScape report, will be our guest speaker.