The Year Ahead for Software Asset Management (2017)

It’s a new year! Welcome to 2017. What will it bring? Here are a few thoughts on trends that will impact Software Asset Management (SAM) teams this year.

The Cloud (of course)

The cloud computing trend continues, with some new developments such as the concept of the “multi-cloud” approach, wherein enterprises can reduce costs by using multiple cloud vendors. According to this article on CIO.com, 451 Research says that “enterprises can cut direct cloud expenditure by up to 74 percent with a multi-cloud approach.”

In the same CIO.com article, hybrid cloud is also discussed and they mention the 2016 partnership between Amazon Web Services (AWS) and VMware. This partnership gives AWS access to hybrid cloud capabilities and helps them compete in this arena with Microsoft Azure. Microsoft will be coming out with its Azure Stack offering this year, too. This is “a new hybrid cloud platform product that enables you to deliver Azure services from your own datacenter.” And, Oracle has come out with their Oracle Cloud Machine. A Constellation Research blog says “Oracle in March rolled out Cloud Machine, a hardware appliance implemented behind customers’ firewalls, running application workloads using the same software stack that powers Oracle’s public cloud, with subscription-based pricing.”

As part of Microsoft’s licensing changes announced in 2016 (also discussed in the Constellation Research blog mentioned above), they raised the minimum threshold for Enterprise Agreements to 500 users/devices, up from 250.  Companies that don’t meet that minimum are being directed to two newer, more flexible licensing programs: Microsoft Products and Services Agreement (MPSA) and Cloud Solutions Provider. Per the Constellation blog, Cloud Solutions Provider is “a partner-driven program aimed at helping Microsoft’s massive reseller community sell its cloud services to SMEs while providing a local “face” for IT support.”

There are a number of different cloud services models, including Infrastructure as a Service (IaaS), platform as a service (PaaS) and software as a service (SaaS), as well as public, private and hybrid clouds as discussed above.

A recent IDG Enterprise 2016 Cloud Computing Survey showed that the average company plans to devote 28% of its IT budget to cloud computing in the next 12 months. Enterprise organizations (those having more than 1000 employees) plan to invest an average of $3.04 million in cloud services. Overall, companies anticipate having 60% of their total IT environment in public, private, and hybrid clouds by 2018, according to the IDG report.

According to the survey report, the average company plans to allocate 45% of its cloud budget to Software-as-a- Service (SaaS), 30% to Infrastructure-as-a-Service (IaaS), 19% to Platform-as-a-Service (PaaS), and 6% to other as-a-service models such as Backup-as-a-Service and Storage-as-a-Service. (See table below).

IDG Enterprise 2016 Cloud Survey Results Nov16

How does all of this impact Software Asset Management?

Each of the different cloud services presents its own challenges. SaaS applications reduce license compliance and audit risk but often increase the risk of overspending. SAM teams must monitor usage and have efficient processes in place to ensure that the right subscription level is in place for each user and that licenses are reclaimed and reallocated when users leave or change job functions.

Public cloud (IaaS) services such as Amazon Web Services (AWS) also require careful management to control costs and maximize utilization of your cloud instances. This is another area where SAM teams should take charge and provide this oversight. Tools that can aggregate the data across multiple AWS accounts and report cost and utilization of cloud instances can help you contain costs.

Public and hybrid cloud environments also require SAM and IT Procurement teams to understand their license mobility rights and vendor Bring Your Own Software and License (BYOSL) programs. These tell you whether you can move your existing on-premises enterprise software to the cloud.

Resources on Cloud related topics:

Read our whitepaper: Maximizing Value in Software and Cloud Services Procurement

Webinar with Duncan Jones of Forrester: Making the Move to SaaS: The Commercial and Licensing Implications

Webinar with Carla Arend of IDC: Digital Transformation, Cloud Adoption and the Impact on SAM and Security

View our on-demand webinar: What’s New in FlexNet Manager Suite 2016 to learn about managing Office 365 subscriptions.

Webinar with R ‘Ray’ Wang of Constellation Research: Getting Your Arms around the Cloud

 

Security

Cybersecurity risk is right near the top of the list of CIO concerns, as noted by this ZDNet article: What’s top of mind for the CIO as 2017 looms. The article lists: “Worries about cybersecurity, including a potentially career-ending public hack. This has become a top concern to the extent that some IT management surveys put it at the very top of the spending list.”

What role does the SAM team play in security?

For starters, the SAM team has the normalized software inventory data that is the foundation of the part of your security initiative that is focused on software vulnerabilities. These software vulnerabilities are one of the primary “attack vectors” for hackers. Thousands of software vulnerabilities are uncovered each year—there were more than 16,000 in 2015. The normalized software inventory data can be correlated with known software vulnerabilities from the Secunia Research database to uncover the vulnerabilities in your IT environment. These vulnerabilities can be prioritized to allow your organization to remediate the most critical ones first, reducing your security risk.

The Software Vulnerability Management Lifecycle:

SVM Lifecycle Jan17

The 2015 Verizon Data Breach Report stated that 99.9% of exploited vulnerabilities were compromised more than a year after the vulnerability (CVE) was published. Security patch management tools ensure that available patches are applied in a timely manner to improve your security posture.

Software Asset Management teams also have other means to improve security. These include having the visibility into licensed and unlicensed (aka “pirated”) software in the environment. A 2015 IDC report showed a strong correlation between unlicensed software and malware encounter rates—see figure below.

IDC Unlicensed SW correlation to Malware 2015 v2

In addition, SAM teams can have visibility into authorized and unauthorized software in the IT environment and can take action to remove unauthorized software, such as games and file sharing programs. This further reduces the attack surface for hackers and cyber criminals.

Unauthorized Software Jan17

The use of an enterprise app store reduces the likelihood that unauthorized software will be introduced into your IT environment by making it fast and easy to get only authorized software. Gartner predicted that by this year (2017), “25% of enterprises will have an enterprise app store for managing corporate sanctioned apps on PCs and mobile devices.”

Rationalization and consolidation projects that find and remove redundant, obsolete and unused applications improve security by reducing the software footprint, which also reduces the attack surface for hackers.

Resources for SAM and Security:

Webinar: Play Defense – Reduce Security Risk with SAM and Software Vulnerability Management

Upcoming webinar (January 19th): SAM and Security Teams Must Join Forces to Enhance Security

Whitepaper: Normalized Software Inventory Data: The Foundation for Software Asset Management, IT Service Management, and Security

Vulnerability Intelligence Manager

To learn more about Flexera’s enterprise solutions for Software License Optimization, cloud infrastructure management, and Software Vulnerability Management, please visit our website.

 

Categories: General, SAM and Security, Software license optimization

Leave a Reply

Your email address will not be published. Required fields are marked *