Every computer in the world has unused applications. In your personal computer, these may have been bundled with the new machine purchase, or free trials that you never tried. This unused software probably has not been patched or upgraded, meaning that your PC is vulnerable to exploits.
A large organization or enterprise can have thousands of computers, many or all of which may have unused software. Now, the vulnerability risk is compounded exponentially. Besides the threats to potential exploits, unused software can be expensive.
Many companies have no defined process to determine if the existing installed base of applications are being used. When a user requests an application, additional licenses are purchased and the software installed. Some of these users only need the application for a specific project or a period of time. When the software is no longer needed, the lack of usage monitoring and reclamation process results in a large installed base of unused software. Constantly buying more software in the absence of a well-defined SAM program constitutes a huge unknown risk and expense for an enterprise.
This is a risky business.
Updating software though the deployment of patches can be a massive undertaking in so many organizations. It is a time-consuming and repetitive task that can just add additional issues.
Often, an enterprise will not first analyze the environment to determine the relevance of the applications that require patches on each device. They are reactive, continually pushing out patches to all applications including any that are unused, because it just easier to patch everything. This really just shifts the risks and creates additional burdens to the Help Desk, as they are now tasked with troubleshooting any issues caused by the deployment of those patches.
A far more effective method is to take a proactive approach towards vulnerability management. This begins by first, reducing the attack surface by uninstalling unused applications from devices in the environment. Next, IT can deploy software patches for the applications that are currently in use. But even a proactive approach can be a resource intensive process without the right tools.
Fortunately, Flexera has two solutions, App Portal and FlexNet Manager® Suite for Enterprises that integrate with a deployment system such as Microsoft® System Center Configuration Manager (ConfigMrg / SCCM) to effectively address the unused-software-uninstall challenge. The solution provides two methods for software reclamation:
- User driven – a user is notified to uninstall or keep software that has met an unused software threshold, for instance 90 days or 120 days. After a grace period for the user to respond the policy can be configured to force uninstallation.
- Admin driven – the administrator can configure the solution to immediately and silently uninstall the software from a user’s computer when the unused software threshold is met
A manual software reclamation campaign is possible, but it is time-consuming and resource intensive. Streamlining and automating a software reclamation process is just one of the many benefits of the Flexera Software and Cloud Optimization Solutions. Other benefits include software license optimization, and self-service software request with license reservation, approvals and procurement.
For more information about how you can reduce the risky business of not managing your applications be sure to read the White Paper Best Practices for Governance and Compliance using an Enterprise App Store.