The growing reliance on technology has led to an increase in the risk of a cyber security breach. Ninety-one percent of businesses worldwide experienced a security breach in the past 12 months, while Gartner predicts that worldwide security spending will increase to $96 billion by the end of 2018, an increase of eight percent . Although managing cyber-risk is complex, implementing effective processes and controls to manage your software assets throughout their lifecycle is a crucial first step, as is ensuring that software is both genuine and properly licensed.
Poor management of IT assets, particularly software, can have significant consequences. A BSA study conducted by IDC found that there is a strong positive correlation (0.79) between the presence of unlicensed software and the likelihood of encountering malware.
While most businesses try to do the right thing, cost pressures can make it very tempting to cut corners by buying un-licensed software or subscribing to a cheap cloud service from a vendor which might not last the distance.
The use of unlicensed software means organisations can be subject to significant fines, while engaging a cloud service with little thought to the vendor’s own cyber-security capabilities or long-term business viability can lead to major headaches if the vendor experiences a security-breach or goes out of business, taking all your data with it.
But above all, the threat of a breach of personal data can have the most severe consequences. Under the EU’s General Data Protection Regulation (GDPR) failure to protect personal data can lead to fines of up to €20m or 4% of turnover (whichever is highest); not to mention the possibility of being named and shamed in the press.
So, we have a perfect storm of businesses buying IT themselves but not having the skills or knowledge to manage it effectively, with the result that they put themselves – and their customers – at risk.
Building IT expertise in-house can be too costly for many, which is why having a clear approach to how you buy and manage any sort of technology is critical. When it comes to software and cloud services, that means implementing Software Asset Management (SAM), a holistic approach to managing your software and cloud assets so that you are getting the most out of them, while remaining license-compliant and minimising security and other risks.
To implement SAM, as with any sort of management system, you need a clearly defined approach. That’s why we’ve devised the SAM SME blueprint, based on the Deming Cycle, to help you “plan, do, check and act” (PDCA) to implement the processes and controls required to manage software and cloud services within your organisation.
At some point you may find your business imperatives have changed, your business has grown, or increasingly complex technology requires a major overhaul of how you manage your software and cloud services. At this point, go back to the Plan stage and update your organisational objectives and devise a new roadmap to achieve them.
Our SAM Guide will help you think through what is needed to implement SAM, so you can stay on track for success.