The influx of IoT (Internet of Things) and connected devices will continue to introduce new demands on IT departments globally. Software Asset Management (SAM), IT Service Management (ITSM) and GRC (Governance, Risk Management and Compliance) have already emerged as key components of IT Asset Management (ITAM) today. Challenges will evolve as security and new compliancy rules continue to challenge the landscape.
CIOs of the largest Fortune 500 enterprises are quickly realizing how the alignment and management of an enterprise’s assets have helped to become the backbone of the modern business. ITAM has provided them with a proactive approach to streamlining business processes.
For example, a BDNA survey of IT professionals found more than 61 percent of companies were audited within an 18 month period last year. ITAM professionals are well-aware that while environments are dynamic and changing all the time, having visibility of their inventory for any given time enables them to keep costs aligned. It helps to identify license usage to ensure organization are not left paying high penalties or true-up costs to vendors. It shortens vendor audit cycles. ITAM enhances an organization’s procurement process, by enabling an organizations with better negotiation power with suppliers. And overall, it provides greater insight and transparency into IT spend.
However, in today’s world of Bring Your Own Device (BYOD) policies and mobile devices, security is quickly coming to the forefront as a key component for ITAM. With an ITAM program in place, the expectation is that any rogue or unapproved software introduced into an organization should potentially render itself through the ITAM process. ITAM becomes a key security tool for identifying rogue software.
But security vulnerabilities don’t end with only the identity of rogue software. Authorized and approved software can be rogue as well. For example, software that has been defined as having an end-of-support (EOS) date opens the door for a security threat. A software component with no software support can be easily attacked and used as gateways for new cyberattacks, because the attackers know no one is maintaining that software to protect it against new threats. Compounding that vulnerability of authorized and approved software is software that has reached its end-of-life (EOL). In the same manner as EOS software, EOL software is an open invitation to cyber attackers.
Rogue software is quickly gaining the attention of those responsible for IT security. Those experts are realizing that the ITAM process can help to mitigate the risk of unauthorized access and other security breaches. A complete ITAM program that incorporates context data, such as EOS and EOL data about the assets installed, formulates an approach to minimize risk into the organization.
So what does the new ITAM department look like? Many organizations have quickly realized the ITAM role is expanding. Once defined as a process to have better transparency on IT spend, ITAM now spans the IT departments’ activities around procurement, vendor management, IT service management, GRC and most notably today and beyond – cybersecurity.