Software Asset Management
Can Increase Your IT Security

How Software Asset Management Can Increase Your IT Security

Security is a core issue that today occupies the entire IT industry. Leaving aside the high media exposure, hacker attacks are more sophisticated and damaging than ever before. But why is this true, if we assume that modern IT users are supposedly more ‘informed’ when it comes to the use of software systems? A basic truism from the practical world is that there is no such thing as rock-solid information when it comes to the exact details of individual risks. In this article, we indicate how good Software Asset Management can help to increase IT security.

How a DDos Attack Became a Horror Scenario

Enterprise-wide regulations on software management are important, of course. It is also essential to take suitable measures to protect against external attacks. It is not without reason that anti-virus vendors regularly attempt to outbid each other with offers and newly developed products. It is fair to say that a DDoS attack remains a horror scenario for many companies. The journalist Brian Krebs certainly felt the effects first hand. Reporting on the networks behind the attacks, his blog fell victim to one of the largest onslaughts in September 2016. As a knock-on effect, even his security provider Akamai cancelled his contract (he has since made a highly publicized move to Googles Project Shield).Of course, attacks of this kind are not force majeure, but the fewest solutions are currently able to offer blanket protection. Indeed, the risk begins at a far smaller level.

Where Exactly are the Risks?

During license audit projects, we have frequently collaborated with our customers to collect datasets in Excel spreadsheets containing several hundred thousand rows. To make them manageable for the respective projects, we then had to shorten them to suit the specific requirements. Is the software by Autodesk? Then its importance is secondary for a Microsoft project. Is it maybe open source? In this case it is irrelevant for an Adobe audit.

The question of what exactly happens next with the culled data was frequently outsourced to a follow-on project or placed conveniently into the category of “we’ll deal with that when we have the time”. But on no accounts should the risks to ongoing operations be underestimated: from IKEA kitchen planners in the admin department, to Steam and PlayStation clients on production PCs and even unauthorized browser add-ons in an R&D setting, we’ve found pretty much every kind of software in just as many environments.

Here, programs that transmit information from the company and, to do so, work their way around the internal firewalls, are among the most dangerous. Sounds logical? But almost every web application uses this ploy. This is because they operate via the external port 80. These ports are the interface between the programs and the operating systems. In this case, number 80 is reserved for applications that use the Hypertext Transfer Protocol (HTTP). Applications are allowed to communicate in both directions. In a nutshell: a large number of uncontrolled Internet applications present a significant security risk.

What Secure Software Management Looks Like

A look through the software portfolio will usually reveal precisely which risks are lurking in a company. Well-managed portfolios enable faster detection of risks and better utilization of optimization options.

The COMPAREX Portfolio Management Platformis a tool used to check which software is installed. Scenarios we encounter frequently include redundant virus scanners that obstruct each other in the performance of tasks. Companies that buy preinstalled computers are exposed to this risk in particular, especially if the software packaging and installation process fails to run smoothly.

Curious About the Security Risks of Your IT?

We have compiled all the relevant information on why outsourcing Software Asset Management pays off.

Contact our SAM team
  • Monday 22 May 2017

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

Maximilian Hoppe, Consultant Software Asset Management

Maximilian Hoppe IT Consultant

analyzing & designing processes of internationally operating companies

Related Articles

security-compliance-at-the-boardroom-table
  • 03 May 2019
  • Mike Fitzgerald
  • Managed Security
  • IT-Security, Compliance, Cyber-Crime, Cyber-Threats, Cyber-Attacks

Security & Compliance - Why They Have a Permanent Seat at the Boardroom Table

In his recent byline in “Corporate Compliance Insights”, Mike Fitzgerald shared the top three reasons why a security-first mentality is crucial to the success of your business.

Azure-Sentinel_Posting
  • 17 April 2019
  • Chris Allen
  • Managed Cloud, Publisher Advisory, Managed Security
  • Azure, Azure Sentinel

The ‘All-Seeing’ Azure Sentinel - Provides Omnipresent Level Security

Microsoft Azure Sentinel provides intelligent, cloud-scale security analytics across your entire enterprise. Our expert Chris Allen explains how it works and what it has to do with Lord of the Rings

Managed-Security---Ahead-of-Security-Threats
  • 23 October 2018
  • Blog Editorial Team
  • Managed Security
  • IT-Security, Cyber-Attacks, Cyber-Crime, Cyber-Threats

Stay Ahead of Security Threats: Focusing on Your High-Risk Assets

As you move forward, staying ahead of security threats will require a strong, but flexible, plan. Read more about how you can create a course of action for prevention and remediation.