by Matthew Poulter
The rise in cybercrime has brought home the importance of security to many organisations. There is a need for businesses to improve their security technology and update their security policies to maintain pace with ever-evolving cybercrime.
Software and the security risk
Today’s businesses run on software, which makes them a soft target for cybercriminals. However, many businesses don’t even have a complete view of what software they have within their organisation. The intangible nature of software makes it a tricky asset to manage and maintain.
Software can be vulnerable for many reasons. The major vendors spend a substantial amount of time and resources updating software to reduce vulnerabilities. This in conjunction with security solutions such as antivirus and antimalware, can be a very good defence against cybercrime. Unfortunately, organisations sometimes do not have a comprehensive view of their software estate and therefore cannot identify whether there are vulnerabilities in their infrastructures. In some cases where computers are not correctly configured as part of an organisation’s infrastructure, software can go undetected and fall outside of the scope of IT security, leaving the business vulnerable.
A SAM practice looks at all the software, across all computers, for all users within an organisation. The visibility this affords an organisation gives them the ability to identify if there are any obvious risks. This can include; Out of date or unpatched software, computes that are not covered by antivirus and password policies. It’s easy for businesses to forget that they still have older Operating Systems (OS’) in their organisation, and they may fail to keep these secured and updated.
SAM takes a common-sense approach to security, working alongside the business’s security department to help identify and address the risks. SAM can help a business employ best practices to align with security policies and maintain overall security of the business.
SAM is not done in isolation and leverages a framework of best practices which look at the business’s software from a holistic point of view, tying it in to various other aspects of the business. Ideally, businesses should work alongside SAM partners to facilitate improved software management which has a knock-on benefit to security and compliance.
Avoiding the impact
All it takes is a single-entry point into a network via an unprotected piece of software to decimate an entire business’s IT environment. Businesses should take precautions to ensure they not only know what software they have, but also that it is adequately protected.
Often, it’s a relatively simple fix, one which can be identified and implemented once a Software Asset Management (SAM) cybersecurity assessment is completed.
- Matthew Poulter is SAM Business Manager at First Technology National