Business today is underpinned by technology. From HR to sales, from data capture to accounting and finance, information technology and the software that powers it is mission-critical to every business. Not only that, but the ease of access to the internet, ubiquitous network connections and the development of cloud application and software services means that many small businesses acquire much of their technology with little, if any specialist support. While growing access to information technology brings huge benefits in terms of business agility and innovation, speed to market and customer retention, it also brings considerable risks if technology assets, particularly software, are not managed effectively.
Poorly managed software is a cyber-security risk
The growing reliance on technology has led to an increase in the risk of a cyber security breach. Ninety-one percent of businesses worldwide experienced a security breach in the past 12 months, while Gartner predicts that worldwide security spending will increase to $96 billion by the end of 2018, an increase of eight percent . Although managing cyber-risk is complex, implementing effective processes and controls to manage your software assets throughout their lifecycle is a crucial first step, as is ensuring that software is both genuine and properly licensed.
Poor management of IT assets, particularly software, can have significant consequences. A BSA study conducted by IDC found that there is a strong positive correlation (0.79) between the presence of unlicensed software and the likelihood of encountering malware.
Upfront shortcuts can translate into long term losses
While most businesses try to do the right thing, cost pressures can make it very tempting to cut corners by buying un-licensed software or subscribing to a cheap cloud service from a vendor which might not last the distance.
The use of unlicensed software means organisations can be subject to significant fines, while engaging a cloud service with little thought to the vendor’s own cyber-security capabilities or long-term business viability can lead to major headaches if the vendor experiences a security-breach or goes out of business, taking all your data with it.
But above all, the threat of a breach of personal data can have the most severe consequences. Under the EU’s General Data Protection Regulation (GDPR) failure to protect personal data can lead to fines of up to €20m or 4% of turnover (whichever is highest); not to mention the possibility of being named and shamed in the press.
So, we have a perfect storm of businesses buying IT themselves but not having the skills or knowledge to manage it effectively, with the result that they put themselves – and their customers – at risk.
Building IT expertise in-house can be too costly for many, which is why having a clear approach to how you buy and manage any sort of technology is critical. When it comes to software and cloud services, that means implementing Software Asset Management (SAM), a holistic approach to managing your software and cloud assets so that you are getting the most out of them, while remaining license-compliant and minimising security and other risks.
The BSA SAM SME blueprint
To implement SAM, as with any sort of management system, you need a clearly defined approach. That’s why we’ve devised the SAM SME blueprint, based on the Deming Cycle, to help you “plan, do, check and act” (PDCA) to implement the processes and controls required to manage software and cloud services within your organisation.
- Plan – identify your organisation’s SAM objectives and build a plan action to achieve them. Think about what support you may need (such as an experienced SAM consultant) to help you on your way.
- Do – Implement your plan in a systematic manner. Make sure an individual employee is accountable for ensuring that progress is being made.
- Check – Review what you’ve done, and whether it is achieving your objectives. Adjust your execution plan (Do) and go again.
- Act – If you are struggling to implement your plan, or it’s not achieving your objectives, take some time to understand why and make any adjustments required.
At some point you may find your business imperatives have changed, your business has grown, or increasingly complex technology requires a major overhaul of how you manage your software and cloud services. At this point, go back to the Plan stage and update your organisational objectives and devise a new roadmap to achieve them.
Our SAM Guide will help you think through what is needed to implement SAM, so you can stay on track for success.