Crayon Logo
Authors Posts by Phil Heap

Phil Heap

8 POSTS 0 COMMENTS
Phil is the Products & Services Director at Crayon and has been an integral part of the Senior Management team for over 10 years, having joined the business in 2005. With over 20 years of ITAM experience, Phil is credited with being the original architect of the Crayon SAM-iQ platform.

by -
0 1021

Improving IT security is not just about adding firewalls and making sure anti-virus is up to date. Software asset management (SAM) can help in finding old, vulnerable versions of software on the network. Here, we show how SAM can improve security in your organisation.

What you need to know about software asset management and IT security

License Compliance is normally the first thing that is thought about when it comes to Software Asset Management (SAM). But we should take a much wider view and think about how SAM helps in other areas of IT and across the business, most significantly in the area of Information security.

One of the principle roles of SAM is to make sure all IT systems are recorded and managed for the purpose of Software license compliance. IT security also needs to make note of all devices in the infrastructure to ensure an appropriate level of security is in place.

Comparing devices in the device inventory with those found by endpoint security systems is likely to produce three things: a list of devices both in the SAM database and IT security database; those only found by SAM tools; and those only found by IT security tools.

This helps both the SAM manager and the IT security manager focus on those devices they should be managing but don’t appear in the respective databases.

Another way that Software Asset Management can assist with IT security is by making sure that relevant details from the SAM inventory are shared with the IT security manager, so they can check for older software versions that may no longer be supported or may not have the appropriate patches to close security flaws. SAM managers and Security managers should also work towards devising an authorised software list or catalogue of authorised software that software is procured from. That way security and compliance can be assessed before its brought in to the organisation.

The SAM manager should also verify that any licenses that have been allocated to individuals are being used by the intended recipients. This information can be extremely vital to IT security as the license allocation could highlight access areas that are still granted to users who no longer require it, or who no longer even work for the company.

Knowing what’s what with home workers

Telecommuting or working from home has become very popular over the last few years with many employees hardly setting foot in the office. Secure VPNs and Direct Access are now often in place to make sure your infrastructure can be accessed at anytime and from anywhere.

IT security should know who accesses the network through these secure connections, and how devices are used outside the office; for example, are they using it to download and install software they shouldn’t? Knowing exactly what software is being used and by whom, can minimise the risk of malware infecting the network.

Also with more employees that “bring your own device” to the company, this can dramatically increase the possibility of unlicensed software appearing within the infrastructure. A strong policy framework including BYOD is essential, as this will go a long way to ensuring risk is reduced and increase confidence that the organisation can remain compliant (whether the software has a company-owned license or personal one).

Cloud is another consideration for SAM and IT security managers. If part or all IT is moved to the cloud, the changes to infrastructure and architecture along with the introduction of 3rd party service providers adds another layer of complexity and also must be managed effectively to stay fully compliant and protected. But that’s a huge topic in itself and probably one for another day

SAM as an organisation’s vanguard

Software asset management should be at the frontline of an enterprise’s security strategy as they are both important contributors to strong IT governance. Combining SAM with Information security at the end point and at the core will underline otherwise invisible events and help in identifying suspicious or strange activity down to the individual device or user.

If an organisation does this, it will know just how valuable having SAM and IT security alignment really is.

by -
0 814

Sometimes SAM can be more difficult than it needs to be. We look at some of the mistakes an organisation can make when it comes to software asset management and how best to avoid them.

Software asset management (SAM) can be a time consuming task requiring many people to carry it out. It is difficult enough even when users do what they are supposed to do. Failure to compile and produce accurate installation information can lead to costly errors.

So what are the common errors organisations make when it comes to software asset management and how can these be avoided?

SAM is not a silver bullet

Many organisations think of implementing SAM as a quick fix or silver bullet that will somehow sort everything out there and then. While the tools on the market are great, it needs to be backed up with the right processes and the right people in order to make this a success.

Doing everything at once

Another mistake enterprises make is trying to do everything at once. Deploying a SAM solution is a journey and should be done bit-by-bit. All too often an organisation will spend vast amounts of their budget without anything to show for it. This can lead to such projects begin shut down by upper management.

Having a thorough roadmap is essential and the ISO 19770-1 standard can help in devising one. This demonstrates that the entire enterprise should support the SAM deployment and vice versa.

Making SAM too complex

A SAM project can get out of hand and become an untamed beast that is unwieldy and cumbersome. Getting this back on track requires the organisation to get back to basics. This means figuring out what sources you should use that are reliable and rebuilding the model from there. Implementing things such as automated approvals, financial chargebacks and software stack rationalisations are great but these need to be kept as simple as possible at the outset.

Forgetting about software in a merger or acquisition

Software is an asset that often gets overlooked when companies merge or get acquired. While it brings a lot of value to a firm, it can also create a lot of risk. Don’t assume that when purchasing a company, the software assets are thrown in. Even if they are included in the handover terms, you must document this. Licenses have to be novated to the new organisations and proof of this retained.

Don’t assume outsourcing means no responsibility for SAM

Outsourcing has become mainstream for many organisations but while you might outsource a lot of things in your organisation, software license compliance is never going to be one of them.

You need to ensure that you know the impact on your license risks from third party services and the decisions they make. Vendors will always expect you to account for all software usage and that you have the correct licenses to cover deployment. Even when you outsource SAM itself, compliance is always going to be that the buck that stops with you.

BYOD and your licenses

Users may think it is easy to bring their smartphone and tablet into work, but from an SAM point of view, things are a little more complex. Especially when it comes to Microsoft licensing rules. Do you need to license the software on someone else’s device when they bring it into the organisations or do you license access, such as when accessing email on an Exchange server? If so, its very likely you need device Client Access Licenses for devices provided you haven’t already purchased User Client Access Licenses.

Did you forget to re-harvest software licenses?

Many organisations forget that when PCs are decommissioned, there are still software applications on them with their associated licenses. You must not forget to take these back.

Another thing that is universally overlooked is software installed on machines that is never used. Go beyond simple deployment versus entitlement and use your discovery tools to see what is actually being used. Applications sitting idle on a machine are wasting tons of money. Run a report today and see what is and isn’t being used.

by -
0 7039

Picking the right SAM tool shouldn’t be the only thing you think about, it’s more about driving the outcomes required from the enterprise and optimising investment

There are plenty of choices when it comes to SAM tools. However, picking the right one isn’t just about the tool itself, it also about knowing what you want out of the tool and processes that go alongside them. Buying a SAM tool cannot be rushed into without a second thought. The right tool will be essential to the success of your software asset management plans.

What do you really want?

Every organisation is different and will thus have different requirements. This means there will be differing products on the market to service those needs. Organisations have to work out what they need from a SAM tool and how they are going to implement it into an ecosystem of procedures and processes to create an environment of continual compliance and licence optimisation.

This means thinking about things such as inventory and discovery; metering; license management; usage stats; mobile device management; datacentre management; and virtualisation and cloud environment management. It also means a greater conversation within the organisation about what software is needed where in the organisation and how it can be managed in an optimised way.

Also to be considered are such things as whether you want agent or agentless technology; how you want reports generated; and how SaaS applications are discovered, tracked and licenses managed for the most efficient use.

If your organisation is almost entirely mobile then a complex mobile device management solution would be preferable to a general SAM tool, even when SAM tools often integrate MDM into their suite of functionalities.

Do you need to do everything?

All organisations have their own individual needs. You not only have to think about what is in the organisation now but what may be needed in the future. This means careful planning and probably the creation of multiple scenarios.

If we assume that your organisation wants one SAM tool to do everything (desktops, laptops, mobile, servers, virtual and cloud), while the tool won’t specialise in a particular field, it may well fulfil all requirements in some form.

 

Ease of use: SAM tools can be complex beasts but this shouldn’t prevent them from being easy to use. The interface should allow you to carry out SAM tasks easily and without it being time consuming.

Good support: You will need support from the vendor of your SAM tool during deployment and the ongoing management of the tool within your organisation.

Software metering: As part of a SAM project, you will want to optimise software licenses and usage and will require actionable data outputs to achieve this.

Inventory and discovery: You need to know what assets you have in your organisation.

License management: Tools have to be able to manage the major software license types that are out there on the market and in use within your organisation. This should also include software running in virtual and cloud environments.

Specialised license management: If you invested heavily in SAP, IBM or Oracle, some SAM tools provide support for licenses from these vendors and the complicated license management processes they entail.

Datacentre and server management: Many firms have datacentres and most will have servers running within their infrastructure. Software running in these environments will still have software that needs to be managed and monitored.

Virtual and cloud software management: VMware, Hyper-V, AWS and Azure are environments with software that needs to be managed. A SAM tool will need to glean information from these in order to keep you abreast of what is running in these cloud environments.

 

Will it fit in with what I have already?

You also have to ensure that any SAM tool introduced into your organisations will integrate or at least work with solutions already in place, such as ITSM tools, MDM solutions, etc. You need to find out if there are any compatibility issues that would prevent them working together. The existing tools would have had money and time invested in them.

If you buy a SAM tool that deploys agents on systems, those agents will have to be included on images used to build machines for your organisation. This may seem like a small thing, but it will have an impact. Also, if a user has admin rights, do they have the ability to remove a SAM agent? If so this could mean one less machine it has oversight of.

Making a list, checking it twice

To recap, there are a number of things to remember when choosing a SAM tool.

Will you get support?

Is it compatible with other tools you use?

What will the impact be on your business and users?

How easy is it to deploy to local machine?

Can you manage it on a daily basis?

Do you have the right server to host the tool?

Can your tool manage virtual or cloud-based software?

How often does the vendor update the SAM tool?

How is data collected and are resources tied up with this data is collected?

How will this help in meeting organisational goals in compliance and efficiency?

 

Don’t expect the tool to do it all for you

Any SAM tool is only as good as the knowledge and structure you deploy to optimise it’s use. Without the necessary skills sets to assimilate the data outputs against the complex landscape of publisher licensing agreements a SAM tool will only get you so far, and that may not be as far as you would like! Enterprises are increasingly looking to appoint expert SAM partners to help them establish and manage a credible SAM environment across their business and at the same time optimise the deployment and use of the chosen SAM tool. If you believe you lack the band width or skill set required to do this yourself then this approach is probably the first decision you need to take before you procure the SAM tool!

In conclusion

Every organisation is different, but the principles of choosing a tool are broadly the same. It has to be the right one for your environment that helps in meeting broader goals of your organisation and optimising its software investments and maintaining compliance. If you have any doubt regarding your ability to optimise an investment in a SAM tool think about appointing an expert SAM partner who can help you understand what your organisation needs and how this can be achieved and this will determine the appropriate tool and approach to help reach those goals.

by -
0 1044

Many firms fail to comply with their software agreements and as a result pay unbudgeted audit fees. We look at what steps you can take to be proactive.

Cloud, social and mobile mean that today’s enterprise applications are being implemented and used in ways beyond those anticipated by legacy license agreements. Datacentre consolidation, shared services and international expansion could break restricted use rights.

Outsourcing can also exceed limitations on third party use. Extranets, portals, and integrated applications architectures makes the division between direct and indirect users harder to define. Virtualisation, multiple core processors and multiple threads complicate CPU and server-based license schemes.

The drop in new license revenues has also led software companies to make more repeated audits. Often, these audits would only happen when someone blew the whistle on suspicious licensing practices, whereas nowadays software vendors tend to audit as part of standard business practices.

Indeed, businesses can be audited many times a year across their portfolio of software. And it’s possible each audit could result in liabilities running into the millions. But organisations can take steps to mitigate this risk throughout license acquisition, during the software asset management process (SAM), and in response to a provider audit.

1 – Focus on the license agreement

Risks during auditing can be decreased by targeting important areas of the license agreement. If different licensing models are available, the business should choose a arrangement that — outside of offering a cost-effective solution — permits confidence in compliance. A per-user or per-device licensing system may not be suitable for an environment with inadequate desktop configuration and asset management.

Organisations should apply license agreements as flexibly and wide-ranging as possible to avoid separate pools of licenses and using approaches like “exchange rights” where unused licenses of one product can be exchanged for licenses required for another piece of software.

There should also be reasonable limitations on audit rights to prevent the audit being too intrusive and offer even-handed resolutions for inadvertent non-compliance. Organisations need to have adequate notice and be able to delay audits for mitigating situations.

Organisations should be able to review software asset management processes with their software provider. Establishing that SAM practices are vigorous should mean that an auditor may not have to perform an intrusive, time-consuming audit.

2 – Shift to ongoing compliance

Once an organisation has demonstrated an agreement that avoids infringement and protects the business for the worst excesses of an audit, the focus can move onto ongoing operational compliance applying a full-bodied approach to SAM. A best practice is creating license compliance and centralised tracking as a fundamental competence within IT.

The compliance team should be included in any license purchasing and involved in the enterprise change management process to detect any unexpected licensing effects. The team should also carry out recurring data verification audits to corroborate the output of any automated discovery tools and confirm enterprise license entitlements.

Most organisations now understand that Excel and manual methods are no longer adequate. SAM is presently perceived as a required core function in IT service management, and it’s offered as a component in the vast majority of the ITSM toolsets. There are additionally standalone SAM tools, some of which are acknowledged by large software vendors as alternatives to their own license management software.

 3 – Manage the audit and define processes

When an organisation is audited, a common error its to accept the process and results. Rather, the business ought to plan effectively for the audit, stay engaged with the audit and prepare to discuss the outcome.

When notified, the business should look again at the license agreement to comprehend   the premise under which the audit was demanded. Older agreements may not have anticipated audits or may considerably constrain the audit scope and/or resolutions for non-compliance.

The business should coordinate with the auditor to comprehend the planned range and method, as well as verifying the license agreements and entitlements that will be used as the basis for the audit.

The auditor may base their investigation on standard licensing terms (rather than any negotiated agreement) or be ignorant of particular entitlements, such as those allocated after an acquisition.

Having comprehended the planned audit method, the organisation should self-audit to assess compliance and isolate risks. Entitlement information may be amassed from consolidated databases, purchase orders, license keys or certificates, or invoices.

Once the audit has commenced, the business and auditor should both define the audit process. Audits should promptly end if non-compliance is not shown within a certain timeframe.

There should be a single point of contact during the audit process to address internal problem resolution and allow for suitable responses.

The business should also insist on a draft report from the auditor to tackle inconsistencies in data. This needs to be done before costs are examined.

An initial settlement demand is a starting point for negotiations, especially when non-compliance was unintentional. Counter-offers may be based on maintaining future compliance rather than backdated compensation.

If your business can argue a fair position, the software vendor may consider the offer so as to meet personal bonus deadlines of reporting of revenue. Many enterprises are now engaging the assistance of expert SAM Consulting partners to allow them to implement the above type of activities as they either do not have the expertise available within their own team or what expertise they have is unable to scale to the requirements. If in doubt, find a SAM expert to help, youll almost certainly save many times the cost in better optimisation of your software assets and the mitigation of liability that would otherwise be uncovered by a publisher audit.

The unavoidable

Organisations can no longer avoid audits if they have a large portfolio of software on their estates. But by arranging licensing agreements correctly, reducing compliance doubt through strong SAM procedures, and actively involving the vendor during software audits, businesses can mitigate the risks and subsequent possible costs from these measures.

by -
0 861

How SAM-iQ Will Help You Become an 'IT Rock Star' for Your Enterprise

What Are The 10 Key Metrics You Need To Track For Effective Software Optimisation?

How can you justify the investment in Software Asset Management (SAM) if you’re not measuring both the performance of your SAM team and the benefits that the SAM program is providing?

Whilst there’s no shortage of best practice advice around in the SAM market today, there is still a distinct lack of help in terms of how to actually implement and measure SAM processes, the effectiveness of tools, accuracy of data and so on.

Of course there are best practice frameworks like ITIL together with an international standard (ISO 19770-1), but whilst these both provide sound guidance of the ‘What’ and the ‘Why’ they don’t really provide all-important support in the form of ‘How To.’ This means that there is a real challenge in proving SAM effectiveness for most organisations.

Why? Well, very often SAM owners get blindsided by the different priorities, objectives and ways of setting up the necessary metrics to measure things. So, despite there being documented SAM best practices available for reference and guidance, there is deemed to be a level of interpretation required in order to set and measure metrics specific to a business’s needs.

At Crayon we speak to many C-level leaders who tell us that they know they need to address SAM/ITAM but just don’t see the benefits. They feel that they never seem to improve, so it’s hard to identify how close they are to reaching their goals and objectives.

We respond by asking how they are measuring it. And the reply often is: “I don’t think we are.”

Trying to interpret SAM reports with either your internal teams or from SAM service providers can sometimes be a real challenge, as they never seem to highlight the successes, or measure the improvement in a way that clearly demonstrates value.

That is why with the release of SAM-iQ, Crayon’s unique approach to planning, implementing, maintaining and optimising your complex technology through effective SAM deployment, we have introduced a brand new online platform that provides an immediate and dynamic dashboard view of your key SAM status.

To ensure that demonstrating success to your senior management sponsors has never been easier, Crayon has developed a best practice approach to SAM. We provide you with the training, the guidance and the tools, but also give clear, measurable objectives and KPIs that will eliminate the need for your own interpretation and ensure you are enabled to provide clear and concise ‘value based reporting’ back to your team.

Here are 10 of the many key metrics SAM-iQ helps you implement, track and measure:

 

  1. The number of completed tasks leading toward achieving specific/all objectives
  2. The number of allocated tasks leading toward achieving specific/all objectives
  3. The status (percentage complete) of each allocated task and objective
  4. The status (percentage complete) of the overall project phases and stages
  5. The number of policies and procedures that have been developed and implemented
  6. SAM maturity levels benchmarked against other organisations and against other best practice (SAM Optimisation Model, ITIL, ISO 19770-1)
  7. The annual (currency) spend against each software vendor
  8. Budgeted software spend vs actual software spend (currency)
  9. Capex vs Opex spend (currency comparison)
  10. Amount of cost (currency) avoided due to harvesting licenses already owned instead of purchasing new ones

 

By understanding each KPI and its metric, IT leaders can easily track their own progress and the progress of their team, together with the ability to demonstrate to third party stakeholders how investments in complex technology are being optimised and where there is a need for additional resource and/or technology investment, wider adoption and/or sponsorship.

The winning combination of having the right people, processes and technology in place and then introducing the capability to capture and report on the metrics we describe above, will revolutionise your IT estate management and maximise your ROI from IT investments.

For your FREE trial of SAM-iQ contact your local Crayon team today or visit us at www.crayon.com

by -
0 653

SAM-iQ the Ideal Foundation for Intelligent Cloud Investments

A growing number of CIOs we speak to are under the mistaken impression that the move to the Cloud has negated the need to manage software assets effectively. In particular there is a feeling it has removed the concerns about governance, risk and license compliance. And that by consuming Cloud technology, they pass on the overall responsibility for compliance to the host or the service provider.

Nothing could be further from the truth.

The pervasive nature of the cloud computing paradigm means it is vital that CIOs have a Software Asset Management (SAM) environment firmly in place across their enterprise. The beauty of an effective SAM program is that whilst the goals and objectives quite often remain unchanged, the way companies have to adapt to different policies, procedures and processes definitely does not. In most Hybrid (on premise/Cloud) environments, there will be processes and ways of working that are now redundant, but there will also be times when the team has to do new things. And they must be prepared for this.

SAM has to be an integral part of any organisation’s cloud strategy and migration planning, because when done properly, it provides the ideal foundation of business intelligence to enable informed decisions that are based on detailed and accurate information and not on guess work or input from publishers.

This is why Crayon has a ‘SAM first, Cloud First strategy’. To enable our customers to adapt and manage their heterogeneous environments to be an important contributor to the success of the business, not as individual silos, sitting in IT or in someone else’s datacentre.

Our new SAM-iQ platform is available internationally and is built on Crayon’s deep heritage of SAM delivery excellence as the world’s No.1 SAM services provider and trusted advisor to global enterprise. Supported by Crayon’s unrivalled SAM and Cloud consultants, it provides all of the management tools, resources and services required to help our customers to optimise their software and complex technology estates and drive best-in-class cloud implementation. 

SAM-iQ enhances the value of IT to the business, improves governance, mitigates risk and, all importantly, drives down cost. For your FREE trial of SAM-iQ contact your local Crayon team today or visit us at SAM-iQ

by -
0 1275

If the answer is no then read on..

Bring Your Own Device (BYOD) is a phrase now commonly used to describe the latest paradigm shift to employees being empowered to utilise their personal mobile technology and other computing devices into the corporate IT environment.

Whilst this allows a greater flexibility for the workforce it carries with it a unique set of challenges and impact on the business.

This article attempts to describe some of the market drivers behind BYOD and the challenges it presents to an organisation in terms of management, controls, governance and licensing

What are the drivers?

In order to appreciate the challenges and risks that BYOD presents, it is important to recognise the trends and drivers of this relatively new but pervasive use of technology.

Until relatively recently the traditional IT paradigm has been fairly simple. IT provided employees with the tools for the job, so that in theory, productivity and security could always be managed, measured and maintained.

Typically, this meant employees were provided with a device or devices (desktop/laptop), and the relevant applications (e.g. “Office”,” Acrobat”) and any others that met specific IT standards and conformed to an approved or authorised list agreed by the business.

By the mid noughties, things started to change. A new trend in IT began to emerge that stood in a juxtaposition to the norm.

This was primarily due to two factors:

  1. The adoption of mobile (Smart Phone & Tablet) technology
  2. The desire to use social media.

Suddenly employees were bringing in personal mobile devices that could store data and information in text, sound and graphical formats.

Users were all of a sudden able to utilise social media and store all sorts of file types, they could also “freely” use applications and share data across the network with other users.

This required a change of mind set for CIO’S. CTO’s and IT/IS managers in terms of how to embrace this new phenomenon without it becoming a huge administrative burden in terms of IT Asset Management (ITAM), productivity, security & compliance etc. As an example most IT departments viewed social media as a frivolous pastime and a drain on employee productivity. However, this soon started to change as news started to filter through that social media could actually enable worker efficiency and productivity by allowing employees to share, collaborate, and communicate in a much more agile manner than by just using the more traditional corporate applications.

Working 9-to-5 was fast becoming a thing of the past. People didn’t need to be sat behind their desk at the office to be productive and communicate any more. The corporate world was now global and 24/7. This means workers can work anytime and anywhere and strike up their own work life balance that is not dictated by the location or a clock.

What are the challenges?

What we have seen in effect is a trickle down effect. BYOD started at the top with C-Level managers as they tended to be the first to adopt working from home, flexible hours and working abroad. Initially this wasn’t seen as a major problem as it was relatively only a few people in the organisation that needed or requested it. Now however, it is common across all organisational departments and this has caught IT departments with their “trousers down” metaphorically speaking of course, but it means that many don’t have sufficient policies and controls to cope with the diversity of capability, functionality and non-standardisation of the BYOD devices being used.

BYOD brings challenges to traditional IT controls to minimise and mitigate risk.

As businesses somewhat blindly adopt BYOD, the risks associated with it must be assessed and mitigation plans put in place. Risks of data integrity, data loss, and security vulnerabilities are all cited as real issues for organisations introducing BYOD. These are challenges everybody adopting BYOD will face and robust policies in these areas are essential to ensure levels of controls are in place to mitigate the risks

IT is also challenged with having sufficient insight as to what is happening in their network. Without being able to see what is going on in the corporate network, IT is hindered in its ability to protect business and information assets.

That lack of insight in terms of asset management across all corporate and personal devices means that controlling risk, cost and compliance is all the more difficult.

Here are a few things to consider when considering BYOD

Business Intelligence: Obtain an snapshot of what you have. Utilise any inventory and usage information you can to provide the data you need. You will need to know about devices that are connecting to the network, who uses them and what applications are being used. There are good Software management & ITAM tools out there that can help you find the devices you have, recognise the software on it and control the applications available to it.

Establish policies: You should consider making a list of acceptable devices that can access the corporate network. Additionally, IT should also state which devices/operating systems/applications that it will and will not support.

Acceptable use: In accordance to standard security practices, companies should always enforce minimal access controls. In other words, even with BYOD, a strong security policy would be to deny all, except for approved devices, applications and users. Every business will be different. Therefore, it is critical to know in advance what your security policy is with regards to access controls.

Separate work and personal: Include in the policy that work information should be kept separate from personal information wherever possible. Consider making it a standard procedure that when employees access the corporate network on their own device that they also agree to adherence of company acceptable use policies, as well as IT monitoring and inventory management tools.

Establish or embed into an overall IT asset Management (ITAM) strategy your Mobile Device Management (MDM) strategy and incorporate it with other relevant strategies around Hardware & Software Asset Management, to enable you to manage all users and devices and any underlying software that is installed on or accessed by them.

Look beyond the device: Application control strategies can play an important role in making a BYOD policy secure and efficient. Make sure your BYOD policy also includes specific applications that are acceptable as well as others that are not. With application controls in place you can enforce policies based on specific, acceptable and unacceptable applications.

Apply policy to a segmented network: Sensitive data should always reside on a different network than that which is open to guests, contractors or other non-employees. With a segmented network, IT can apply one set of policies for employees and another set for guests.

Understand compliance: Examine what else is at risk. Is your organisation subject to regulatory controls, such as HIPAA or PCI DSS. Are there processes and procedures in place so that if an employee loses a smartphone or tablet, it can be wiped to avoid data loss?

Companywide notification: Is absolutely critical for avoiding legal liabilities. Make sure your BYOD policy is regularly communicated to all employees. Have a written policy that states what rights an employee gives up in order to gain access to corporate resources with an employee-owned device.

Summary

BYOD is a major technology trend that is dramatically changing the way we view IT. BYOD is a force that is here to stay, and by all expectations, is expected to grow in size and scope. With this, comes a whole new set of challenges and opportunities for businesses as well as their IT departments. This new BOYD paradigm incorporated with a change in the way businesses provide IT services to end users through on premise, virtual, hosted, public/private cloud platforms, is adding a new layer of complexity to the way we need to manage all of our IT assets.

Crayon is at the forefront of ITAM and Software Asset Management and is a global leader with over 15 years’ experience in assisting organisations with strategies to manage and optimise assets.

http://www.crayon.com/en-GB/

by -
0 3967

Having worked in the ITAM and SAM industry for over 15 years now I have seen organisations grow in their knowledge and maturity in terms of managing their IT infrastructure. Most organisations now understand that SAM tools, whilst important to help automate some of the processes are not the be all and end all.

Implementing SAM and ITAM also requires well trained, skilled people and effective policies and processes. At Crayon we have incorporated all of this in to our Crayon SAM Program.