Crayon Logo
Authors Posts by Vicky Makhija

Vicky Makhija

2 POSTS 0 COMMENTS
Vicky has over 14 years of experience in various domains of Compliance, Policy & Governance ranging from Software Compliance Reviews, Software Asset Management (SAM), IP Compliance & Management and IT Asset Management (ITAM). Vicky has conducted vendor audits – IBM / Oracle / Microsoft/ Autodesk/ Adobe for large customers in India, Turkey , Sri Lanka and South East Asia and has depth experience in leading change, creating impactful & sustainable SAM program and aligning the policies of clients with ISO/IEC 19770 and ITIL standards with focus on TCO/ROI.

by -
0 159

The Importance of SAM

Software Asset Management (SAM) is not a new thing, many corporates have viewed SAM as a vital process; thus, investing their resources to streamline the process. Many case studies have shown that SAM can benefit companies in many ways and in this article these benefits are summarised into four points:

  1. Optimise the IT Investment
  2. Provide a comprehensive inventory of the software and hardware
  3. Increase security measures by identification of activity from un-authorised software
  4. Avoid unbudgeted IT spending due to audits and expired hardware

SAM might be a familiar topic for the global IT world; however, Indonesia is one of those countries that is not yet familiar with the activity. Awareness regarding license compliance is currently low, and this fact is supported with data collected by the Business Software Alliance, an industry body that promotes the properly licensed use of business software, which reflected by the chart below. The chart indicated that Indonesia has the highest rate of unlicensed software but at the same time lowest commercial value. This can possibly mean that most of the piracy was done in non-commercial sector such as personal use, government, or education.

US-BASED research firm International Data Corporation (IDC) Indonesia reported that the country’s information and communication technology (ICT) spending will increase 16% to Rp394 trillion (US$29.5 billion) in 2020, from the 2017’s prediction of Rp339 trillion (US$25.4 billion), with majority spending goes to devices rather than software, and most of the spending is driven by consumers (57%) against enterprises (43%), because the consumer market is big and people are buying more devices.

Main Challenges for SAM in Indonesia

Despite the country’s high piracy rate, many enterprises, especially national-wide and multinational have concerns about SAM. There are several reasons for them including GCG implementation, compliance and publisher’s audit activities. However, implementation of SAM is not as easy as it seems in Indonesia. Aside from common SAM challenges, such as complex licensing rules from multiple software publishers and non-homogenous data (for example number of user, software inventory, virtualisation configuration, contract agreement and purchase order), significant challenges that faced by almost all the enterprise in Indonesia is including:

  1. Inadequate IT Infrastructure

Geographical nature of Indonesia divided the country into multiple islands, which limits effective IT reach to branches especially limited access for East Indonesia area. Enterprises with business that requires country-wide reach will need to implement a decentralised IT and asset procurement strategy to support operational on branches in rural areas. Latest trending on rental system and IT outsourcing services is being explored by some companies to overcome these difficulties; however, there are not much vendor with nation-wide reach, acceptable capabilities and reasonable price.

  1. Human Resources

Obvious problem is the inequality of human resources capabilities in terms of IT between the big cities and rural areas, or some called as digital divide. This divide also impact on the habit of using IT devices such as mobile phones and computers; moreover, the importance of using original software and licensing rules.

Possible Solutions

This article was put together not to discourage the reader from implementing SAM, but for them to acknowledge the specific challenges; therefore, able to strategise on how to overcome them.

Understanding the importance of IT growth, government of Indonesia launched a big scale project in 2007 to implement nation-wide backbone fibre optic network to develop better IT infrastructure, which projected to be completed on 2018. Once the project finish, government is hoping that the growth of ICT in districts will significantly increase.

However, government interruption is not the only thing that must be done. Additionally, each enterprise needs to have a solid SAM awareness that will lead to companywide contribution with the management sponsorship. SAM team must also be appointed, and it should be a multidisciplinary team since SAM relate to several departments aside from IT (for example, procurement, finance, accounting). These actions will impose the employees with a new culture of SAM, which will then reduce the piracy minded actions.

It is recommended to get external help on SAM implementation such as software publishers. Several software publishers offer SAM program aside from their annual license audit to assist enterprises on understanding their licensing complexity and enterprises’ needs on their products.

In the end, the most effective way is to engage with vendors with the expertise of SAM consultancy before planning any SAM strategy, vendors like Crayon, with global presence have the experience on assisting multiple enterprises and providing benefit from optimum SAM implementation.

by -
0 290

Information security is a topic that all CXOs would want to have in their business plan for 2017. Having a strong plan to protect your organisation from cyber-attacks is fundamental. It is essential that an evaluation of IT systems is done not only from an external attack but also from an internal threat.

 

 

 

Top Misuse Action Varieties within Insider and Privilege Misuse (n=230)

Source: Verizon 2016 Data Breach Investigations Report

IT Asset Management is the first step to address these issues. Here are some of the key issues that highlighted:

  1. Identity & Access Management (IAM) – Unauthorized access to systems are discovered. User access management to critical applications supporting the business is identified. This can be used to initiate, capture, record and manage user identities and their related access permissions. Poorly controlled IAM processes may lead to regulatory non-compliance because if the organisation is audited, management will not be able to prove that company data is not at risk of being misused.
  2. Unauthorised Hardware & Software – Genuine vs non-genuine software and licensed vs non-licensed software are discovered. Hardware compliance in accordance with IT policies are measured. The use of legitimate vs illegitimate software deployments is identified. Software without genuine licenses, incorrect or cracked software are found.
  3. Illicit Content – Unregulated contents on a corporate network or a machine are identified
  4. Possession abuse – Corporate systems used for personal access or bring your own devices (BYOD) to access corporate information can also be a reason for cyber risk
  5. Unsafe Apps: Using certain applications in the corporate network could open back door entries and make the systems vulnerable. Listing down applications which are safe to be used in the network vs vulnerable or potentially unsafe applications that need IT’s attention
  6. IT Asset Management is the key to data center planning – Virtualisation is the key to cost optimization. IT Asset Management exercise will highlight:
    a.     If your IT hardware resources optimally used
    b.     Is it in compliance with the business requirements
    c.     Licensing requirements from the principal vendor

Main Security Concerns Related to BYOD

Source: BYOD & Mobile Security 2016

What can Software Asset Management (SAM) do for your business?

  • Protect your IT infrastructure from security threats
  • Help to manage your licensing costs
  • Maximize your licensing assets
  • Place you in control of your vendor contract renewals
  • Identify unauthorized software installations
  • Re-harvest software assets
  • Plan IT spend in line with business priorities
  • Model future software scenarios
  • Meet corporate governance/compliancy goals