The number of organisations that have made any correlation between SAM and Information security, with the notion that it will help mitigate the risk of cyber-attacks, is nowhere near as prevalent as it should be.
The EU data protection regulations (GDPR) will become law in less than 24 months and will dramatically crank up the need for organisations to implement improved information security and data protection regulatory measures. The new GDPR ruling says that organisations like Tesco, if falling under the classification of a “data controller” and if found non-compliant, could have faced fines of up to £1.94bn, as noted by V3 here.
Why? In this financial year, as of Sept 2016, Tesco had a turnover of £48.4bn and under the new ruling would face a fine of 4% of its turnover. But would being compliant make any difference and is there more organisations can do now?
The wording around the new ruling is deemed poor by many and it may not be 100% clear whether it applies to some or all of an organisation. However, organisations should not be waiting around for that clarification.
Surely it’s time that information and cyber security – along with data protection – reached the top of the CxO agenda? There is much you can do today to protect your business in the future.
Business leaders need to raise the profile of cyber security in the boardroom. Indeed, security should be high on the CxO’s agenda. Many CEOs probably started their careers when their business was paper-based and in the minds of many perhaps that’s how the business still operates. They often don’t realise how IT has and continues to transform their business, with many still viewing IT security as purely an IT problem.
The same can be said for IT Asset Management (ITAM) or Software Asset Management (SAM). Many organisations will recognise a need for SAM to maintain license compliance, but it’s often way down the CxO agenda in terms of strategic planning. Needless to say that the number of organisations that have made any correlation between SAM and Information security, with the notion that it will help mitigate the risk of cyber-attacks, is nowhere near as prevalent as it should be.
So how can an organisation put measures in place to try and get its IT security fit for purpose?
Here are 10 important things you can do now:
- Ensure ITAM/SAM and data/cyber security has senior executive sponsorship
- Get full visibility of your hardware and software assets
- Understand who is using those assets
- Rationalise the amount of software titles you use
- Standardise software versions and editions
- Make sure security patches are kept up-to-date
- Ensure firmware is regularly updated
- Set strong passwords and security policies
- Have clear policies around bring your own device (BYOD) and enforce them
- Ensure that you introduce and maintain a best practice management and technology governance framework across your IT estate to manage your assets effectively and limit risk
These ten steps will help you start to mitigate operational, legal and financial risk. In addition, they’ll provide the foundation for optimisation and strategic decision making to ensure you’re delivering ROI on complex technology investments.