By Kris Barker,
CEO Express Metrix / Apptria Technologies
Network security has topped the enterprise IT priority list ever since networked computers hit the mainstream, and for good reason. PricewaterhouseCoopers estimates an average loss of between $184 and $330 million in brand value alone for companies experiencing data breaches, while a Ponemon Institute/Symantec study puts the cost at $222 for each record compromised.
As companies continue to stockpile larger and larger amounts of personal information—and rely on technology to secure it—data breaches will become ever more commonplace and damaging to those companies who don't adopt airtight security practices. Growth in the security software market supports this hypothesis: Gartner estimates that security software revenue grew 7.5 percent last year to a whopping $17.7 billion.
While many of these security products focus on preventing external attacks or information leakage, IT executives might be surprised to learn that between 40 and 85% percent—depending on which study you believe—of IT security breaches originate from inside the enterprise, whether malicious or unintended. Executives may also be surprised to learn that technologies not commonly marketed as security products—sometimes already deployed within the enterprise—can do a great deal to help augment their security policies.
One such category of products is software asset management (SAM) tools, commonly implemented as a means of tracking the installation and usage of software within the organization. SAM technologies generally provide capabilities that can be used as valuable weapons within the security arsenal, among them:
Discovering hacking tools and other programs that can be used in a malicious way. Unless desktops are completely locked down, it's all too easy for end users to introduce unauthorized or malicious software programs to the network environment. Many organizations choose to maintain a matrix of acceptable software applications, which they then compare to their software inventory reports to reveal unknown or suspicious installations. Likewise, if administrators know the executable name for a malicious app, they can use the SAM tool's discovery capability to pinpoint any machine(s) with that program installed.
Preventing the use of applications that are deemed a threat. Even the most carefully crafted and well communicated software usage policies often aren't enough to keep end users from running programs that put the enterprise at risk. That's why many companies turn to a SAM capability called "application control" for an extra layer of policy enforcement. SAM tools that offer application control allow administrators to block specific executables from being run by individuals, departments, or all users, and can even report on attempts to launch applications that have been blocked.
Examining software usage data to determine when, from where, and by whom an application was used. SAM tools can be a very powerful way to investigate known security breaches. Let's say a data breach took place between four o'clock and five o'clock on a Saturday morning. By analyzing software usage statistics on applications that facilitate access to the breached data, IT personnel can identify exactly which machines and users were running those applications during that timeframe.
Identifying software titles that are candidates for retirement, reducing the number of supported and patched applications. With new and more sophisticated security threats being reported at increasing rates, IT administrators scramble every day stay on top of the latest vulnerabilities and fixes related to installed software. By analyzing the presence and usage of each installed application, companies can see where they have redundant and/or underutilized titles and reduce their application footprints. With fewer applications to support and patch, IT can significantly reduce the chances that an unknown or unaddressed security vulnerability will lead to catastrophe.
Obviously it would be misleading to suggest that a SAM tool can replace or even match the capabilities of dedicated security software and policies. But such tools can certainly round out one's security posture by producing forensics relating to software inventory and usage that traditional security products don't take into account. Furthermore, employing security as an added SAM benefit can be a useful strategy for securing executive sponsorship for investments in SAM technologies and best practices—and to help prove their value once implemented.
Article written by Kris Barker, CEO and Co-founder of Express Metrix / Apptria Technologies
Kris Barker has nearly three decades of business leadership and software development experience at Boeing, DEC, WRQ (now Attachmate) and, currently, Express Metrix
. Since his 2000 co-founding of Express Metrix, a provider of specialized IT asset management solutions, Barker has become a highly knowledgeable and visible ITAM expert, advocate, and spokesperson, with a unique ability to address complex ITAM issues from both technical and business perspectives. Kris recently co-founded Apptria Technologies
, an Express Metrix spin-off, which delivers world-class software recognition to ISVs and other technology providers so they can meet their own customers' demands for reliable asset management capabilities.