It’s easy to forget how quickly certain technologies have penetrated the enterprise. Once, cloud computing was regarded as a blue-sky technology. Today 85 per cent of mid-to-large-sized businesses use multiple clouds. And now that smartphones and tablets are in common use, enterprises networks are required to support an average of 4.6 mobile devices per user (up from 4.1 devices per user in 2015).
The rapid adoption of such technologies has, overall, been a positive development, driving productivity and efficiencies, and allowing employees to work more flexibly than ever. But as IT estates have become increasingly complex, the task of maintaining visibility over all IT assets has also become increasingly challenging.
Software licensing agreements can be difficult to interpret under the best of circumstances. Throw in a few ‘blind spots’ – areas of the IT estate you cannot properly examine – and your business may find itself subject to data breaches, regulatory violation, and unnecessary overspend. Businesses need to mitigate this risk as much as possible. So, what are some of the most common blind spots encountered by IT teams?
Many businesses today run the majority of their applications in the cloud. However, they will often find that the licensing agreements for their applications were written with a more traditional client/server environment in mind. Businesses need to ensure they have visibility of how moving their applications from on-premise to cloud will impact these agreements.
What’s more, many IT decision makers lack understanding of the precise topography of their third party data centres. They may also lack the ability to monitor closely exactly which apps they’re running in the cloud and how many instances they’re running, putting them at risk of license breach.
Even assuming you have established full visibility of all areas of your online IT estate, devices may be turned off, may lack network access, or may be isolated or restricted due the presence of sensitive information. Nor are such practices limited to sensitive industries, such as the defence sector, that deliberately ‘ring fence’ certain devices from network access.
A GP practice might, for example, have software running on mobile devices of doctors employed part-time, or on-the-move, or working as locums. Identifying every device or software instances in such scenarios, especially where devices are regularly taken off-premises, can be extremely challenging.
Employee-owned laptops and mobile devices may not afford access rights for audit purposes. But what if the individual uses their own device or installs software for work purposes? How can the business gain access to this device to perform an audit while still respecting the individual’s privacy? And this is to say nothing of the upcoming boom in the use of wearables and other personal IoT devices that may have the ability to install apps of their own. This is likely to complicate the picture still further.
No matter how well-trained the employee, or vigilant the employer, employees will inevitably find ways to utilise unapproved software on company devices. At the simplest level employers need a way to determine whether these apps/web services duplicate the functionality of licensed products (and thus eliminating an area of unnecessary overspend).
More critically, an employer must determine if the employee’s use of such services for company purposes is in breach of licensing terms. An employee might be unaware, for instance, that a standard online service (such as an online album for photos, or online document editing services) is licensed as free for personal use, but that the company becomes liable for a license if it is used for business purposes.
When surrounded by smart devices, as most modern offices are, it’s easy to overlook the basics. Take modern, connected communication and collaboration platforms, for example. Are you licensed for the correct number of users utilising your VoIP or UC system, or the number of people using your networks? Often lacking a user interface, such devices are easy to overlook. And, again, that’s to say nothing of the forthcoming boom in commercial IoT devices looming over the horizon, which will only compound this issue.
All of these blind spots are surprisingly common, and can be found in most businesses. Yet they can invoke enormous expense. In order to avoid them businesses need to put in place monitoring tools, systems and services that give them total real-time visibility of the software in use. These tools need to be able to monitor application usage – including virtualised instances and SaaS services – and compare it against the licenses held. They should also be able to identify overlapping functions, consolidate software versions, identify software that poses a risk, highlight and/or remove unsupported apps, and identify patches required. And finally, these systems should present the business with clear, visual reports that can be readily-understood by the board and, ideally, a suggested action plan and an estimation of required spend, outlining which software need to be removed, patched or relicensed.
As a side note, with the constant risk of on-the-spot audits, most businesses will benefit from what is in effect, continual auditing. The auditing system employed should maintain constant, real-time vigilance, with as much automation as possible. And given that businesses will only depend more, not less, on licensed tools in the future, I suspect continual auditing will become a relatively commonplace IT and business practice within the next few years.
Due to the complexities involved in monitoring modern IT estates, many businesses will partner with a specialist to help achieve deep insight into their licensing situation. Such services can deliver considerable benefits, carrying out the legwork for you with specialised systems, contacting software manufacturers on your behalf to establish the software usage rights offered to you and negotiate agreements, and presenting information in easy-to-digest formats with recommendations from professionals. Most businesses will find that the initial effort involved in setting this up will pay for itself in a short space of time.
It’s chock full of useful advice, exclusive events and interesting articles. Don’t miss out!