Software Gone Wild: 7 Big Software Asset Management Risks in the New Normal

As our “new normal” of working from home sets in, companies are supporting a digital transition that has been quick and broad. Your workforce is now spread across many domestic locations, and IT is still implementing unprecedented changes to the company infrastructure. That decentralization and distraction has probably led to less Software Asset Management (SAM) oversight of employees and tools.

In short, there’s more opportunity for people to run wild and their software to be uncontrolled.

There are always hidden software license management risks when it comes to using software due to the licenses agreements that govern that software. The average employee doesn’t read Terms & Conditions — everybody clicks away on the “I Accept” button when they fire up an application — and that language is obscure even if they did.

Unless you work in Software Asset Management, you won’t understand the possible software costs and agreements that might be triggered by accepting these T&C agreements. Or even realize that you should look for them.

So what are these risks? And how does a SAM Manager manage or reduce software costs while their wild world is still churning? Let’s look at the biggest challenges now facing you in software license management, data management and digital security.

1. Shadow IT Gone Wild: Free software has hidden costs

People need applications. And they often need them fast while under a deadline. (Let’s face it, when aren’t you under a deadline?)

There’s always been a risk of your employees using applications without asking permission. “Shadow IT” is software that’s managed outside of the SAM team and deployed in a work capacity without your official authorization.

Software vendors are temporarily offering cloud applications for free, in an effort to help people in their new work-from-home situation, and do subtle marketing and market penetration through that goodwill effort. It’s possible that your employees are initiating more SaaS software without your approval, generally with the intent of improving their workflow.

For instance, your Inside Sales team uses the company-sponsored GoToMeetings, but they’ve wanted to try a different tool for web-based conferencing. Now Adobe has offered free access to Adobe Connect for 90 days if you sign up for a trial license.

This is a time of experiment and trial-by-fire, right? So Inside Sales starts using that free software and doesn’t think about cloud cost management or what happens when this free period times out.

2. Data Gone Wild: Unapproved software stores data

Now that your employees aren’t working face-to-face, they have to supplement work behaviors built around being in the same room.

For instance, the Development team is used to being in an office with a white board that people gather around to brainstorm. Or standing together in front of a wall, writing on stickie notes that visually build an idea.

Now that group needs a software collaboration tool which everyone can access and interactively work in. There are whiteboard tools like Miro and AWW that limit users and features at the basic tier, and expand those ranges when you move to a paid version. So the developers sign up for a freemium plan to just “get me through this one project, and then I’ll never use it again.”

The intent is good: Productivity without pause. But your company data is stored in these cloud services, untracked and out in the wild.

3. Multi-Tasking Gone Wild: Mixing business and personal

Employees are working from home — and possibly from their sofa — so time is more compressed with a new work-life balance. People who previously kept a firm divide between business and personal might now be tempted to use their work computer for personal tasks, and vice versa, to be efficient.

For instance, a salesperson checks their Microsoft Outlook email through an O365 webmail browser on their personal laptop, because they’re deep in a project but need to check for delivery windows for online groceries. It’s easier to multi-task from one computer. But checking email through an insecure webmail browser is a security risk. Additionally, someone in their household might discover the laptop unattended — perhaps they’re also curious about the delivery status — and start using it while the work email is open.

Or a web designer installs the newly free 90-day trial of Apple’s Final Cut Pro X on their work-issued laptop. Now they can play around with video clips during short breaks from a work project. However, this opens a risk for licensing issues and proprietary data when the trial runs out, as we talked about in Risk #1.

4. Devices Gone Wild: BYOD needs oversight

Speaking of personal laptops… “Bring Your Own Device” is the practice of licensing your business software on an employee’s personal computer or smartphone. Basically, BYOD gives an employee a similar experience at work as they have at home, so they feel comfortable with the technology and enhance their job flexibility.

But wait… now employees are always working at home! Which means it is a bit more slippery to govern the management and licensing of those devices, because everyone is in a semi-renegade situation. An effective approach is making sure the Software Asset Management team is tracking the software and its data on each device.

For instance, a Customer Support specialist no longer moves between their office desk and home office desk. They’re on call to answer support questions at a late hour — let’s say, while playing a midnight Fortnite game — so it might feel natural to check the ITSM ticket queue from their phone, then access the ITSM system from their gaming computer, and save the help documents afterward to the desktop.

Keep in mind that BYOD is not a free-for-all for any personal device. The practice is kosher for compliance only if the devices have been approved and licensed properly.

5. Cloud Gone Wild: Unchecked SaaS increases software costs

It’s a blessing and a curse: The ease of using cloud apps. Though your teams are now greatly spread apart, the team members can quickly jumpstart collaboration with a cloud-based tool, also called Software as a Service (SaaS).

Employees feel pressure to keep up their performance and project pace. Which means another aspect that’s probably jumped is the online resources they are consuming. What’s probably not increased accordingly is employees using your official IT channels to request the SaaS applications.

For instance, the Sales team was chatting with Slack before they were all working remotely. Now they need to expand that communication across two other teams, Inside Sales and Pre-Sales Engineering, and require paid-only capabilities like a full message archive and unlimited app integration. So they move from the free limited Slack to a paid group-wide instance.

It’s only “a couple bucks” per user so that seems low impact and reasonable. But as more departments do this, your cloud spend is unchecked in two expensive ways. First, as paid cloud accounts are increasingly activated without budget oversight. Next, if those accounts lead to penalty fees or overage costs because they’re used outside the vendor T&Cs.

6. Networks Gone Wild: Security software needs updates

Security updates. Everyone hates taking down time to do them, but they’re more important than ever. Now that your IT infrastructure is dispersed and fully remote, it’s essential for security software to be present and always up-to-date.

Your office building has a secure firewall which makes vulnerabilities harder to access and attack. Working from home offices means employees are on unsecured or less secure domestic networks, and might require extra protective measures such as VPN (more on this next).

If your company doesn’t typically support remote work, there’s a big shift in IT operations. Now you have to set up security measures for an employee’s existing hardware. Or you might requisition new devices for use at home, without the opportunity to work on their operating systems and security permissions beforehand.

For instance, perhaps your Accounting team worked on desktops at the office so sensitive information was easier to control, and they’ve been told to order laptops online that are delivered directly to them. Now the accountants have to set up a new work laptop or their personal computers to access work systems.

7. Connections Gone Wild: VPN must protect data

On the topic of security software… Virtual Private Network utilities provides a secure connection to a company’s IT systems. When an employee uses their computer outside of the company network, VPN routes their internet connection through a private corporate server, so data is transmitted securely. Now every employee is working outside the corporate network, and VPN is an essential tool. This is a software budget issue that might be unplanned but is suddenly necessary for keeping data safe.

If your company previously required the use of VPN, then you would have licenses for every employee. But perhaps your requirement was only for teams that worked with sensitive data. For instance, the Development team handles proprietary code and confidential product information, so when they’re not at the office behind a firewall, they are mandated to fire up a VPN to access cloud-based tools like Atlas Sian Jiri.

If you didn’t require a VPN, well, now you need to reevaluate which employees need a license. Perhaps your Design department works primarily with software tools such as Adobe Creative Cloud that don’t handle sensitive data. Now they aren’t working in a room together so they’ve quickly moved to using Atlas Sian Confluence for sharing ideas and documentation, which means they are now remotely accessing data that should go through a secured network.

It’s tempting to look at low-cost or no-cost versions of VPN tools to save money in a compressed time frame. But as in Risk #1, be careful of free tools (or free versions of trusted tools) which might have terms that let the vendor access, analyze or retain your data.

Summary: your 7 essential steps to reduce software costs and risks

Each risk in this article leads to the same conclusion: IT and the Ecodocs Software Asset Management teams need to set and enforce a system of software oversight or your company’s costs and software license compliance risks may surge. Your oversight might be wildly different if you’re in a large IT department with a lot of controls in place, or part of a smaller staff who serve many roles with not enough eyes. But as we operate in this “New Normal,” it’s a relevant topic for every company, and we’re all in it together. Here are the best practices to reduce software costs, protect against security risks, and ensure software license compliance:

• Train your employees about what software is allowed on their personal and business devices, and give them a list of approved applications
• Consider setting up a portal for employees to request cloud services and non-cloud software, keeping purchases under your supervision
• Track the hardware devices accessing your network, and bring them under management so you can set up security measures
• Make sure all devices are updated with the latest security software and OS patches, since they are now on less secure domestic networks
• Consider a standard protocol for approved remote storage services and, if needed, prevent local storage on personal devices
• Have a security system which lets you decommission a computer or smartphone quickly, such as remote wipe or bricking the device

Bottom line, you need to understand what software license management and security risks you’re newly open to, and communicate to your team about how to mitigate those risks. Know what software your employees are using versus what they have permission to use. If this doesn’t match up, explore web design Australia Company options which handle that exposure and keep you protected against compliance risk.