Unlicensed software is generally unknown, unmanaged, not properly updated or configured, and ripe to be hijacked by viruses for unscrupulous purposes. Identifying and taking charge of unlicensed software can be a huge problem in big organisations.
The Department for Homeland Security in the US undertook a SAM implementation on a department-wide basis. Their Continuous Diagnostic and Mitigation (CDM) system constantly monitors networks and only allows permitted software to execute, blocking any other software. This is one, extreme, method for defending against unlicensed software, but there are others; here are eight ways of managing unauthorised software:
1) Nip it at the source
Perimeter security controls can prevent .exe, .msi, and .bin from executing, preventing software from installing. Host-based controls offer similar protections.
2) Don’t forget active content and browser extensions
Malicious content can attack via ActiveX, Java and other browser extensions. This can be blocked at perimeter-level, but all active content will be removed from web browsers.
3) Minimise administrative privileges
If users lack administrative privileges they are unable to run unauthorised software or modify the registry (as well as other administrator actions). Administrator permissions allows malicious users direct access to change configurations and install software at a deep level.
4) Use audit/monitor mode
Most whitelisting tools include an audit/monitor mode to discover which applications are running, should be running and should be removed. The mode will also allow fine tuning of current licences, providing comprehensive visibility of an IT estate.
5) Draw a line in the sand
When unable to catalogue every application immediately it can be effective to create a baseline – the current footprint of executable software – creating a temporary whitelist while the assessment continues.
6) Confirm senior leadership support
Whitelisting involves preventing unauthorised software from executing, but when some unauthorised software is mission-critical, not being able to execute can cause problems. Senior management are needed to enforce compliance and oversee the continuing SAM project.
7) Engage stakeholders early
Identifying and engaging with every stakeholder is critical to the success of a large SAM project. A well-planned communication strategy to ensure every stakeholder is well-informed will provide stakeholders with project understanding and you with their support.
8) Plan for emergency requests
Solid planning and communication are huge assets to SAM, but a detailed plan to cover many eventualities is needed to back-up your other efforts. Emergency firecall accounts and process implemented in the case of emergencies.
About the Author:
Livingstone provide an end-to-end software asset management solution for organisations looking to gain complete visibility and control over their software licensing spend.
Combining their unique approach, accurate inventory and entitlement data with experienced Software Asset Management (SAM) specialists, they understand their client’s software licensing needs and goals. They arm their specialists with vendor agnostic Livingstone technology to provide real time licensing transparency and control