SAM and Infosec : a crucial partnership for an effective ITAM programme
On the 14th April the UK SAM Networking group held a conference in Manchester, focusing on the importance of the interactions and intersections of SAM and Infosec.
The session was well attended with a morning of plenary sessions from high profile guest speakers from Snow, Flexera, Softcat and HP Enterprise, covering all aspects of information security across the Software Asset Management spectrum.
It was also an opportunity for me to present a Keynote about work I have been doing for a large UK multi-national incorporating ITAM policies into the broader Information Security Policies. The moral of the story is that good practice is good practice, whether it’s driven by ITAM or Information Security, so the policy overlaps between the two are significant.
This was followed by a presentation from Greg Holmes and Marcelo Pereira of Flexera Software, on how a combination of effective Software Asset Management and Software Vulnerability Management processes could significantly contribute towards improved software security. The session highlighted the three main steps of the Software Vulnerability Management Lifecycle – assessing the current situation, mitigating the appropriate remedial actions and verifying the solutions that have been implemented and the considerations required to achieve this. They got quite technical, and I have to confess quite a lot of it went straight over my head!
Matt Ward, Head of ITAM at Softcat focused more on the future of SAM including the importance and management of Shadow IT and its role to play in multiple devices, user based licensing and cloud models. The presentation also touched upon the ever increasing merging of security and compliance and the implications of this. This was the second time I’d heard Matt speak and he was just as thought provoking as he was the first time.
The evolution of SAM and Mobile Device Management was discussed by Alan Giles of Snow Software, covering all topics from the initial user’s expectation and experience right through to inventory, licensing requirements and centralised system management. In summary, a well-researched and implemented MDM programme could result in considerable time and cost savings for both the company and the user. Alan is such a charmer! He made a point of name checking one of my earlier blogs on Enterprise Mobility Management, which was very kind of him!
The plenary sessions were completed with a presentation by Nick Waring and Matt Beavis of Hewlett Packard Enterprise on the vital contribution of Configuration Management towards an improved and more structured security and software compliance process. The principles of Configuration Management and the ultimate benefits these can bring were a key feature of this presentation, which was a nice cross-over into our other discipline – we’re not called the ‘Configuration Management Specialist Group’ for nothing! My personal view is that the move to the cloud will bring the disciplines of ITAM and Configuration Management much closer together, so I’m really pleased HPE were able to contribute to our ‘SAM’ conference.
As always, conference delegates were encouraged to participate in the round table sessions, providing the opportunity to review/debate and discuss current industry topics in a relaxed, open forum. Although plenary sessions are important for imparting knowledge and thought leadership, as well as setting the tone for the day, I find that it is the round table sessions that get the best response – it is a powerful thing to be able to share your experiences with your peers and realise you aren’t alone!
Finally, a big thank you to all our presenters and to those who were able to attend on the day! Copies of all the presentations can be accessed via the below link, along with more details on the UK SAM Networking Group and our forthcoming events.
Our next conference is on the 7th June at the BCS Covent Garden offices, so register now at https://events.bcs.org/book/1999/.
Abstracts and speaker information, as well as timetable information is available here: http://www.bcs.org/category/18062