Blog Options
Client Computing Best Practices

PC Security- Have We Reached the Tipping Point Yet?

brucemichelson| November 20, 2011
Post a Comment

This summer, I delivered a webcast on the topic of risk cycle. The conclusion was that there will be more and more of an increase in incursions for desktops and laptops. Current events over the past few months seemed to indicate that this trend was on target. So now the question is - have we finally reached the tipping point?

Read Blog Article
Tags: breach notification| BYOC| client computing| desktop| encryption| View All (9)
Labels: breach notification| byoc| compliance| desktop| encryption| hipaa| HITECH| laptop| lifecycle| PC| risk cycle| security
Labels:

Software Rationalization - An Opportunity to Optimize and Save

brucemichelson| September 3, 2009
3 Comments

As we approach the upcoming sets of technology refresh cycles in earnest combined with the W7 planning, software rationalization may represent some "low hanging fruit" in terms of reducing costs and complexities. Closed Loop Lifecycle Planning(CLLP) defines software rationalization as the review and remediation of titles and manufacturers in the software installed base.


A reminder as always, the opinions expressed in this blog are mine, and not those of HP. The findings are reflective of my research and field engagements in CLLP.


Interestingly, software titles seem to appear en masse even when we in It beleive that the desktops and laptops are locked down. The internet access, active directory priviledges, P Cards, and local admin rights are among the many reasons that it is not infrequent that the number of titles, versions and manufacturers are as much as 2 to 3 times what you may expect.


Given the recession, the likelihood of audit and compliance initiatives are likely increasing.


Interestingly, there are a few observations that have been made along the way. For example, the longer a device is retained, the greater the number and versions of software that reside on the devices. Moreover, cascading frequently makes this issue worse since many of us do not harvest software effectively. Software asset management has long been one of the lifecycle elements that has been a lesser priority since many enterprise wide agreements have provided a sense of security.


With W7 may come the realization, that the non-enterprise software may represent a significant risk or exposure. In any case more software titles outside of the business requirements may make the data migration from one device to another take longer or become more complex.


Typically it is suggested that a simple report be run that could scope potential issues or at least frame the discussion. This report is easily run by most (if not all management tools) The report is only four columns- software manufacturer, the software title, the software version, and then in descending order the number of times the title shows up in the base. In most of the engagements there is a "aha" moment when the figures are reviewed.


The bell curve is by thirds - core applications, departmental applications, and "how did these applications get here". The sheer numbers of applications may be a surprise.


Without giving a discourse on software rationalization, I would like to ask having positioned this as a significant potential, are you seeing the same or similar set of dymanics in your business?


As a follow on question, would you like to have more details about the process and discussion about software rationalization?


Thanks for blogging


 


 


 

Read Blog Article
Labels: compliance| rationalization
Labels:
Search
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Follow Us
About the Author
Labels