Virtualization Technology News and Information
Software Asset Management to Kick Start GDPR Compliance


Article written by Ben Eagling, Marketing Manager of License Dashboard 

The countdown to 25th May 2018 is well and truly underway - the date that the EU General Data Protection Regulation (GDPR) will come into effect, in what can be considered as one of the biggest shake ups in data management we've ever seen. 

Designed to address shortcomings in the existing Data Protection Directive (DPD) relating to personal data such as names, addresses, phone numbers, account numbers, and email and IP addresses, GDPR will apply to any company that collects, stores, or processes personal data pertaining to EU individuals, regardless of the company's geographical location.

This new legislation will force organizations to carefully consider where personal data of EU citizens is being stored, who is able to access it, and how it is being protected from data breaches. Penalties for breaching these rules are fierce; with maximum fines up to four percent of an organization's annual revenue, or €20M (whichever sum is greater).

How will GDPR affect IT departments?

GDPR guidance thus far has been fairly ambiguous, for example there is a section suggesting "state of the art" technology should be used, but no definition of what this actually entails is offered. How are courts and authorities going to enforce this rule without strict criteria to follow?

Now is the time for IT departments to decide how they will build GDPR compliance into their new technology deployments to meet security standards. Much of the existing preparation guidance for IT and tech departments to date has been geared toward the importance of server, storage, and software security and management. But, IT Asset Management and Discovery should also form a crucial step in the process since it will not be possible for an organization to comply with GDPR if it is lacking full visibility of the IT assets - both hardware and software - being utilized for processing and storing personal data of EU citizens.

What will happen if a company is found to be non-compliant?

When GDPR rolls out, if a company is audited and found to be in violation of its rules, GDPR auditors and regulatory bodies will demand the following information in order to establish where the problem lies;

  • What devices does the company own and use?
  • Where are the devices located?
  • What software and applications are installed on the devices?
  • Who is able to access these devices?
  • Who is able to access software on these devices?
  • What devices and softwares are encrypted?

How many ITAM managers would be able to accurately respond to these questions? What if an organization fell victim to a data security breach on a device that was completely unknown, invisible on the IT NEtwork, and unaccounted for in any day-to-day monitoring?

This situation is hardly acceptable under existing laws, however, failure to answer these questions once GDPR has been implemented would result in the organization being found to be non-compliant, causing serious financial and reputational damage. The pressure has therefore been mounting for ITAM departments, which are responsible not only for gathering IT resource data, but also for safeguarding it.

How Software Asset Management Supports GDPR Compliance

In order to establish full data protection in line with GDPR, companies must know their entire IT estate inside-out, accounting for every device, user, and all software. After all, it is impossible to protect the unknown.

This task will be no easy feat given the influx of modern digital technologies now forming part of the professional IT estate such as IoT devices, cloud computing, tablets, BYOD, and mobility to name a few. While these developments have created opportunity for more agile and innovative business processes, this has often been at the expense of IT asset visibility, making it difficult or even impossible to properly monitor and protect customer data.

Under GDPR, data in every repository of an organization will need to be clearly documented so that data subject can be kept well-informed about the processes and purposes used for their data. This can be particularly challenging for organizations that have migrated to the cloud and other digital platforms because data can wind up spread across multiple backups, copies, and archives, or shared with third parties, making its exact location unclear.

Software Asset Management is a helpful tool for an organization to regain visibility and control of its devices, users, and programs; on premises, mobile, or in the cloud.

Network Inventory & Discovery

Working to minimize the number of unknown devices within a network will help to minimize the risk of a GDPR breach occuring. The process of tracking IT assets within the network to obtain a hardware and software asset inventory is the first step in an organization's SAM journey, as well as being a major first step on the journey toward GDPR compliance.

Reduce Vulnerability Levels

Armed with this visibility information, IT departments are better positioned to prevent staff from accessing unauthorized or suspicious software. The data from the the discovery and inventory auditing process can be used to monitor the IT network to ensure it is only occupied by trusted sources.

Pinpoint Breaches

In the unfortunate event of an organization falling victim to security breach, SAM data provides an accurate real-time snapshot of usage data. This is useful for identifying the exact location of the issue so it can be quickly resolved.

Software asset management is renowned for assisting organizations with the process of budgeting and auditing IT resources. In doing so, this information will not only reveal potential weak spots in software licensing but also vulnerabilities in the IT network will be unveiled and gaps in privacy and security highlighted. SAM technology can therefore play a vital role in helping organizations to overcome some of the challenges faced by GDPR compliance.

Achieving full GDPR compliance before the 25th May is no quick win for any organization, but implementation of SAM will provide evidence based efforts of a robust, risk-based approach to data security and privacy.


About the Author

Ben has worked as a marketing professional for nine years, with four years spent in the IT sector. Working closely with software and licensing experts within License Dashboard, Ben produces regular content on Software Asset Management tools, services and market insights.

Published Thursday, February 01, 2018 8:54 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<February 2018>