Yesterday I determined that I was very popular in the eyes of Apple Computing. I received no less than seven phone calls from Molly, an “Apple Technician”, indicating that one of my apple devices was causing a security breach and I was to call a particular number to resolve it. As an “Apple Technician”, Molly must be a lot smarter than me when it comes to my iPhone, right? Oh no – my device is not secure!

Several of my friends posted that they received similar calls from Mackenzie at Google, for a similar reason. Never mind that most of those friends don’t even have a Google device … since Google is the know-it all oracle (sorry) of our lives, it must know something that we don’t. If Mackenzie says that our un-owned and invisible Google device is not secure, then we are not secure!

On a daily basis for perhaps the last two weeks, I’ve been hearing advertisements on the radio for doorbell cameras and the consequences of not having one. So what if 99.9999% of us haven’t had doorbell cameras in, like, forever – I mean, the commercials’ message is that “the doorbell is the sentinel of protection at the front of your house! It SHOULD have a camera; the peephole is so 20th century!” But we survived this long with just that peephole, right? (It’s kind of like when we played on jungle gyms outside without the rubber padding. If we fell off, we bounced, just not as high.) We may have survived but in 2019, the “experts” claim that we’re not secure.

So, what does all of this have to do with Software Asset Management (SAM), you ask? Well, I would like to point out that it’s us SAM people that have the pulse of our software use at our enterprises. *We* are the experts in knowing what’s running and not running at our companies. *We* know what software is running on what servers and who owns those servers. (The previous two sentences might be very optimistic, but that is the goal we’re trying to reach.) The tools we’re using to support ourselves in our never-ending quest for truth, justice and vendor audit-avoidance tell us what’s been discovered on those servers, what releases of the software we have and what the end of life dates are. These tools, while not security tools per-se, could also be used to maintain a good security posture.

While we may not be the maintainers of that software (well, personally speaking, I *AM* one of those people but you might not be), SAM managers know if the software is out of date. All the vendors and all of the security software experts and all of the prognosticators will tell you that out-of-date software is a security risk, one that is relatively easy to resolve. Out-of-date software should be upgraded to a version the vendor still supports, unless you have a special case where a critical piece of your business runs on software that, if updated, will break that process. The security landscape changes often, with new vulnerabilities being discovered all the time, and out-of-date software won’t get the patches that are created to counteract the vulnerabilities.

That puts you, the SAM manager, in a very powerful position. In fact, that makes you a hero, because you’re one of the first to know if software is out-of-date. The SAM manager has a dual personality with a singular acronym of SAM – now standing for “Security Asset Manager” – and with great power, comes great responsibility. (Feel free to groan on that one.) You are now a force to be reckoned with – you are one of the defenses that helps maintain your enterprise’s security posture, all because you’re monitoring what software is being used at your company.

That makes you, and your SAM role, pretty doggone important! You’re not just tracking licenses; you’re helping keep your software secure. What’s your primary weapon? It’s the end of life date of the software. Knowing that all-important piece of information enables you to tell your server owners that they need to plan upgrades to keep their systems secure. You can do that in advance of that date to allow the server manager to properly plan the necessary upgrade.

So SAM Managers, get out your superman capes, and go secure those software assets! (Please remember that the laws of gravity still apply to you, so don’t get hurt performing your duties.)