Maintain software audit readiness and mitigate security risks with BigFix Inventory

Dan Corcoran is an HCL BigFix Sales Specialist who helps clients reduce the cost of endpoint management. Prior to joining the BigFix team, he was the Director of Client Technology at US Foods, where he managed 15,000 endpoints in more than 60 locations nationwide. In this blog, Dan shares his personal experiences as a BigFix Administrator and now as a product specialist.

The BigFix suite is a highly integrated endpoint management platform that includes BigFix Inventory. As a prior user and now as a product specialist, I can relate how BigFix Inventory helps maintain software audit readiness and mitigate security and non-compliance risks. Below are the five ways that BigFix Inventory significantly reduces IT costs, financial exposure, and security risk.

Automates software license compliance processes

Software audits, done for internal purposes or in response to requests from software vendors can be time-consuming and costly. For six months, my staff and I spent nearly 10 hours a week collecting and consolidating software installation and licensing data from 15,000 laptops and desktops at 67 distribution centers. The process was very labor-intensive. With our endpoint management software at the time, it was difficult for us to wrap our arms around exactly what software we had and who was using it. Our previous tool didn’t help us distinguish between different applications from the same vendor or between different versions of the same software. It just wasn’t dependable. After deploying BigFix, we centralized and streamlined our endpoint management activities. We were able to get consistent, dependable, and reliable data without the labor-intensive manual work that previous tools required. This saved nearly 10 hours per week at 67 distribution centers. That’s 34,000 hours annually.

Reduces risk of non-compliance and financial exposure

Software vendors are increasingly vigilant about protecting their licensing revenue and enforcing their agreements. Over deployment can create significant financial exposure.  As a matter of fact, in my prior role, we estimated that BigFix helped us avoid a seven-digit license compliance penalty. How could we have been that out of alignment with what we owned? A simple mistake was made on an image used to deploy new laptops and desktops. This propagated to all the new devices. Luckily, we believed in internal self-audits. This exposed the over deployment quickly and gave us the opportunity to fix the mistake. When the software vendor did knock on our door, we had eliminated 99% of the problem.

Reduces software spend

BigFix is also valuable for software asset management, helping procurement and asset managers better understand what is installed and how much it is being used. Using BigFIx in my previous role, we reviewed the software usage of Microsoft Office Suite.  The report showed that of all endpoints which had the Microsoft Office Professional software suite with Microsoft Access software, less than half had ever opened Access software and the majority of users rarely used it. As a result, the company stopped providing the Professional version of Microsoft Office, saving over six figures. This was especially useful in working with senior management. We could base our decision on the specific facts instead of a hunch. We could show that we would not impact the user experience by eliminating the software that was not being used.

BigFix can also show software license consumption trends, allowing procurement staff to better plan and purchase enough licenses. Knowing exactly how many licenses are needed can also help procurement negotiate better-licensing agreements.

There is also a great deal of value in being able to harvest licenses that are not being used and re-deploying them as opposed to always writing the PO for another license. Using BigFix Inventory data, you can see what your delta is on a specific title like Project or Visio and deploy based upon what is already owned. You can also use automation to automatically uninstall from those users who haven’t opened the application in a set time. This can be customized to your need. If someone hasn’t opened MS Project or some other tool for greater than 90 days, are they truly in need of that license seat?

Remediates non-compliance during a merger or acquisition

Mergers and acquisitions are not uncommon in today’s business landscape. Even if the acquired company provides an accurate and complete list of workstations and servers, my staff had the onerous process of ensuring compliance and configuring the systems according to the their operational and security policies. By using outward-facing relays, my team captured accurate hardware and software inventory information and began remediating issues to bring those systems into compliance prior to allowing them onto our corporate network. Using BigFix, I determined that US Foods could retain a significant portion of the acquired company’s hardware and software inventory, saving $70,000 in capital expenditures. This also allowed us to make a minor change to include the new company hardware in our standard operating procedures. Having this information upfront allowed us to focus on the business aspects and cultural change because the IT infrastructure change became a non-event.

BigFix also allows IT and Security organizations to identify and remove unauthorized or risky software from company-owned endpoints enhancing our overall security posture. For example, peer-to-peer (P2P) software can threaten both corporate and individual security resulting in many companies prohibiting the use of P2P software on the devices they own and manage. BigFix can help identify and optionally remove software that poses an enterprise security threat, thereby reducing the opportunity of a costly data breach.

Enables a Single Source of Truth

BigFIx provides an IT organization with accurate, up-to-date information about the hardware and software assets in the enterprise. A single source of truth is extremely valuable. In many organizations, the configuration management database (CMDB) provides important information to many stakeholders. Keeping a CMBD up to date can be a struggle when you must integrate multiple point solutions to obtain the data. Because BigFix works across operating system platforms, we can use it as the single source of truth and minimize the complexity of seeing what is happening in the enterprise.  Earlier this month, BigFix announced an integration that enables organizations to harness the wealth of near real-time endpoint data to automatically enrich the ServiceNow® CMDB. Conversely, it also provides BigFix with access to endpoint metadata and business contexts defined in ServiceNow® CMDB.  The integration reduces the manual effort to update the CMDB with endpoint data while increasing the flexibility of BigFix Administrators to target endpoint actions based upon the business context (e.g. Department, Location, and Environment) from ServiceNow®.

For more information, visit BigFix.com or contact your BigFix Specialist.