Famous statesman and one of the founding fathers of the United States, Benjamin Franklin, is famous for saying, “…in this world nothing can be said to be certain, except death and taxes”. Had he lived in the 21st century rather than the 18th, he might have instead said: “…in this world nothing can be said to be certain, except death, taxes, and software updates.”
In the modern world, software updates are a fact of life. In enterprise environments where the number of apps in the ecosystem is counted in the thousands, software updates are a fact of daily life.
This means software asset management is a crucial function in all organisations, especially large enterprises. A crucial part of software asset management is managing version updates to ensure the safest and most up-to-date application versions are in use.
However, processes are not always sufficient to ensure this is the case. Why do companies fail at hygiene controls with version updates?
Inventory Visibility
One of the main reasons is that there is a lack of visibility over the organisation’s application inventory. In other words, organisations don’t fully know what applications are installed, which versions are running, and where the applications are used.
There can also be a lack of understanding of which applications are installed but are either not used or underused.
Without this understanding, it is impossible to ensure applications are properly updated to the latest version and then deployed across the organisation.
There is also an important licensing element to this. Managing software licenses to ensure you are paying for the applications you use and only the applications you use is one of the most complex areas of software asset management. The volume of app licenses is part of the complexity, but the fluid nature of user requirements and the vast variations in vendor licensing terms enhances the complexities even further.
An accurate and complete application inventory helps you stay on top of software licensing.
Update Processes
There can also be issues when it is known that old versions of applications are in use. Old application versions can create cybersecurity and performance issues, in addition to potential compliance problems.
Packaging, testing, and publishing updated versions of applications is not easy, however, especially if you use manual processes. It takes time and resources to do properly, resulting in some applications continuing to run on an outdated version.
Access Control Processes
Access control is another essential part of software asset management. There needs to be a particular focus on applications that are mission critical to the organisation. Only those users who need to have access should have access.
Without the right systems and procedures in place, access control permissions can be compromised without effective version update processes. For example, an updated version of an application could be made available to a wider than necessary group of users.
Mission-Critical Applications
Another area where organisations can fail is not properly prioritising applications within the ecosystem. Not all applications are equal. Some have minimal impact on business operations, while others are essential for business continuity. Many more fall between these two priority endpoints, while there are others, such as internet browsers, that exist in a grey area, i.e., Chrome is not mission-critical itself, but it might be used to access web apps that are essential.
All apps present a potential cybersecurity risk, so prioritising is not about which to update and which to leave. It’s more about the time and resources allocated to packaging, comprehensively testing, publishing, and deploying when applications are mission critical.
Testing
The testing of updated applications can often be inadequate and is sometimes missed altogether. Failing to properly test updated applications can cause issues across the board, from highly customised applications that require manual intervention through to the most common commercial applications that run on auto-update by the vendor.
Historical Data
For some organisations, such as enterprises in the financial sector, compliance and governance are also an issue when it comes to application version updates. Best practice is to have complete and accurate time and date-stamped records of every software asset management event. However, record-keeping processes and systems are not always fit for purpose.
Ongoing Performance and DEX Monitoring
Software asset management processes shouldn’t stop whenever an application has been updated, repackaged, tested, published, and deployed. Even with comprehensive processes in place, problems can still occur. Therefore, ongoing performance monitoring is essential. This should include both technical and DEX monitoring, where possible.
The Automation Solution
This blog has highlighted the main challenges that exist in large organisations in keeping software applications up to date. Automation is the solution or partial solution in each of the points highlighted. Our Access Capture product, for example, automates the steps required to repackage, test, and publish applications whenever they are updated. It can even automatically detect when an application has been updated on public repositories such as Chocolatey.
And back to our Benjamin Franklin quote in closing, he made the “death and taxes” comment in relation to the newly created US Constitution. He was making the point that the constitution has “an appearance that promises permanency” but will inevitably change.
In our 21st century adaptation of the famous quote, there is nothing permanent in the application management world. Automation is the only way forward.
