What's the proper way to mitigate risk of unauthorized Software within your Organization.
Hello -
My name is Mat and we are 2 years into establishing our ITAM governence utilizing FlexeraOne as our Software Asset Discovery tool.
I understand that we have the ability to manually create Applications as unathorized and SKU's can negate an applicaitons profile based on FlexeraOnes AI.
my question is whats the best or proper way to mitiate risk to installed applications utilizing FlexeraOne?
Common practices to monitor and control installations of unauthorized software would include:
Prepare and publicize a clear policy about how your organization details with unauthorized software.
Have a process in place to identify software you consider as "unauthorized". For example, this may be determined based on Flexera One finding installations of applications with particular categories (such as "game"), known security risks, or other domain knowledge. Then set the "Action" status on relevant applications in the ARL to "Unauthorized".
Have a process in place to follow up on any installations of applications with an "Unauthorized" status that Flexera One detects. This will probably involve following up with relevant asset owners with a polite message explaining the situation and what steps should be taken - such as removing the software, applying for an exemption to keep the software installed, or anything else that may be appropriate in your situation.
(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)
A complementary process is to also manage the 'authorized' applications, as this list is potentially a lot smaller than the 'unauthorized' set. Any new application starts with a status of 'Unmanaged' and therefore needs a determination.
