Software Asset Management (SAM) and IT risks

Abstract: The existing literature suggests that organizations have difficulties managing and controlling their software assets. A number of IT risks are often associated with the poor management of these assets. At the same time, firms around the world claim that Software Asset Management (SAM) can be utilized to mitigate the IT risks, but there is no precise study based on the correlation between the two. This presents a distinct problem to researchers and cyber-security practitioners attempting to mitigate IT risks with the help of SAM. This paper addresses this issue by presenting data from a series of interviews with cyber-security practitioners and IT managers. The paper generalizes the empirical findings to make broader theoretical points over the most appropriate usage of SAM against IT risks. The results suggest that whilst well-established methods like SAM remain important in managing software assets, it has a limited capacity to help organizations manage various IT risks.