<?xml version="1.0" encoding="UTF-8"?><feed xmlns="http://www.w3.org/2005/Atom" xmlns:thr="http://purl.org/syndication/thread/1.0" xml:lang="en-GB" > <title type="text">Certero</title> <subtitle type="text"></subtitle> <updated>2026-02-25T13:12:55Z</updated> <link rel="alternate" type="text/html" href="https://www.certero.com" /> <id>https://www.certero.com/feed/atom/</id> <link rel="self" type="application/atom+xml" href="https://www.certero.com/feed/atom/" /> <icon>https://www.certero.com/wp-content/uploads/2025/12/faviconc.png</icon> <entry> <author> <name>Scott Massey</name> <uri>https://www.certero.com/</uri> </author> <title type="html"><![CDATA[ITAM & SAM: The foundations of modern cyber security]]></title> <link rel="alternate" type="text/html" href="https://www.certero.com/blog/itam-sam-the-foundations-of-modern-cyber-security/" /> <id>https://www.certero.com/?p=8671</id> <updated>2026-02-18T08:33:54Z</updated> <published>2026-02-03T08:16:00Z</published> <category scheme="https://www.certero.com" term="Cybersecurity" /> <summary type="html"><![CDATA[<p>“What exactly are we trying to protect? And have we covered everything?” ... </p> <p class="read-more-container"><a title="ITAM & SAM: The foundations of modern cyber security" class="read-more button" href="https://www.certero.com/blog/itam-sam-the-foundations-of-modern-cyber-security/#more-8671" aria-label="Read more about ITAM & SAM: The foundations of modern cyber security">Find out more</a></p> <p>The post <a rel="nofollow" href="https://www.certero.com/blog/itam-sam-the-foundations-of-modern-cyber-security/">ITAM & SAM: The foundations of modern cyber security</a> appeared first on <a rel="nofollow" href="https://www.certero.com">Certero</a>.</p> ]]></summary> <content type="html" xml:base="https://www.certero.com/blog/itam-sam-the-foundations-of-modern-cyber-security/"><![CDATA[ <p><em>“What exactly are we trying to protect? And have we covered everything?”</em></p> <p>Those are usually the questions every IT security program starts with.</p> <p>But many organizations can’t answer them confidently. Especially when it comes to asset coverage.</p> <p>That’s because they depend on security tools to detect threats, patch vulnerabilities and block attacks. Then they assume that means the environment is covered.</p> <p>It rarely is, because security tools only protect what they can see.</p> <p>Which explains why <a href="https://newsroom.trendmicro.com/2025-04-29-New-Research-Reveals-Three-Quarters-of-Cybersecurity-Incidents-Occur-Due-to-Unmanaged-Assets" rel="nofollow noopener" target="_blank">one study of 2,000 cybersecurity leaders</a> revealed that 74% have experienced a security problem because of unknown or unmanaged IT assets.</p> <p><a href="https://www.certero.com/itam/">IT Asset Management</a> (ITAM) and <a href="https://www.certero.com/sam/">Software Asset Management</a> (SAM) can fill these visibility gaps and are quickly becoming the base of modern cyber security.</p> <h2 class="wp-block-heading">You can’t secure what you can’t see</h2> <p>Cyber security tools excel at spotting malicious activity, and with new AI technology many can even predict and prevent attacks before they even happen.</p> <p>But they’re limited to what’s “live” in an environment. They don’t have full lifecycle management so it’s possible for devices nearing the end of their use to fall through the gaps.</p> <p>And if you don’t have 100% accurate data over the hardware you have, where it is, which operating systems are still running, or what software is installed, you’ll always have vulnerability.</p> <p>These unknown assets become accidental entry points for attacks. Unknown software becomes an unpatched vulnerability. And unknown devices become an unmanaged risk.</p> <p>This is a big problem. <a href="https://www.deloitte.com/ro/en/our-thinking/it-asset-management-itam-global-survey.html" rel="nofollow noopener" target="_blank">Deloitte’s ITAM Global Survey</a> says that “the lack of cyber security alignment is now considered the greatest concern for ITAM”.</p> <p>Effective ITAM and SAM remove these unknowns, giving security teams the ideal starting point – a clear picture of the whole environment they’re protecting.</p> <h2 class="wp-block-heading">The visibility gaps security tools can’t see</h2> <p>Lack of visibility over your IT estate creates some predictable blind spots that attackers can take advantage of.</p> <h3 class="wp-block-heading">Legacy machines</h3> <p>Old or forgotten IT systems usually fall outside security coverage because no-one knew they needed protection. Imagine a long-abandoned Windows 95 machine sitting in a draw. Security tools would never find it. But ITAM could.</p> <h3 class="wp-block-heading">Mixed OS and hardware</h3> <p>Older Linux servers, unsupported devices or machines with outdated agents slip through the cracks. Security tooling may give a partial view. ITAM surfaces the entire estate.</p> <p>These are the assets attackers look for. They’re unmonitored, unpatched and easy to compromise.</p> <p>To see the potential result, you only need to look at the <a href="https://www.cloudflare.com/en-gb/learning/security/ransomware/wannacry-ransomware/" rel="nofollow noopener" target="_blank">WannaCry attack on the NHS</a> back in 2017, when unknown, unpatched versions of Microsoft Windows created a door for attackers to get through.</p> <h2 class="wp-block-heading">Unsupported, unlicensed software: The hidden security risk</h2> <p>Effective security relies on simple principles:</p> <ul class="wp-block-list"> <li>Use supported software</li> <li>Keep it patched</li> <li>Licence it correctly </li> </ul> <p>Unsupported or unlicensed applications break these rules immediately.</p> <p>Unsupported software doesn’t get security fixes. Unlicensed software bypasses governance entirely.</p> <p><a href="https://www.cirmagazine.com/cir/c2023081703.php" rel="nofollow noopener" target="_blank">S&P Global states</a> that “effective IT asset management is foundational to cyber-risk management” and that gaps in ITAM “can be indicative of flawed cyber-risk processes.”</p> <p>SAM exposes these weaknesses by showing versions, end-of-support dates and whether an application belongs in the digital environment at all. If you don’t have that clarity, you’re always guessing about the security, rather than focusing on actual threats. </p> <h2 class="wp-block-heading">Why zero-day response depends on ITAM and SAM</h2> <p>Zero-day threats emerge suddenly, before security tools can detect or block them. When one appears, the first thing a security team needs to know is:</p> <p>“Where is the vulnerable software installed?”</p> <p>Security tools may not be ready to answer that.</p> <p>But ITAM and SAM have the data.</p> <p>They show exactly which devices run the affected version, so teams can isolate or patch systems immediately.</p> <p>Fast visibility turns a zero-day vulnerability from a crisis into a contained incident.</p> <h2 class="wp-block-heading">Why modern security strategies need ITAM and SAM</h2> <p>Even the best security team can’t protect what they can’t find.</p> <p>No governance rules can work with unsupported, unknown software.</p> <p>And no zero-day response can work if your entire IT estate isn’t visible.</p> <p>ITAM and SAM remove these visibility gaps. They uncover forgotten devices, outdated software, unmanaged assets and show everything on complex estates before they become security incidents.</p> <p>While security teams work to detect threats, ITAM and SAM define exactly what needs protecting.</p> <p>Effective cybersecurity doesn’t start with alerts and patching. It starts with knowing what you own, where it is, what it runs and whether it’s supported. <em>Get a free demo of </em><a href="https://www.certero.com/certerox/"><em>CerteroX</em></a><em> and find out how we can help make your IT estate more secure.</em></p> <p>The post <a rel="nofollow" href="https://www.certero.com/blog/itam-sam-the-foundations-of-modern-cyber-security/">ITAM & SAM: The foundations of modern cyber security</a> appeared first on <a rel="nofollow" href="https://www.certero.com">Certero</a>.</p> ]]></content> </entry> <entry> <author> <name>Scott Massey</name> <uri>https://www.certero.com/</uri> </author> <title type="html"><![CDATA[Security needs visibility: The defense value of ITAM]]></title> <link rel="alternate" type="text/html" href="https://www.certero.com/blog/defense-value-of-itam/" /> <id>https://www.certero.com/?p=8679</id> <updated>2026-02-25T13:12:55Z</updated> <published>2026-01-29T10:49:53Z</published> <category scheme="https://www.certero.com" term="Cybersecurity" /><category scheme="https://www.certero.com" term="ITAM" /> <summary type="html"><![CDATA[<p>You can’t secure what you can’t see. The problem is that seeing ... </p> <p class="read-more-container"><a title="Security needs visibility: The defense value of ITAM" class="read-more button" href="https://www.certero.com/blog/defense-value-of-itam/#more-8679" aria-label="Read more about Security needs visibility: The defense value of ITAM">Find out more</a></p> <p>The post <a rel="nofollow" href="https://www.certero.com/blog/defense-value-of-itam/">Security needs visibility: The defense value of ITAM</a> appeared first on <a rel="nofollow" href="https://www.certero.com">Certero</a>.</p> ]]></summary> <content type="html" xml:base="https://www.certero.com/blog/defense-value-of-itam/"><![CDATA[ <p>You can’t secure what you can’t see.</p> <p>The problem is that seeing your entire digital estate is becoming more difficult. More tools, platforms, framework and vendors are being added all the time.</p> <p>And those are just the ones you know about. It’s not even considering that between 30% and 40% of <a href="https://www.cio.com/article/234745/how-to-eliminate-enterprise-shadow-it.html" rel="nofollow noopener" target="_blank">IT spend in enterprise businesses goes on shadow IT</a>, or that more than 40% of businesses think <a href="https://www.gartner.com/peer-community/poll/shadow-it-it-getting-better-worse-at-org" rel="nofollow noopener" target="_blank">shadow IT is becoming a bigger problem</a>.</p> <p>That’s why <a href="https://www.certero.com/itam/">IT Asset Management</a> (ITAM) is such a big part of your cyber defense. It gives security teams a trusted, real-time view of what’s in your IT estate, what’s at risk and what needs fixing as a priority.</p> <h2 class="wp-block-heading">ITAM can show you where everything is</h2> <p>IT security teams want fewer unknowns. Unknowns are where risks come from.</p> <p>Nearly <a href="https://securitybrief.co.uk/story/nearly-half-of-uk-firms-hit-by-breaches-from-unmanaged-devices" rel="nofollow noopener" target="_blank">half of organizations that suffered a security breach</a> traced it back to unmanaged devices in one study.</p> <p>Any lack of visibility means you can’t know if governance and security protections are in place, leading to a potentially unknown and unguarded attack surface for cyber criminals to exploit.</p> <p>ITAM knows exactly what’s out there. But with no single source of truth, there’s a risk the data stays separate.</p> <p>If this happens, visibility breaks down, machines get missed, devices go unpatched and servers stay online with no owner or support plan.</p> <p>This is how threats creep in.</p> <p>Imagine an enterprise business with more than 5,000 devices. If even 1% of those devices aren’t visible, it’s 50 extra opportunities for cyber criminals to find a way into your systems.</p> <h2 class="wp-block-heading">Your asset data is a clear line of defense</h2> <p>Most breaches aren’t because of zero-day exploits.</p> <p>They usually happen because of old machines, forgotten or unmanaged software and misconfigured endpoints.</p> <p>These are all things a solid ITAM platform can expose.</p> <p>Effective ITAM provides full visibility, showing you what’s running on your IT estate, where it is, who’s responsible for it and if it’s up-to-date.</p> <p>This is what security teams need to act fast.</p> <p>Think back to the <a href="https://www.ncsc.gov.uk/information/log4j-vulnerability-what-everyone-needs-to-know" rel="nofollow noopener" target="_blank">Log4shell incident in 2021</a>.</p> <p>This was a critical vulnerability in a popular logging tool Log4j, used by millions of computers (including those used by organizations and governments) running online services.</p> <p>When the vulnerability was identified, the National Cyber Security Centre gave the following advice:</p> <p>“The best thing you can do to protect yourself is <a href="https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/install-the-latest-software-and-app-updates" rel="nofollow noopener" target="_blank">make sure your devices and apps are as up to date as possible</a> and continue to update them regularly, particularly over the next few weeks.”</p> <p>The only way you could do this properly would be to have full visibility of all your devices, which ITAM provides. With a visibility gap, there’d have always been a risk you wouldn’t find every device, and have a potential security breach waiting to happen.</p> <h2 class="wp-block-heading">Respond faster, and prove you’re in control</h2> <p>Security and governance rules don’t just require you to block threats, now you also have to prove you’re in control if something does go wrong.</p> <p><a href="https://gdpr-info.eu/art-28-gdpr/" rel="nofollow noopener" target="_blank">GDPR</a>, for example, requires full audit trails of steps taken or actions completed to prevent attacks.</p> <p>Any gaps in this information mean you risk falling below compliance standards which, for GDPR, can result in fines of up to £8.7m or 2% of global annual turnover (whichever is higher) for lower-tier breaches.</p> <p>For higher-tier breaches, fines can reach up to £17.5m or 4% of global annual turnover (again, whichever is highest).</p> <p>ITAM gives you accurate and accessible asset data that lets you act fast in the event of a breach, but also makes it easier to document what’s been done and what data you have, with no gaps.</p> <p>Considering that auditors often expect 95% visibility as a baseline, this is critical. </p> <p>Below that, confidence in your data drops, and compliance becomes a lot harder.</p> <h2 class="wp-block-heading">Shared data is better than more tools</h2> <p>The answer to better security and compliance isn’t always more software.</p> <p>Security stacks are usually crowded enough.</p> <p>What you need is better integration between the tools you already have.</p> <p>When ITAM data flows into CMDBs, SIEM dashboards and vulnerability management platforms, it gives everyone the same accurate picture of what’s live, what’s exposed and what needs urgent attention.</p> <p>Imagine a global retailer with its asset inventory linked to the relevant tools. Their security team could instantly cross-reference patch levels, ownership details and warranty status with threat data from one screen.</p> <p>If a zero-day alert came in, they’d instantly have a verified list of affected machines so they could act quickly.</p> <p>So it’s a worry that 43% of IT pros say they still <a href="https://www.prnewswire.com/news-releases/survey-shows-43-of-it-professionals-still-track-it-assets-in-spreadsheets-301003500.html" rel="nofollow noopener" target="_blank">track assets in spreadsheets</a>.</p> <h2 class="wp-block-heading">Improving security starts with visibility</h2> <p>You can buy all the security software you want, but if you don’t have visibility over what needs protecting, you’re always going to have gaps and risks.</p> <p>Many of the leading security tools do, generally, have good discovery capability to find gaps and interrogate networks. But they’re never perfect, so having a safety net in place to catch anomalies is essential.</p> <p>If something happens, you want to know quickly what’s affected and how to fix it, without digging through old files and spreadsheets.</p> <p>Even if ITAM doesn’t naturally sit under the banner of security, this is what it can help with.</p> <p>Improving your security starts with improving visibility. And this is what ITAM provides.</p> <p><strong>Book a </strong><a href="https://www.certero.com/contact-us/"><strong>free demo of Certero’s ITAM platform</strong></a><strong> and see how we can help you improve visibility, control and security across your entire digital estate</strong></p> <p>The post <a rel="nofollow" href="https://www.certero.com/blog/defense-value-of-itam/">Security needs visibility: The defense value of ITAM</a> appeared first on <a rel="nofollow" href="https://www.certero.com">Certero</a>.</p> ]]></content> </entry> <entry> <author> <name>Scott Massey</name> <uri>https://www.certero.com/</uri> </author> <title type="html"><![CDATA[Changing ITAM from a tick-box job to business enabler]]></title> <link rel="alternate" type="text/html" href="https://www.certero.com/blog/changing-itam-from-a-tick-box-job-to-business-enabler/" /> <id>https://www.certero.com/?p=8675</id> <updated>2026-01-14T11:46:24Z</updated> <published>2026-01-26T09:34:00Z</published> <category scheme="https://www.certero.com" term="ITAM" /> <summary type="html"><![CDATA[<p>There are always jobs that get done because people think they “just ... </p> <p class="read-more-container"><a title="Changing ITAM from a tick-box job to business enabler" class="read-more button" href="https://www.certero.com/blog/changing-itam-from-a-tick-box-job-to-business-enabler/#more-8675" aria-label="Read more about Changing ITAM from a tick-box job to business enabler">Find out more</a></p> <p>The post <a rel="nofollow" href="https://www.certero.com/blog/changing-itam-from-a-tick-box-job-to-business-enabler/">Changing ITAM from a tick-box job to business enabler</a> appeared first on <a rel="nofollow" href="https://www.certero.com">Certero</a>.</p> ]]></summary> <content type="html" xml:base="https://www.certero.com/blog/changing-itam-from-a-tick-box-job-to-business-enabler/"><![CDATA[ <p>There are always jobs that get done because people think they “just have to be done”.</p> <p><a href="https://www.certero.com/itam/">IT asset management</a> has often been treated as one of these jobs. Nothing more than admin work that was done because a policy said so, or an audit required it.</p> <p>This doesn’t work anymore. SaaS and Cloud have erupted across businesses of all kinds. Coupled with remote work, tighter security demands and constant pressure to control IT spend, you can’t afford to manage assets reactively.</p> <p>If any part of your digital estate isn’t visible, you risk higher costs, increased security and governance risks, and decisions are made on poor data (or assumptions) rather than fact.</p> <h2 class="wp-block-heading">ITAM has outgrown its old responsibilities</h2> <p>The evolution of ITAM has seen it grow from something that used to be about counting devices and managing licenses. Now it provides a complete view of your entire digital estate, including oversight of SaaS and Cloud resources.</p> <p>As the way we worked changed, visibility and clarity went from convenience to essential.</p> <p>Security teams need to know which devices are patched and which aren’t across complex estates.</p> <p>Service desk teams need accurate information to support users in multiple locations and geographies.</p> <p>Finance teams need predictable hardware and software refresh plans, instead of last-minute, unexpected spending.</p> <p>ITAM has a role in supporting every team. It’s not something you now “do because you have to”.</p> <p>It’s something you do to retain complete visibility and control of your entire IT infrastructure.</p> <h2 class="wp-block-heading">Is your ITAM philosophy holding you back?</h2> <p>About <a href="https://www.ivanti.com/resources/library?eol=rl" rel="nofollow noopener" target="_blank">43% of businesses still use spreadsheets</a> to track IT assets.</p> <p>The result of trying to track assets manually is always predictable. It’s assumed the data is up-to-date, devices get lost, unused hardware is unaccounted for.</p> <p>Then your security doesn’t know the full attack surface of your business. And IT and finance teams approve new purchases based on incorrect information.</p> <p>You make your business less secure and waste money.</p> <p>And the visibility gap and disconnected IT tools can grow quickly, especially in large businesses. The problem is, once you can’t trust the data you have, your digital estate drifts with no control. And the cost of putting things right increases.</p> <h2 class="wp-block-heading">Using ITAM to get actual insights</h2> <p>Using modern ITAM platforms gives you clear, accurate information about what’s going on in your IT estate. It can tell you:</p> <ul class="wp-block-list"> <li>What devices exist</li> <li>Where they are</li> <li>Who uses them</li> <li>If they’re secure</li> </ul> <p>It gives IT and FinOps teams reliable lifecycle data that helps teams spot ageing devices early, extend the life of equipment that still works, and ensure you’re only spending money on new equipment when absolutely necessary.</p> <p>This information can also help plan hardware and software refresh cycles and avoid the emergency purchases that happen when you don’t have accurate visibility.</p> <p>Eventually, ITAM stops being a reactive function and becomes a proactive element of IT planning that tells you what’s happening on your estate in real-time, with the data you need to accurately forecast future use.</p> <h2 class="wp-block-heading">ITAM’s financial case</h2> <p>For large businesses, one of the biggest benefits of effective IT asset management is it finds significant cost savings.</p> <p>It’s thought businesses <a href="https://www.npifinancial.com/blog/understanding-saas-spend-management-best-practices-strategies" rel="nofollow noopener" target="_blank">waste as much as 30% of their IT spend</a> on unused and underutilized SaaS subscriptions alone, according to one Gartner study.</p> <p>By giving reliable information about your hardware and software usage or spend, you can avoid reactive spending and unnecessary purchases.</p> <p>The most basic way ITAM supports budgeting and forecasting is that you can recover hardware you didn’t know existed, so would have spent money replacing it.</p> <p>You can adjust or rightsize software licenses based on real usage rather than guessing.</p> <p>Even large-scale refresh cycles, for example, preparing for Windows 11, are controlled because your ITAM system shows you exactly which devices are compatible, and which you’ll need to replace.</p> <p>Preparing for audits also becomes much faster and less costly when you can see everything on your IT estate and know you can trust the data you’re using.</p> <p>This is where ITAM gets you a return. It’s not about counting and inventorying your assets, it’s about helping you cut waste by showing you exactly what’s out there and how it’s used (or not).</p> <h2 class="wp-block-heading">Where does ITAM help in your business?</h2> <figure class="wp-block-image size-large is-resized"><picture class="wp-picture-8676" style="display: contents;"><source type="image/avif" srcset="https://www.certero.com/wp-content/uploads/2026/01/Where-ITAM-fits-into-your-business-1024x683-png.avif 1024w, https://www.certero.com/wp-content/uploads/2026/01/Where-ITAM-fits-into-your-business-300x200-png.avif 300w, https://www.certero.com/wp-content/uploads/2026/01/Where-ITAM-fits-into-your-business-768x512-png.avif 768w, https://www.certero.com/wp-content/uploads/2026/01/Where-ITAM-fits-into-your-business-png.avif 1536w" sizes="(max-width: 1024px) 100vw, 1024px"><img fetchpriority="high" decoding="async" width="1024" height="683" src="https://www.certero.com/wp-content/uploads/2026/01/Where-ITAM-fits-into-your-business-1024x683.png" alt="Where ITAM fits into your business" class="wp-image-8676" style="width:804px;height:auto" srcset="https://www.certero.com/wp-content/uploads/2026/01/Where-ITAM-fits-into-your-business-1024x683.png 1024w, https://www.certero.com/wp-content/uploads/2026/01/Where-ITAM-fits-into-your-business-300x200.png 300w, https://www.certero.com/wp-content/uploads/2026/01/Where-ITAM-fits-into-your-business-768x512.png 768w, https://www.certero.com/wp-content/uploads/2026/01/Where-ITAM-fits-into-your-business.png 1536w" sizes="(max-width: 1024px) 100vw, 1024px" /></picture></figure> <h3 class="wp-block-heading">Finance</h3> <p>Accurate lifecycle and ownership data for your hardware assets help make capital planning predictable.</p> <p>Rather than having sudden spikes in spend, IT and FinOps are working to a clear refresh schedule based on accurate data. Without the data, assets can often be used beyond their recommended lifecycle, driving up costs and reducing efficiency.</p> <p>It’s estimated that refreshing a computer every three years can reduce the <a href="https://thefintechtimes.com/costs-of-ageing-it-equipment/" rel="nofollow noopener" target="_blank">total cost of ownership by around 24%</a>, compared to using it twice as long, according to one study.</p> <p>These extra costs come from additional maintenance and support costs rising every year when a device is used for longer.</p> <p>The support costs can rise by about 12.9% between the third and sixth year of additional use, according to the same study as reported in The FinTech Times.</p> <h3 class="wp-block-heading">Security</h3> <p>Nearly <a href="https://securitybrief.co.uk/story/nearly-half-of-uk-firms-hit-by-breaches-from-unmanaged-devices" rel="nofollow noopener" target="_blank">half of UK firms have been hit by a security breach</a> as a result of unmanaged devices.</p> <p>Unknown or unmanaged devices are one of the most common openings for attackers.</p> <p>This was demonstrated again in the <a href="https://www.england.nhs.uk/long-read/case-study-wannacry-attack/" rel="nofollow noopener" target="_blank">WannaCry attack against the NHS in 2017</a> when attackers took advantage of unpatched devices.</p> <p>Without proper visibility of your IT estate, there’s no way to be fully confident that you’re fully secure from threats.</p> <h3 class="wp-block-heading">Procurement</h3> <p>We’ve already mentioned that businesses waste around 30% of their IT spend on unneeded SaaS.</p> <p>With no visibility of what’s on your digital estate, it’s easy to end up buying duplicate platforms or renewing tools and systems you don’t need.</p> <p>It’s also impossible to identify any elements of Shadow IT that may be added to your estate.</p> <p>You’re also in a weaker position when it comes to renegotiating contracts if you have no real data about how platforms or assets are being used.</p> <p>With effective ITAM, renewals are based on what you’re actually using, and you can negotiate from a stronger position.</p> <h3 class="wp-block-heading">Service Desk and IT Operations</h3> <p>Having accurate device information can reduce service ticket times, reduce delays and support major IT changes like OS upgrades or hardware transitions.</p> <p>For example, imagine someone comes to support because their laptop is running slow.</p> <p>With a mature ITAM system in place your support team has immediate access to information like who owns the asset, the device model, age, OS or specs, any installed software, warranty status and last known issues.</p> <p>Using this information, integrated into your ITSM tool, your support team could instantly report something like:</p> <blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow"> <p>“The laptop is six years old, has 4GB of RAM and is out of warranty. It’s had seven performance tickets in the last four months and is below the company’s minimum spec standard.”</p> </blockquote> <p>With this information it’s much easier for your support team to see that the equipment is below your standard and out of warranty, and can log a replacement request for a new laptop.</p> <p>You can imagine in large organizations how many of these requests support teams get daily, and how much easier having the correct information can make everything.</p> <h2 class="wp-block-heading">Turning ITAM into a strategic function</h2> <p>ITAM supports everything from planning and risk management to financial control.</p> <p>With strong ITAM in place you can reduce waste, strengthen security, increase forecasting accuracy and avoid hidden costs from shadow IT.</p> <p>By treating ITAM like a strategic function and not a tick box exercise, you give your teams the clarity they need to effectively manage your IT estate today, and forecast accurately for the future.</p> <p>The post <a rel="nofollow" href="https://www.certero.com/blog/changing-itam-from-a-tick-box-job-to-business-enabler/">Changing ITAM from a tick-box job to business enabler</a> appeared first on <a rel="nofollow" href="https://www.certero.com">Certero</a>.</p> ]]></content> </entry> <entry> <author> <name>Scott Massey</name> <uri>https://www.certero.com/</uri> </author> <title type="html"><![CDATA[Shadow AI: Finding the opportunities & reducing the risks]]></title> <link rel="alternate" type="text/html" href="https://www.certero.com/blog/shadow-ai/" /> <id>https://www.certero.com/?p=8691</id> <updated>2026-02-04T08:25:45Z</updated> <published>2026-01-23T09:49:00Z</published> <category scheme="https://www.certero.com" term="AI" /> <summary type="html"><![CDATA[<p>Nearly 90% of AI usage in enterprise level businesses globally goes under ... </p> <p class="read-more-container"><a title="Shadow AI: Finding the opportunities & reducing the risks" class="read-more button" href="https://www.certero.com/blog/shadow-ai/#more-8691" aria-label="Read more about Shadow AI: Finding the opportunities & reducing the risks">Find out more</a></p> <p>The post <a rel="nofollow" href="https://www.certero.com/blog/shadow-ai/">Shadow AI: Finding the opportunities & reducing the risks</a> appeared first on <a rel="nofollow" href="https://www.certero.com">Certero</a>.</p> ]]></summary> <content type="html" xml:base="https://www.certero.com/blog/shadow-ai/"><![CDATA[ <p>Nearly 90% of AI usage in enterprise level businesses globally goes under the radar of IT teams, according to <a href="https://go.layerxsecurity.com/enterprise-genai-security-report-2025?_gl=1*xpr19d*_gcl_au*ODQ0NDk2NDg5LjE3Njg0ODIzNzg." rel="nofollow noopener" target="_blank">the latest research</a>.</p> <p>Which is quite worrying when you consider more than a third (38%) of employees who use AI for work <a href="https://www.scworld.com/news/38-of-ai-using-employees-admit-to-sending-sensitive-work-data" rel="nofollow noopener" target="_blank">admit to sharing sensitive data with AI apps</a> without their employer’s knowledge or consent.</p> <p>With Shadow AI increasing, mostly with the use of consumer “generative” AI apps like ChatGPT and Claude, businesses are at a crossroads when it comes to taking advantage of one of the most disruptive technologies we’ve seen, and putting sensitive data at risk.</p> <h2 class="wp-block-heading">What is Shadow AI?</h2> <p>Shadow AI is any application used without the knowledge of IT that carries some element of artificial intelligence.</p> <p>You’ll most likely think of ChatGPT and those types of apps, but it could be anything that uses AI in any way, from CRM platforms that use AI to interrogate customer interactions, to service desks, to meeting recording tools that produce AI generated transcripts or notes.</p> <p>And Shadow AI is on the rise at a rapid pace.</p> <p>In the UK alone, <a href="https://ukstories.microsoft.com/features/rise-in-shadow-ai-tools-raising-security-concerns-for-uk/" rel="nofollow noopener" target="_blank">71% of employees admit to using unapproved AI</a> tools at work, more than half admit to using these tools at least once a week, according to research by Microsoft.</p> <h2 class="wp-block-heading">Shadow AI vs Shadow IT</h2> <figure class="wp-block-table"><table class="has-fixed-layout"><tbody><tr><td></td><td><strong>Shadow IT</strong></td><td><strong>Shadow AI</strong></td></tr><tr><td><strong>What it is</strong></td><td>Use of unauthorized software, hardware, or systems outside IT approval</td><td>Use of unauthorized AI tools or models without organizational approval</td></tr><tr><td><strong>What’s being used</strong></td><td>Apps, SaaS tools, cloud storage, devices</td><td>AI chatbots, image generators, code assistants, AI automations</td></tr><tr><td><strong>Typical examples</strong></td><td>Dropbox, Google Drive, Trello, personal VPNs</td><td>ChatGPT, Claude, Midjourney, GitHub Copilot (used without approval)</td></tr><tr><td><strong>Who usually adopts it</strong></td><td>Employees trying to work faster or bypass slow IT processes</td><td>Employees trying to speed up thinking, writing, coding, analysis</td></tr><tr><td><strong>Primary motivation</strong></td><td>Productivity and convenience</td><td>Productivity, creativity, decision support</td></tr><tr><td><strong>Data risk</strong></td><td>Data stored outside approved systems</td><td>Data <em>processed</em> or <em>trained on</em> by external AI models</td></tr><tr><td><strong>Security concerns</strong></td><td>Data leakage, compliance violations, lack of access control</td><td>Data leakage, model training on sensitive data, hallucinations</td></tr><tr><td><strong>Compliance impact</strong></td><td>GDPR, ISO, SOC, internal IT policy breaches</td><td>GDPR, IP ownership issues, AI governance and auditability</td></tr><tr><td><strong>Visibility to IT</strong></td><td>Sometimes detectable via network or app usage</td><td>Much harder to detect (browser-based, personal accounts)</td></tr><tr><td><strong>Speed of adoption</strong></td><td>Gradual</td><td>Explosive</td></tr><tr><td><strong>Control difficulty</strong></td><td>Medium</td><td>High</td></tr><tr><td><strong>Potential harm</strong></td><td>Loss or exposure of data</td><td>Loss of data <em>and</em> flawed decisions based on AI output</td></tr><tr><td><strong>Business risk level</strong></td><td>Moderate to high</td><td>High to critical (depending on use case)</td></tr><tr><td><strong>Typical organizational response</strong></td><td>Blocking tools, introducing approved alternatives</td><td>Creating AI policies, approved AI stacks, usage guidelines</td></tr></tbody></table></figure> <p>The difference between Shadow AI and Shadow IT is that IT is any asset being used on your hybrid digital estate that you don’t know about. It could be hardware, or it could be software.</p> <p>Shadow AI is specifically related to any application that is fully AI (or has an element of AI involved).</p> <p>Arguably, Shadow AI is more dangerous to your business.</p> <p>Unlike general IT, Shadow AI actively uses sensitive data, can retain and reuse that data unpredictably to train models, and lacks any transparency to audit how information is used.</p> <h2 class="wp-block-heading">Why does Shadow AI happen?</h2> <p>It sounds sinister. But Shadow AI rarely starts off with malice in mind.</p> <p>Usually it’s because employees see tools that can make their life easier (and there are a lot of them around now), but don’t want to go through lengthy approval processes or sign offs.</p> <p>So they just dive in and download free to use versions of applications to test them. </p> <p>Sometimes departments or teams might put some spend into tools they think can be useful.</p> <p>It could just be a salesperson downloading a recording tool for sales calls. Marketing using ChatGPT to create buyer personas. Or legal teams passing documents through AI or for doing research.</p> <p>Very rarely, if ever, is it with the intent to cause harm to a business.</p> <p>It could be seen as a good thing (employees looking for innovative ways to work) if it didn’t create a ton of potential risks.</p> <h2 class="wp-block-heading">What are the risks of Shadow AI?</h2> <p>One of the reasons Shadow AI is potentially more dangerous than Shadow IT (sounds the same, but isn’t) is because no-one is exactly clear on how the data being put into AI is stored or used.</p> <p>This is largely because there is no standard “common practice” for processing personal data, which means every AI tool could potentially process information in different ways.</p> <p>It’s also not clear where this information goes once you’ve put it into the app.</p> <p>This is already attracting attention from regulators, who are quickly trying to issue guidance on how to use potentially sensitive data with AI.</p> <p>The <a href="https://ico.org.uk/for-organizations/uk-gdpr-guidance-and-resources/artificial-intelligence/guidance-on-ai-and-data-protection/how-should-we-assess-security-and-data-minimisation-in-ai/" rel="nofollow noopener" target="_blank">Information Commission</a> is among those to warn about putting sensitive business or personal data into AI systems.</p> <blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow"> <p>AI systems introduce new kinds of complexity not found in more traditional IT systems that you may be used to using. Depending on the circumstances, your use of AI systems is also likely to rely heavily on third party code relationships with suppliers, or both.</p> <p>Information Commission</p> </blockquote> <p>When it comes to the risks of Shadow AI, there are lots of things to think about:</p> <ul class="wp-block-list"> <li><strong>Data privacy and regulation</strong></li> </ul> <p>Definitely one of the biggest risks of Shadow AI is the potential for sensitive information to be breached or leaked, or the potential for security breaches to impact wider IT systems through the app.</p> <p>When it comes to sensitive data getting out in the open, we’ve already seen this happen.</p> <p>Back in August 2025, <a href="https://searchengineland.com/chatgpt-kills-google-indexable-chats-459874" rel="nofollow noopener" target="_blank">OpenAI had to remove a public sharing feature from ChatGPT</a> after chats shared with the feature started appearing in Google search results.</p> <p>At the time OpenAI said the feature “introduced too many opportunities for folks to accidentally share things they didn’t intend to”.</p> <p>Imagine if sensitive commercial or personal information was included in these chats that suddenly could be found by anyone.</p> <p>And considering regulations like GDPR, and the possible fines for breaching the rules, you can see why Shadow AI is a risk.</p> <ul class="wp-block-list"> <li><strong>Reputation damage</strong></li> </ul> <p>A knock on effect of the point above of the potential reputational damage you’d face if it came out you’d entered sensitive data into an AI tool without permission.</p> <p>It would be even worse if that information then found its way into the public domain.</p> <p>You have to ask how much trust you would lose with your customers if this happened.</p> <p>How much would you trust a business that used your data like this?</p> <ul class="wp-block-list"> <li><strong>Lack of visibility</strong></li> </ul> <p>More than 81% of businesses say they <a href="https://www.businesswire.com/news/home/20251105110078/en/Report-Shadow-AI-Crisis-Looms-as-100-of-Companies-Have-AI-Generated-Code-But-81-of-Security-Teams-Lack-Visibility" rel="nofollow noopener" target="_blank">lack visibility of AI usage</a>, 65% say they recognize an increased security risk related to AI.</p> <p>Not understanding what tools are in use, how they’re being used and how much they potentially cost is a similar problem to Shadow IT.</p> <p>With no visibility there’s no way you can effectively manage or govern AI tools, possibly creating productivity problems and unpredictable costs.</p> <p>The added layer of visibility problems with AI is a lack of visibility of what these tools are doing with your data.</p> <p>Under rules like GDPR, businesses have a responsibility to create transparent audit trails of how information or data is collected, stored and used.</p> <p>As a business you have an obligation to minimize how data is used, and give users the right to have their information erased if they ask. But by submitting this information into an AI tool, you immediately lose the ability to comply with these rules.</p> <p>It’s hard enough complying with data regulations with no visibility of “general IT” systems. It’s impossible when you have no oversight of AI tools, and don’t understand how the tool is treating your data.</p> <ul class="wp-block-list"> <li><strong>Increase attack landscape</strong></li> </ul> <p>Shadow IT extends the attack surface of your business.</p> <p>But with Shadow AI additional risks are created because employees are actively moving company or personal data into systems that you don’t control, can’t see and can’t secure.</p> <p>A marketing manager pasting a customer list into Claude or ChatGPT, or a developer pasting source code into Copilot is bypassing your enterprise security, and you’d never know it.</p> <p>There’s not even an audit trail. And new risks are created whenever data is added to an AI tool.</p> <p>Think about it like this. When a SaaS tool is compromised, you get notified of a potential breach, you’ve got a contract to refer to and you know what data is being stored in the tool.</p> <p>With Shadow AI you have none of that. You didn’t know the tool existed, you don’t know what data was uploaded because there’s no audit trail, you have no way of knowing for certain what data has been compromised, and you have no proof of compliance.</p> <p>All within an attack surface that’s growing at pace.</p> <h2 class="wp-block-heading">How to manage the risks of Shadow AI</h2> <p>Managing the risks of Shadow AI has the same fundamentals as managing any Shadow IT in your business.</p> <ol class="wp-block-list"> <li><strong>Get on top of what tools are being used</strong></li> </ol> <p>You can’t manage what you can’t see, so the first step in getting control of AI tools is getting visibility of what’s in use.</p> <p>The easiest way to do this is to use a solution like CerteroX, which provides an accurate view of your entire hybrid IT estate, including Shadow AI and IT.</p> <p>By putting all your tools in one place, you can at least start to get an idea of the scale of your Shadow AI landscape and create a plan to manage it.</p> <ol start="2" class="wp-block-list"> <li><strong>Understand how they’re being used </strong></li> </ol> <p>One mistake you can make with managing Shadow AI is blanket banning everything.</p> <p>This misses the opportunity to find tools your teams are using that actually have a benefit to your business.</p> <p>Once you’ve identified what’s being used, take some time to understand how people or teams are using these platforms.</p> <p>There could be duplicate tools in use that could be consolidated in a more effective way and then officially adopted and rolled out.</p> <p>There could be genuine productivity and commercial benefits to some tools that you just need to set guidelines around (like access or data use, for example).</p> <p>The point is, look for the opportunities in your Shadow AI estate instead of just assuming everything being used is bad.</p> <ol start="3" class="wp-block-list"> <li><strong>Set an allowed and unallowed list</strong></li> </ol> <p>While you might not want to just ban every AI tool, you’ll want to keep some control over what’s being used.</p> <p>With the information you have on how tools are being used (and a better understanding of how they work) you can put together an authorized and unauthorized list of AI tools.</p> <p>Admittedly this is difficult because it’s still early in understanding how AI tools work, which is why you want to get more control of tools rather than just banning them.</p> <p>Look at how tools match up to your own compliance standards and what level of control you might need to create in order to match that compliance going forward.</p> <p>For example, an AI tool might help with productivity, but you need to restrict what type of information can be put into it.</p> <p>This isn’t just a one off practice.</p> <p>You should continually review your AI estate – uncovering new Shadow AI as you go – to ensure what’s being used is controlled and adding benefits, rather than creating risk.</p> <h2 class="wp-block-heading">Managing innovation vs Shadow AI risk</h2> <p>There is an element of risk vs reward with Shadow AI.</p> <p>With any fast moving technology there’s an element of unknown. </p> <p>And AI is such a new and changing technology that it’s difficult to stay on top of how tools work, how they handle data and what potential risks they can introduce.</p> <p>On the other hand, if used properly, with an element of control, they have the potential to transform processes and improve productivity massively in any organization.</p> <p>However you choose to handle AI in your business, the most important thing is having a clear picture of what’s in use, and how it’s being used so you can protect your business without limiting innovation.</p> <p>Get a <a href="https://www.certero.com/contact-us/">free demo of CerteroX</a> and see how it can help you remove the mystery of Shadow AI so you can get the benefits without the risks.</p> <p>The post <a rel="nofollow" href="https://www.certero.com/blog/shadow-ai/">Shadow AI: Finding the opportunities & reducing the risks</a> appeared first on <a rel="nofollow" href="https://www.certero.com">Certero</a>.</p> ]]></content> </entry> <entry> <author> <name>Scott Massey</name> <uri>https://www.certero.com/</uri> </author> <title type="html"><![CDATA[ITAM meets FinOps: Bridging on-prem and cloud hybrid cost management]]></title> <link rel="alternate" type="text/html" href="https://www.certero.com/blog/itam-meets-finops/" /> <id>https://www.certero.com/?p=8667</id> <updated>2026-02-05T11:40:48Z</updated> <published>2026-01-20T09:43:00Z</published> <category scheme="https://www.certero.com" term="FinOps" /><category scheme="https://www.certero.com" term="ITAM" /> <summary type="html"><![CDATA[<p>Worldwide public cloud spending is expected to hit $723.4bn this year, according ... </p> <p class="read-more-container"><a title="ITAM meets FinOps: Bridging on-prem and cloud hybrid cost management" class="read-more button" href="https://www.certero.com/blog/itam-meets-finops/#more-8667" aria-label="Read more about ITAM meets FinOps: Bridging on-prem and cloud hybrid cost management">Find out more</a></p> <p>The post <a rel="nofollow" href="https://www.certero.com/blog/itam-meets-finops/">ITAM meets FinOps: Bridging on-prem and cloud hybrid cost management</a> appeared first on <a rel="nofollow" href="https://www.certero.com">Certero</a>.</p> ]]></summary> <content type="html" xml:base="https://www.certero.com/blog/itam-meets-finops/"><![CDATA[ <p>Worldwide public <a href="https://www.gartner.com/en/newsroom/press-releases/2024-11-19-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-total-723-billion-dollars-in-2025" rel="nofollow noopener" target="_blank">cloud spending is expected to hit $723.4bn this year</a>, according to Gartner, up from $595.7bn in 2024.</p> <p>As cloud usage grows, keeping spend under control has become one of the hardest jobs in IT. Many organizations turn to FinOps to bring visibility and discipline to cloud costs. It helps teams understand where money is being spent, and why.</p> <p>But FinOps was never meant to work in isolation.</p> <p>Most enterprises now run hybrid environments, where public cloud and on-premise infrastructure coexist. In these models, cloud costs are shaped by on-prem decisions.</p> <p>From licensing and hardware lifecycles, to where workloads run.</p> <p>This is where IT Asset Management becomes critical. Historically focused on data centers and on-premise estates, ITAM now provides the infrastructure visibility FinOps needs to manage hybrid costs effectively.</p> <p>As hybrid becomes the norm, FinOps is increasingly drawing on on-premise and data center ITAM, not as a parallel function, but as a necessary input to cost control.</p> <h2 class="wp-block-heading"><strong>FinOps began in the cloud. Then hit its limits.</strong></h2> <p>The FinOps framework came from a few recurring problems. The lack of centralized IT control over IT infrastructure meant there was no visibility over which department or team should be paying for what assets, which made costs uncontrolled and unpredictable.</p> <p>Costs would jump unexpectedly, without warning, with workloads scaling faster than finance teams could track.</p> <p>And leadership would spend too much time trying to reconcile spend with cost drivers.</p> <p>This led to nearly half of businesses saying they <a href="https://www.cloudcomputing-news.net/news/almost-half-of-businesses-struggle-to-control-cloud-costs/" rel="nofollow noopener" target="_blank">struggle to stay in control of cloud</a> costs.</p> <p>FinOps has brought financial maturity and accountability to a wild and expensive business problem and helped create stakeholder accountability for resources. But there are still problems when it comes to on-premise visibility and observability.</p> <p>And this comes down to accurate data.</p> <p>In FinOps, ITAM is often called the “allied persona” because it’s who provides the data needed for FinOps to be effective.</p> <p>The problem many businesses have is that the ITAM persona doesn’t have the accurate data to give to FinOps because of inadequate ITAM tooling.</p> <p>This leaves a flaw in FinOps.</p> <p>Without the accurate data, FinOps has no oversight of where workloads go, and who in the business should be charged for them.</p> <p>And without this, there’s no way to create true cost accountability.</p> <h2 class="wp-block-heading"><strong>Where ITAM fills the visibility gaps</strong></h2> <p>Where FinOps struggles is where ITAM steps in by creating visibility across the physical, virtual and licensed infrastructure that underpins hybrid environments.</p> <p>ITAM helps teams understand:</p> <ul class="wp-block-list"> <li>What infrastructure and software assets exist on-premise and Cloud</li> <li>How those assets are allocated to platforms, environments, and services</li> <li>What licenses are deployed, entitled and at risk</li> <li>The lifecycle state, support status and renewal timelines of assets</li> </ul> <p>IT asset management brings clarity to the parts of your digital estate FinOps doesn’t reach.</p> <p>Where FinOps brings you financial understanding. ITAM brings asset understanding.</p> <p>Separately, you get part of the picture. Together, they create the full picture that most teams lack.</p> <p>This is something we’re already seeing. </p> <p>FinOps is pulling SAM into scope as cloud-first licensing models collide with on-premise realities, from SaaS and Shadow IT outside procurement, to BYOL decisions and the true cost of running data centers vs cloud infrastructure.</p> <h2 class="wp-block-heading"><strong>Cloud waste and hardware waste behave the same way</strong></h2> <p>While they look different, cloud and hardware waste follow the same pattern.</p> <p>Unused cloud instances and unused laptops waste spend.</p> <p>Over-provisioned services and over-spec’d machines increase budgets unnecessarily.</p> <p>And untracked cloud services, and untracked hardware both create security and governance risks.</p> <p>Waste is a significant problem, with around <a href="https://www.techuk.org/resource/finops-the-art-and-science-of-cloud-cost-optimization-for-sustainable-growth.html" rel="nofollow noopener" target="_blank">30% of cloud spend thought to be wasted</a>, according to one study.</p> <p>ITAM has been solving this on the hardware side for years, giving teams visibility of all their assets so they can better manage them.</p> <p>FinOps, more recently, is now tackling this problem for Cloud.</p> <p>The job now is getting them to work together to reduce waste in both places.</p> <h2 class="wp-block-heading"><strong>Why ITAM and FinOps are being pulled together</strong></h2> <p>FinOps and ITAM aim for the same result, even if they approach it differently. </p> <p>FinOps gets clarity and accountability on cloud costs. ITAM gets clarity on devices and software. </p> <p>Both want and need accurate information, clear ownership and better planning.</p> <p>Once these teams share data, the guesswork disappears. Forecasts become more accurate. Ownership becomes clearer. Waste becomes harder to ignore.</p> <p>We’re now seeing FinOps expand to include ITAM and SAM so teams can see the full digital estate, rather than seeing separate costs.</p> <h2 class="wp-block-heading"><strong>The cost of fragmented tools</strong></h2> <p>One problem most organizations find with cost management is they don’t just use one system.</p> <p>They have a FinOps platform, an ITAM tool, a CMDB, and some even have spreadsheets to fill in the gaps.</p> <p>This fragmented approach is inefficient and expensive. It’s thought <a href="https://www.itpro.com/software/software-complexity-is-burning-through-enterprise-budgets-draining-productivity-and-burning-out-employees-and-its-a-gbp32-billion-problem-that-cant-be-solved" rel="nofollow noopener" target="_blank">UK businesses alone waste £32bn a year</a> from tool complexity – much of it caused by running multiple, disconnected systems.</p> <p>When cost data sits in one place and asset data in another, simple questions take longer to answer.</p> <p>Reports contradict each other. Forecasts drift. Teams repeat the same work because systems aren’t speaking the same language.</p> <p>We’re now seeing more of FinOps and ITAM using the same information, whether through a shared workflow or a common platform.</p> <h2 class="wp-block-heading">You can’t control hybrid models without knowing the assets behind them</h2> <p>ITAM and FinOps aren’t competing approaches. Where FinOps tracks spend. ITAM tracks the assets and licenses that create the spend with hybrid environments.</p> <p>Only using FinOps, you’ll be able to see your cloud usage, but not the hardware behind it.</p> <p>Only using ITAM, you can see the devices and licenses, but you can’t understand the business need, accountability for costs or ownership of tools that’s driving workload. </p> <h2 class="wp-block-heading"><strong>Bring your ITAM and FinOps into the modern era</strong></h2> <p>The first step is to look at how your FinOps and ITAM works today.</p> <p>Check if they share ownership, reporting and data.</p> <p>If they don’t, begin joining the workflows so both sides make decisions from the same information.</p> <p>To start seeing an ROI of ITAM, look at our <a href="https://www.certero.com/itam/">ITAM visibility</a> page for more information.</p> <p>The post <a rel="nofollow" href="https://www.certero.com/blog/itam-meets-finops/">ITAM meets FinOps: Bridging on-prem and cloud hybrid cost management</a> appeared first on <a rel="nofollow" href="https://www.certero.com">Certero</a>.</p> ]]></content> </entry> <entry> <author> <name>Scott Massey</name> <uri>https://www.certero.com/</uri> </author> <title type="html"><![CDATA[UK businesses sitting on a Shadow AI ‘data and privacy disaster’]]></title> <link rel="alternate" type="text/html" href="https://www.certero.com/blog/shadow-ai-data-and-privacy-disaster/" /> <id>https://www.certero.com/?p=8662</id> <updated>2026-01-21T13:16:05Z</updated> <published>2026-01-14T08:48:14Z</published> <category scheme="https://www.certero.com" term="AI" /><category scheme="https://www.certero.com" term="Cyber security" /> <summary type="html"><![CDATA[<p>Many UK businesses could be unwittingly sitting on a data and privacy ... </p> <p class="read-more-container"><a title="UK businesses sitting on a Shadow AI ‘data and privacy disaster’" class="read-more button" href="https://www.certero.com/blog/shadow-ai-data-and-privacy-disaster/#more-8662" aria-label="Read more about UK businesses sitting on a Shadow AI ‘data and privacy disaster’">Find out more</a></p> <p>The post <a rel="nofollow" href="https://www.certero.com/blog/shadow-ai-data-and-privacy-disaster/">UK businesses sitting on a Shadow AI ‘data and privacy disaster’</a> appeared first on <a rel="nofollow" href="https://www.certero.com">Certero</a>.</p> ]]></summary> <content type="html" xml:base="https://www.certero.com/blog/shadow-ai-data-and-privacy-disaster/"><![CDATA[ <p>Many UK businesses could be unwittingly sitting on a data and privacy disaster as thousands of employees introduce <a href="https://www.certero.com/ai/shadow-ai-detection/">Shadow AI</a> to their IT landscape.</p> <p>That’s the warning from Certero after a new <a href="https://ukstories.microsoft.com/features/rise-in-shadow-ai-tools-raising-security-concerns-for-uk/" rel="nofollow noopener" target="_blank">Microsoft report</a> found that 71% of employees have used unapproved AI tools at work, with more than half (51%) of those using these tools at least once a week.</p> <p>As consumer apps like ChatGPT and Claude increasingly creep into the workplace through individual subscriptions, rather than IT approved versions, it’s leaving companies extremely vulnerable to privacy and security risks.</p> <p>One of the more worrying findings in Microsoft’s “Rise of Shadow AI” report, is that the employees introducing the tools into their companies show little concern about the risks.</p> <p>Only about a third of those surveyed said they were concerned about the privacy of any customer and company data put into AI tools. And only 29% were concerned about potential security risks created in company IT systems.</p> <h2 class="wp-block-heading"><strong>Is a lack of tech innovation part of the Shadow problem?</strong></h2> <p>Among the reasons given for why they use their own AI tools at work, 28% of Microsoft’s respondents said their company doesn’t provide a work-approved option.</p> <p>This is something we commonly hear from within companies that are slow to adapt to changing technology, leaving teams and employees to bring in their own tools with no oversight.</p> <p>This type of unauthorized tool use has exploded in the last few years with the introduction of SaaS applications with free use models and Cloud.</p> <h2 class="wp-block-heading"><strong>Understanding the risks of Shadow AI</strong></h2> <p>One of the biggest concerns around the unauthorized introduction of Shadow AI, is the lack of transparency over how data put into these tools is stored or used.</p> <p>The <a href="https://ico.org.uk/for-organizations/uk-gdpr-guidance-and-resources/artificial-intelligence/guidance-on-ai-and-data-protection/how-should-we-assess-security-and-data-minimisation-in-ai/" rel="nofollow noopener" target="_blank">Information Commission</a> in the UK has already warned about and issued guidance around the concerns of putting sensitive data into AI systems.</p> <p>They warn that “AI systems introduce new kinds of complexity not found in more traditional IT systems that you may be used to using”.</p> <p>One difficulty they raise is that common practices about how to process personal data securely in data science and AI engineering are still in development.</p> <p>They highlight that how one AI tool treats data can differ to another tool, and that as a company you have no way of knowing how data put into these tools will be dealt with.</p> <p>This is especially concerning considering regulations like GDPR, which require you to have transparent audit trails over how you collect, store and use data in your business.</p> <p>Complying with this when it comes to AI is difficult enough when you know about the AI tools being used. It’s impossible when it comes to Shadow AI, leaving you exposed to risk and possible fines.</p> <h2 class="wp-block-heading"><strong>Getting control of your hybrid IT environment is more crucial than ever</strong></h2> <p>Shadow AI has raised the stakes when it comes to the dangers of unapproved IT assets.</p> <p>Shadow IT has always been a cause for concern for any business but primarily from a cost and productivity perspective.</p> <p>That’s not to say security concerns haven’t been raised before by Shadow IT.</p> <p>You only have to look back to the Log4Shell incident in 2021, a critical vulnerability that allowed attackers to execute arbitrary code remotely on affected systems.</p> <p>While the initial attack was a zero day event, it became a bigger issue that affected non-patched devices. With no visibility of IT, this is exactly the kind of attack that could impact your business.</p> <p>But AI presents a completely new set of challenges due to the early nature of how tools are developed and trained on the data put into them, coupled with the rising use of unapproved tools.</p> <p>It’s critical that businesses that haven’t already, start to review their ITAM practices, ensuring they have measures and tools in place to get complete visibility of their hybrid IT environments.</p> <p>Having a clear view of everything used in your business – whether you know about it or not – is the only way you can reliably protect yourself from the threats posed by AI, or at least help you control how these tools are rolled out.</p> <p>Speaking about the results of their survey, Darren Hardman, CEO, Microsoft UK & Ireland, said:</p> <figure class="wp-block-pullquote"><blockquote><p>“UK workers are embracing AI like never before, unlocking new levels of productivity and creativity. But enthusiasm alone isn’t enough.<br>“Business must ensure the AI tools in use are built for the workplace, not just the living room.”<br>He added: “Only enterprise-grade AI delivers the functionality that employees want, wrapped in the privacy and security every organization demands.”</p></blockquote></figure> <p>At Certero, our <a href="https://www.certero.com/itam/">AI-powered IT Asset Management software</a> is here to help organizations get the visibility they need to effectively observe, manage and govern AI within their company, ensuring they’re able to embrace new innovations without sacrificing control.</p> <p>The post <a rel="nofollow" href="https://www.certero.com/blog/shadow-ai-data-and-privacy-disaster/">UK businesses sitting on a Shadow AI ‘data and privacy disaster’</a> appeared first on <a rel="nofollow" href="https://www.certero.com">Certero</a>.</p> ]]></content> </entry> <entry> <author> <name>Scott Massey</name> <uri>https://www.certero.com/</uri> </author> <title type="html"><![CDATA[Have you lost 30% of your hardware? Hidden cost of a software-only mindset]]></title> <link rel="alternate" type="text/html" href="https://www.certero.com/blog/hidden-cost-software-mindset/" /> <id>https://20.26.122.152/certero_com/?p=7902</id> <updated>2025-12-05T10:28:09Z</updated> <published>2025-12-04T09:07:54Z</published> <category scheme="https://www.certero.com" term="Managed services" /><category scheme="https://www.certero.com" term="Software asset management" /> <summary type="html"><![CDATA[<p>Cloud and SaaS might dominate IT spending. But everything still runs on ... </p> <p class="read-more-container"><a title="Have you lost 30% of your hardware? Hidden cost of a software-only mindset" class="read-more button" href="https://www.certero.com/blog/hidden-cost-software-mindset/#more-7902" aria-label="Read more about Have you lost 30% of your hardware? Hidden cost of a software-only mindset">Find out more</a></p> <p>The post <a rel="nofollow" href="https://www.certero.com/blog/hidden-cost-software-mindset/">Have you lost 30% of your hardware? Hidden cost of a software-only mindset</a> appeared first on <a rel="nofollow" href="https://www.certero.com">Certero</a>.</p> ]]></summary> <content type="html" xml:base="https://www.certero.com/blog/hidden-cost-software-mindset/"><![CDATA[ <p>Cloud and SaaS might dominate IT spending.</p> <p>But everything still runs on physical machines.</p> <p>Every workload sits on a server.</p> <p>Every employee depends on a laptop or mobile.</p> <p>Every device costs money and carries risk.</p> <p>And with remote or hybrid teams growing and compliance rules becoming more strict (with tangible penalties for non-compliance) getting back to the basics of hardware visibility is becoming more important again.</p> <p>Especially considering a <a href="https://www.gartner.com/en/documents/4031799" rel="nofollow noopener" target="_blank">recent Gartner study</a>, which claimed about 30% of all hardware is either underused or missing in many organizations.</p> <h2 class="wp-block-heading">Are you really confident in your hardware visibility?</h2> <p>When you’re running thousands of devices across departments, offices, home set ups and even borders, visibility is difficult. Laptops are left in drawers when people leave. Monitors disappear. Some IT assets never even make it onto your books and you’re left with a network of <a href="https://www.certero.com/saas/shadow-it/" data-type="page" data-id="1015">Shadow IT</a>.</p> <blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow"> <p>Taking the data from Gartner’s research, if you have 5,000 devices, about 1,500 of them will be untracked.</p> </blockquote> <p>That’s 1,500 devices you can’t see (so can’t manage) which may still hold company data, carry a live software license, or are costing money in support fees.</p> <p>This also creates an issue of trust. If IT teams doubt their own asset data, they can’t plan or report with any confidence.</p> <p>Although you may see it as “old-hat”, hardware visibility isn’t admin. It’s the base of good IT management.</p> <h2 class="wp-block-heading">You can’t secure what you can’t see</h2> <p>Wasted spending is bad enough. But the biggest risk of poor hardware visibility is the element of unseen risk.</p> <p>The same Gartner study found that 76% of IT leaders noted that a lack of a common view of applications or hardware assets across security and IT teams led to a vulnerability.</p> <p>If you can’t see the hardware asset, you can’t remove the vulnerability.</p> <p>And this isn’t just theory. In 2017 the NHS fell victim to a ransomware attack (<a href="https://www.england.nhs.uk/long-read/case-study-wannacry-attack/" rel="nofollow noopener" target="_blank">known as the WannaCry attack</a>) as a result of old operating systems being left unpatched because there was no clear record of where the the devices with the outdated OS where.</p> <p>With proper asset data, this attack could have been avoided.</p> <p>Hardware visibility still plays a huge part in IT security. It can show you exactly where risks sit, so teams can act before any trouble starts.</p> <h2 class="wp-block-heading">Is hardware lifecycle management overlooked?</h2> <p>As well as improving security, hardware visibility also saves time and money.</p> <p>IT teams still using spreadsheets are more likely to be spending time chasing data, rather than actually managing assets.</p> <p>Meanwhile you have people leaving with company laptops and other equipment. And new hires waiting weeks for equipment that’s sitting in storage.</p> <p>With proper visibility and live hardware tracking, IT teams can more easily see which devices are active, which need (or will soon need) repair, and which can be reused. That means longer lifespans, fewer unnecessary purchases and less waste.</p> <p>With hardware, visibility brings more control, and this control helps cut costs.</p> <h2 class="wp-block-heading">Ending the spreadsheet era of hardware visibility</h2> <p>Manually tracking hardware is slow, and error-prone. Especially in large organizations with complex digital estates.</p> <p>Modern IT asset management tools pull live information from every device into one dashboard.</p> <p>IT, security and finance all work from the same, real-time records and anyone can quickly check who owns a device, what’s installed, how it’s being used and if it’s up-to-date.</p> <p>With new technology, like the AI-powered search in CerteroX, it’s even quicker. You can simply ask plain language questions about your hardware estate and get explainable answers directly from your database – rather than manually searching.</p> <p>This stops the drift between what assets you have recorded, and what’s actually happening in the real-world.</p> <p>Using this information you make faster decisions, create clear audit trails and free up resources for more strategic tasks.</p> <h2 class="wp-block-heading">Hardware visibility: The foundation of ITAM maturity</h2> <p>Many companies focus on Software Asset Management first, thinking this is where the biggest opportunity is.</p> <p>But in reality, without accurate hardware visibility, software data is unreliable.</p> <p>Every license, patch and configuration depends on a physical device.</p> <p>Reliable hardware tracking can strengthen everything from software accuracy, service-desk speed, budgeting and security.</p> <p>If the hardware visibility layer is off, every linked process is too.</p> <p>So hardware visibility should often be the start of a mature ITAM practice.</p> <h2 class="wp-block-heading">The price of ignoring hardware visibility</h2> <p>One of the biggest problems with data management is that if people don’t trust it, they stop maintaining it. Because what’s the point?</p> <p>As a result, reports become guesswork. Decisions are made using stale or incorrect numbers.</p> <p>Lack of visibility wastes money, and creates risks around security and governance.</p> <p>Everything from unpatched assets, ongoing licenses for ex-employees and skewed budgets or lack of ownership all stem from poor visibility.</p> <p>The longer this all lasts, the harder, more expensive it becomes to fix.</p> <h2 class="wp-block-heading">Closing the visibility gap</h2> <p>Adding more monitoring tools rarely helps when it comes to closing your ITAM visibility gap. Instead, focus on linking what you already use.</p> <p>A single ITAM dashboard gives everyone the same view.</p> <p>When visibility improves:</p> <ul class="wp-block-list"> <li>Security teams patch faster.<br></li> <li>Finance teams plan better.<br></li> <li>IT teams recover and reuse assets.</li> </ul> <p>Instead of being a box-ticking exercise, hardware visibility actually creates genuine business value.</p> <p>This is something we worked to <a href="https://www.certero.com/case-studies/commissioning-support-unit/">achieve with a Commissioning Support Unit in the UK</a>, which works with more than one hundred organizations including clinical commissioning groups, hospital trusts and GP practices.</p> <p>The organization was managing hundreds of devices, but needed visibility, including tracking which devices users have, locating lost devices, remote wiping and locking capabilities, plus configuring settings on devices like WiFi, VPN, email and key security policies.</p> <p>We first provided them with a proof of concept to prove our capabilities, before setting them up on a platform that now provides complete visibility across all their mobile devices, without needing huge amounts of technical resources or management.</p> <p><strong>Visibility and control of IT assets</strong></p> <p>Digital tools and services still rely on hardware. Ignoring it can weaken security, waste money and lead to poor decision making.</p> <p>Whether you’re trying to stop another WannaCry attack or just recover invisible assets you’ve lost track of, you can’t protect or manage what you can’t see.</p> <p>So the first step is regaining accurate visibility of your digital estate.</p> <p>Check how much of your hardware estate you can actually account for.</p> <p>List what’s missing, unused, or outdated.</p> <p>Then decide what needs fixing to get a full, accurate view.</p> <p>Find out more about our <a href="https://www.certero.com/sam/software-asset-visibility/" data-type="page" data-id="6299">Asset Visibility</a> services.</p> <p>The post <a rel="nofollow" href="https://www.certero.com/blog/hidden-cost-software-mindset/">Have you lost 30% of your hardware? Hidden cost of a software-only mindset</a> appeared first on <a rel="nofollow" href="https://www.certero.com">Certero</a>.</p> ]]></content> </entry> <entry> <author> <name>Daniel Whitefield</name> </author> <title type="html"><![CDATA[How SaaS is Changing the Role of the SAM Manager]]></title> <link rel="alternate" type="text/html" href="https://www.certero.com/blog/saas-changing-role-sam-manager/" /> <id>https://certerosite-hrd8bmeudeeydtcj.uksouth-01.azurewebsites.net/?p=2834</id> <updated>2025-12-02T14:26:37Z</updated> <published>2025-11-14T11:26:54Z</published> <category scheme="https://www.certero.com" term="IT hardware asset management" /><category scheme="https://www.certero.com" term="Managed services" /><category scheme="https://www.certero.com" term="Software asset management" /> <summary type="html"><![CDATA[<p>Adapting to changing environments has become a familiar task for every organization. ... </p> <p class="read-more-container"><a title="How SaaS is Changing the Role of the SAM Manager" class="read-more button" href="https://www.certero.com/blog/saas-changing-role-sam-manager/#more-2834" aria-label="Read more about How SaaS is Changing the Role of the SAM Manager">Find out more</a></p> <p>The post <a rel="nofollow" href="https://www.certero.com/blog/saas-changing-role-sam-manager/">How SaaS is Changing the Role of the SAM Manager</a> appeared first on <a rel="nofollow" href="https://www.certero.com">Certero</a>.</p> ]]></summary> <content type="html" xml:base="https://www.certero.com/blog/saas-changing-role-sam-manager/"><![CDATA[ <p>Adapting to changing environments has become a familiar task for every organization. The emergence of the COVID-19 pandemic prompted professionals to invest in the quick utilization of remote working spaces and Digital Transformation in order to deal with the challenges facing businesses globally.</p> <p>Whilst this change has been notable for every professional industry, department and employee, it’s arguably those within SAM positions that have faced, and continue to face, some of the most radical changes. Specifically, how to efficiently adapt their traditional software asset management practices to suit the growing reliance on SaaS solutions.</p> <p>In this article, we will explore the predictions surrounding SaaS, the challenges this future will present to SAM professionals as well as how their role must evolve to suit the fast-changing IT landscape. This investigation will allow your organization to take proactive measures and ensure little disruption to your everyday working practices – paving the way to success.</p> <div style="height:20px" aria-hidden="true" class="wp-block-spacer"></div> <h2 class="wp-block-heading">The Future of SaaS</h2> <p>It’s no secret that SaaS is set to become the future of Software Applications for all businesses. In fact, research has already found that <a href="https://www.certero.com/saas/" target="_blank" rel="noreferrer noopener"><strong>32% of IT budgets are now committed to Cloud, SaaS applications and solutions</strong>.</a> A figure that is set to grow as we continue to move forward.</p> <p>Still not convinced?</p> <p>Well, analyst firm <strong><a href="https://www.zdnet.com/article/gartner-predicts-saas-revenues-to-reach-85-billion-in-2019/" target="_blank" rel="noreferrer noopener nofollow">Gartner predicts that the total SaaS market will grow from $85 billion in 2019 to $113 billion by 2021</a></strong> – suggesting that more and more organizations are, or will be, purchasing SaaS products as we venture into the new year.</p> <p>SaaS provides mass flexibility and greater choice – two things that rise to the top of every organization’s wish-list in the current climate – but it doesn’t come without obstacles. So, as SaaS solutions continue to hold the largest segment of the cloud-based software market, SAM managers will need to prepare for the evolving Software licensing landscape within their organization. Traditional SAM solutions aim to provide visibility of an organizations on-premises environment, modern solutions will require a more active management role that works to centralize information and understand how SaaS applications are being used within all areas of the organization – making sure that IT has visibility and control.</p> <p>And with SaaS products defining the professional landscape, it’s time that SAM managers begin their preparation.</p> <div style="height:20px" aria-hidden="true" class="wp-block-spacer"></div> <h2 class="wp-block-heading">Lessons for a Software Asset Manager</h2> <div style="height:20px" aria-hidden="true" class="wp-block-spacer"></div> <p><strong>Accept SaaS products as the new norm</strong></p> <p>In the wake of a major pandemic, many may feel that further change will be disruptive. Understandably, you may want to rely upon the more familiar and reliable management methods that have led us to this point but, as outlined above, this is no longer an option.</p> <p>As we move forward, the digital landscape will change. The first lesson for SAM managers across the globe will simply be in accepting the new reality in order to identify and develop the necessary skills and practices for working and managing the remote SaaS environments.</p> <div style="height:20px" aria-hidden="true" class="wp-block-spacer"></div> <div style="height:20px" aria-hidden="true" class="wp-block-spacer"></div> <div style="height:20px" aria-hidden="true" class="wp-block-spacer"></div> <p><strong>Understand the decentralization of IT</strong></p> <p>Although IT teams will often take the lead on new software investments, this is unlikely to remain the case. Many departments outside the IT team’s purview are growing more comfortable with procuring the SaaS solutions they need, when they need them – allowing them to improve their functionality quickly and efficiently. The challenge, of course, rests on how software asset managers can actively control this new way of working.</p> <p>A key element to consider is the investment in a SaaS Management solution. Whilst the main objective of the solution is to give managers complete, single-pane-of-glass visibility over SaaS platforms, it comes with the added benefits of increased security, improved decision-making procedures and enhanced cost optimization. These solutions ‘join-up the dots’ to give SAM managers the visibility of SaaS adoption across the business and the detailed understanding of precisely how those investments are being utilized. SAM Managers can then rest assured that they have the critical information they need to be able to understand their SaaS environment, so as to be able to right-size licensing and control costs.</p> <div style="height:20px" aria-hidden="true" class="wp-block-spacer"></div> <p><strong>Add value to the business</strong></p> <p>Providing that software asset managers can gain full visibility of the SaaS environments, your organization will then be able to capitalize on the information and boost value.</p> <p>Similar to self-hosted platforms, SaaS subscriptions can lead to unnecessary expenditures as your organization continues to evolve. Platforms that were vital months ago may become obsolete and forgotten – whether this is due to a change in focus or changes within the staffing situation – and, as such, your organization could continue to pay for monthly subscriptions that are no longer of value.</p> <p>The conclusion is a simple one; in order to accurately assess and manage the cost of SaaS subscriptions, SAM managers will require all of the information to optimize the attached costs and prevent any overspend. This includes the number of active users, infrequently active users and inactive users in addition to the per-user subscription cost.</p> <div style="height:20px" aria-hidden="true" class="wp-block-spacer"></div> <p><strong>Consider the security risks</strong></p> <p>Security has become of paramount concern for every organization in recent months. With challenges emerging left, right and center, there is simply no time to waste on any breaches within the IT landscape and our growing reliance on SaaS platforms could pose a threat to this.</p> <p>Whilst these readily available subscriptions allow businesses to operate with increased efficiency internally, it’s decentralized nature leaves something to be desired. SAM professionals will be tasked with gaining full visibility of all platforms in order to accurately assess if the services are being used efficiently, how employee off boarding effects their use as well as leveraging buying power to best effect, to eliminate over-spending on these on-going Software investments.</p> <p>The post <a rel="nofollow" href="https://www.certero.com/blog/saas-changing-role-sam-manager/">How SaaS is Changing the Role of the SAM Manager</a> appeared first on <a rel="nofollow" href="https://www.certero.com">Certero</a>.</p> ]]></content> </entry> <entry> <author> <name>Daniel Whitefield</name> </author> <title type="html"><![CDATA[Saving Money to Save Jobs]]></title> <link rel="alternate" type="text/html" href="https://www.certero.com/blog/saving-money-to-save-jobs/" /> <id>https://certerosite-hrd8bmeudeeydtcj.uksouth-01.azurewebsites.net/?p=2841</id> <updated>2026-02-03T21:59:01Z</updated> <published>2025-11-14T11:26:54Z</published> <category scheme="https://www.certero.com" term="IT hardware asset management" /><category scheme="https://www.certero.com" term="Managed services" /><category scheme="https://www.certero.com" term="Software asset management" /> <summary type="html"><![CDATA[<p>With the COVID-19 pandemic having a sustained impact across global businesses, and ... </p> <p class="read-more-container"><a title="Saving Money to Save Jobs" class="read-more button" href="https://www.certero.com/blog/saving-money-to-save-jobs/#more-2841" aria-label="Read more about Saving Money to Save Jobs">Find out more</a></p> <p>The post <a rel="nofollow" href="https://www.certero.com/blog/saving-money-to-save-jobs/">Saving Money to Save Jobs</a> appeared first on <a rel="nofollow" href="https://www.certero.com">Certero</a>.</p> ]]></summary> <content type="html" xml:base="https://www.certero.com/blog/saving-money-to-save-jobs/"><![CDATA[ <p>With the COVID-19 pandemic having a sustained impact across global businesses, and with it looking to continue through the end of 2020 and into 2021, it’s no surprise that industry leaders are looking for cost-cutting measures in order to ensure the longevity of their organizations. And this anxiety is being felt across the IT sector – not just from those at the top. As our recent Beyond the C Word Report demonstrated, nearly 60% of IT Managers and CIOs, from businesses across the world, are anticipating a recession and the challenges that it will bring.</p> <p>But while many sectors are facing the prospect of redundancies and mass staff lay-offs, there are ways in which organizations, especially those with a large IT reliance, can streamline their processes in order to become more efficient. This will not only help save money in the long run but also save jobs!</p> <p>In this article, we will examine our latest report findings to demonstrate how utilizing IT Hardware, Software, SaaS and Cloud Asset Management can lead to a more cost-effective business, giving you the tools you need to face an impending recession with more confidence.</p> <div style="height:20px" aria-hidden="true" class="wp-block-spacer"></div> <h2 class="wp-block-heading">How SAM Can Help Cut Costs in Your Organisation</h2> <p>Regardless of how long the current crisis lasts, there’s no denying the fact that it will, in all likelihood, irrevocably change the way that businesses operate moving forward. Indeed, one of the key challenges that IT Managers and CIOs anticipate in the post-COVID era is a tightening of budgets for headcount, IT projects, hardware and software. And that’s before you consider that many workforces will now see remote working as a viable alternative to the office, which has been the default for decades!</p> <p>One of the most important steps that organizations will need to take in the post-COVID world is to ensure that they have a full view of their software estate – from what they own, what’s being used effectively, and what needs licensing. IT Hardware, Software, SaaS and Cloud Asset Management solutions will play a key role in helping businesses develop clear strategies for how to handle their entire estate and create a more cost-effective environment from top to bottom.</p> <p>For example, if your organization has a clear, transparent view of all your software assets and how they’re being used by staff, IT Managers and CIOs can easily make decisions that benefit the business financially. Paying for lots of licenses when only a few individuals are using the software regularly? That can be optimized. Discover licenses are allocated to individuals that have left the business? Those licenses can be re-harvested.</p> <p>Software Asset Management is the first step in developing a more cohesive, cost-efficient IT estate. And in a post-COVID economy, that could be invaluable in helping to save jobs across an organization.</p> <div style="height:20px" aria-hidden="true" class="wp-block-spacer"></div> <h2 class="wp-block-heading">The Importance of Licensing & Auditing</h2> <p>We’ve already touched upon how SAM solutions can produce effective cost-cutting results for businesses, but in a COVID-19 context, this is even more important. As the virus swept the globe businesses found themselves rushing to facilitate home working whether that included the purchase of new software or migrating assets to the cloud. According to Certero’s Beyond the C Word data, 1 in 3 IT Managers and CIOs have stated that software licensing is a major challenge, with remote working setups making it more difficult to properly discover, inventory, track usage, and carry out effective <a href="https://www.certero.com/itam/license-reconciliation/">software license reconciliation</a> across software applications.</p> <p>As we move towards a recession it’s vitally important that businesses know exactly where their money is being spent and why – which can be challenging when IT are unable to accurately discover and inventory all devices on the corpate network. But a dedicated IT hardware and software asset management solution, Such as <strong><a href="https://www.certero.com/itam/">Certero for Enterprise ITAM</a> </strong>and <strong><a href="https://www.certero.com/sam/">Certero for Enterprise SAM</a></strong>, will enable IT to get a full view of the estate and allowing them optimize licenses through asking questions such as;</p> <ul class="wp-block-list"> <li>What software do I have installed?</li> <li>How many licenses have been purchased?</li> <li>What is my effective license position for my key vendors?</li> <li>Are all of the users actively using this software?</li> <li>Are all of the users using the full functionality or could they be on a cheaper license?</li> </ul> <div style="height:20px" aria-hidden="true" class="wp-block-spacer"></div> <p>Similarly, Software Asset Management isn’t just fundamental in securing licenses and streamlining costs, it also has a huge part to play in safeguarding against hefty fines that could be incurred from an ill-timed audit. According to our data, 36% of IT Managers and CIOs were worried about their compliance position due to their organization’s shift to remote working, with over 20% expecting to see an increase in auditing in a post-COVID environment.</p> <p>As we’ve discussed, the rush to adopt home-working setups could have left some businesses exposed – with software being procured and deployed in violation of usage rights. And without an ITAM and SAM solution, it would be difficult to truly understand your compliance position, making the potential risks of an audit even greater! So, in this sense, having a comprehensive solution which provides complete visibility of your organization’s software assets will eliminate the risk of being fined for non-compliance; preventing a cost that many businesses cannot afford to suffer in the post-pandemic economy.</p> <div style="height:20px" aria-hidden="true" class="wp-block-spacer"></div> <h2 class="wp-block-heading">Cutting Costs from Cloud Assets</h2> <p>In a very similar vein to understanding your compliance and licensing position, you need a solution to control your SaaS and Cloud expansion which have come about due to remote working.</p> <p>The biggest ‘cost risks’ to organizations with regards to their SaaS and cloud environments are Cloud Sprawl, Toxic Consumption, Bill Shock and Shadow IT.</p> <p>Cloud Sprawl, or the uncontrolled proliferation of a business’s cloud instances, is common when an organization has poor visibility of their cloud estate. As services were hastily provisioned to support working from home en masse little consideration was given to how they would monitor and track these assets going forward. This poor control and visibility leads to multiple cloud instances being provisioned and purchased when it may have been more commercially viable to consolidate. Whilst the majority of CIOs (43%) we spoke to said that this wasn’t a huge concern currently, a Cloud and SaaS Asset Management solution would be beneficial in determining whether certain environments are financially necessary, or whether better rates can be negotiated.</p> <p>Shadow IT, in a parallel sense, can expose businesses to unregulated costs if a SaaS asset management solution, such as Certero for Cloud, isn’t in place to detect the issues. With large swathes of the workforce converting to remote setups there is an increased risk of employees purchasing and installing software without the oversight of the IT department. This can easily lead to mismanagement, incurring unnecessary costs as a result as organizations miss out on bulk discounts and fail to consolidate technology. Shadow IT also brings security risks as IT has no visibility of where company information may be potentially being stored. This is clearly a concern for IT Managers, with 40% of our respondents labelling it as such. But, as with Cloud Sprawl, the right SaaS management solution can help reduce hidden costs and maintain compliance across your IT estate.</p> <p>Toxic consumption is the unnecessary use of cloud resources due to poor visibility, where the need for a resource may have ended but the environment continues to incur unnecessary costs. As budgets are reduced organizations need to ensure that they have full visibility of their IT estate and to ensure that they are not wasting money on resources that they are no longer utilizing.</p> <p>Bill shock is where poor performance and capability planning leads to costly and unexpected bills. With the haste at which the workforce was made remote it is likely that organizations are now starting to see large and unbudgeted expenditure. Organisations must have the ability to track and trend the usage of their cloud estate from the number of users to the amount of resource used. This vital data will ensure that they can forecast upcoming expenditure and look for areas of cost optimization as early as possible.</p> <div style="height:20px" aria-hidden="true" class="wp-block-spacer"></div> <div style="height:20px" aria-hidden="true" class="wp-block-spacer"></div> <h2 class="wp-block-heading">Assisting the Hybrid Model</h2> <p>It seems fairly likely that a lasting impact of the pandemic will be a cultural shift towards home working – whether that’s full-time or, more likely, a hybrid working model. In this ‘new normal’ managing your assets whether hardware, software, SaaS or Cloud will play a key role. It will be the place of IT Managers and CIOs to ensure that every remote worker has access to the correct software, the estate is compliant across the organization, and that security risks are safeguarded against or eliminated.</p> <p>All of these functions will make the ability to work from home faster, easier and safer for organizations and their employees, presenting it as a more viable option. This could mean that businesses save money on rent costs as they transition to a hybrid working model, with proper solutions to manage the IT estate guaranteeing effective performance in and out of the office.</p> <p>Without the guarantee that these solutions offer, businesses would be exposing themselves to unnecessary financial and security risks by choosing to adopt a more flexible working strategy.</p> <p>In a time of economic uncertainty, it’s vital that businesses choose solutions that can help reduce waste and make their organization more cost-effective. Certero’s IT Hardware, Software SaaS and Cloud Asset Management Solutions are essential to ensuring that organizations remain compliant, security risks are averted and, most importantly, unnecessary costs are reduced. By investing in the right technologies, businesses can put processes in place that save money and jobs, providing a future for their enterprise and their employees.</p> <p>If you’d like to discuss your requirements, and how Certero’s unified solutions can help you, <strong><a href="https://www.certero.com/contact-us/">speak with one of our experts!</a></strong></p> <p>The post <a rel="nofollow" href="https://www.certero.com/blog/saving-money-to-save-jobs/">Saving Money to Save Jobs</a> appeared first on <a rel="nofollow" href="https://www.certero.com">Certero</a>.</p> ]]></content> </entry> <entry> <author> <name>Joseph Lobo</name> <uri>https://www.certero.com</uri> </author> <title type="html"><![CDATA[Gartner Myth Buster – Part 2]]></title> <link rel="alternate" type="text/html" href="https://www.certero.com/blog/gartner-myth-buster-part-2/" /> <id>https://certerosite-hrd8bmeudeeydtcj.uksouth-01.azurewebsites.net/?p=2843</id> <updated>2026-02-03T12:03:40Z</updated> <published>2025-11-14T11:26:54Z</published> <category scheme="https://www.certero.com" term="IT hardware asset management" /><category scheme="https://www.certero.com" term="Managed services" /><category scheme="https://www.certero.com" term="Software asset management" /> <summary type="html"><![CDATA[<p>In our previous post regarding the inaccuracies of Gartner’s Magic Quadrant for ... </p> <p class="read-more-container"><a title="Gartner Myth Buster – Part 2" class="read-more button" href="https://www.certero.com/blog/gartner-myth-buster-part-2/#more-2843" aria-label="Read more about Gartner Myth Buster – Part 2">Find out more</a></p> <p>The post <a rel="nofollow" href="https://www.certero.com/blog/gartner-myth-buster-part-2/">Gartner Myth Buster – Part 2</a> appeared first on <a rel="nofollow" href="https://www.certero.com">Certero</a>.</p> ]]></summary> <content type="html" xml:base="https://www.certero.com/blog/gartner-myth-buster-part-2/"><![CDATA[ <p>In our previous post regarding the inaccuracies of Gartner’s Magic Quadrant for SAM Tools, we stated there is a critical need to publish accurate information to hopefully help businesses relying on the report to make better informed decisions.</p> <p>The need to clarify fact vs fiction has again unfortunately arisen following even more misleading information relating Certero and our solutions, in Gartner’s <a href="https://www.gartner.com/doc/3988418?ref=clientFriendlyURL" rel="nofollow noopener" target="_blank">Critical Capabilities report</a> (CC) for Software Asset Management Tools. </p> <p>Again, to help clarify what is and isn’t factually correct, here is another breakdown to help bust the myths and misperceptions surrounding what we do. As always, if you’re unsure of anything stated in these clarifications give us a call and let us show you. Certero do think and do things differently, you may just be very surprised. </p> <p>1. <strong>What Gartner said about Certero<em>: </em></strong>Certero AssetStudio for Enterprise SAM, v.6, is the core component of Certero’s SAM offering. </p> <p><em><strong>Certero says:</strong> Certero does not have ANY product with the word ‘AssetStudio’ in it. The product that is being referred to; we believe is the Certero for Enterprise SAM product.</em></p> <p><em>This product is NOT the core component of Certero’s SAM offering. It is one of several individual products that are aligned to a specific ITAM/SAM challenges ie. IBM, Oracle, SAP, Microsoft, General Wintel vendors et al and complement each other equally.</em></p> <p><em>Note: All Certero products run on Certero’s unique unified platform, either individually or with other Certero products holistically, as a seamless unified solution – one single pane of glass that brings full enterprise-scope IT hardware and software data together for unlimited, live reporting.</em></p> <p>2. <strong>What Gartner said about Certero<em>: </em></strong> It provides entitlement management and reconciliation capabilities for Microsoft, Adobe and commonly used metrics. </p> <p><em><strong>Certero says: </strong>This is correct </em></p> <p>3. <strong>What Gartner said about Certero<em>: </em></strong><em>Certero offers add-ons for a self-service portal (App-Centre). </em><strong><em> </em></strong></p> <p><em><strong>Certero says: </strong>Certero App-Centre is a product that can be purchased individually that provides a self-service application portal, it is not an add-on to any other product of Certero’s.</em></p> <p>4. <strong>What Gartner said about Certero<em>: </em></strong>Certero for Cloud to provide visibility into cloud consumption,</p> <p><em><strong>Certero says: </strong>This is correct</em></p> <p>5. <strong>What Gartner said about Certero<em>: </em></strong><em>and three publisher-specific modules for Oracle, IBM and SAP</em><strong><em>.</em></strong> </p> <p><em><strong>Certero says: </strong>The <strong>Certero for Oracle</strong> product is NOT a module of Certero for Enterprise SAM. It is an individual product that has two optional modules, one that covers Database and Middleware, the other module covers E-Business Suite. Certero for Oracle is formally verifed by Oracle Licence Management Services (LMS) as a third-party tool for Oracle Fusion Middleware, Database and Database Options.</em></p> <p><em>The<strong>Certero for IBM</strong> product is NOT a module of Certero for Enterprise SAM. It’s an individual product that does not have any modules. It intelligently complements and validates data accuracy within ILMT. It can establish an ELP using ILMT and helps to automate complex processes, such as component to product reconciliation. </em></p> <p><em>The<strong>Certero for SAP Application</strong> product is NOT a module of Certero for Enterprise SAM. It is an individual product that does not have any modules. It can manage both User and Packages (Engines) metrics. </em></p> <p>6. <strong>What Gartner said about Certero<em>: </em></strong>Customers can also procure AssetStudio for Enterprise ITAM to manage hardware and software assets on a single platform.</p> <p><strong><em>Certero says: </em></strong><em>Certero does have an ITAM product called ‘Certero for Enterprise ITAM’ and it is on the same unified platform as Certero for Enterprise SAM, making a single, unified platform solution for hardware and software asset management, and more. Our ITAM product features modules for advanced Discovery & Inventory, Software Distribution, Application Usage Metering and Patching – all of which can be simply selected as required. </em></p> <p>7. <strong>What Gartner said about Certero<em>:</em></strong> AssetStudio for Enterprise SAM allows organizations to import data from Microsoft Licence Statement (MLS)</p> <p><strong><em>Certero says:</em></strong><em> Certero does not have ANY product with the word ‘AssetStudio’ in it</em></p> <p><em>The product that is being referred to is we believe is the Certero for Enterprise SAM product. This product does have the ability to perform a ‘one-click’ import a Microsoft Licensing Statement (MLS).</em></p> <p>8. <strong>What Gartner said about Certero<em>: </em></strong>and IBM Passport Advantage,</p> <p><strong><em>Certero says: </em></strong><em>The Certero for IBM product does NOT have the ability to import IBM Passport Advantage entitlement.</em></p> <p>9. <strong>What Gartner said about Certero<em>: </em></strong>and offers SAP contract review services to enter SAP entitlements<em>.</em></p> <p><strong><em>Certero says: </em></strong><em>The Certero for SAP Applications product does have the ability to manage SAP Exhibit’s (entitlement).</em></p> <p>10. <strong>What Gartner said about Certero<em>:</em> </strong>Users can<strong> </strong>manually create entitlements and improve this process with Certero’s product library of entitlements for Microsoft, Oracle and IBM, which includes the license types, metrics and use rights.</p> <p><strong><em>Certero says: </em></strong><em>This is correct</em></p> <p>11. <strong>What Gartner said about Certero<em>:</em></strong> Certero offers agent or agentless discovery and inventory of software running on Windows, Linux, UNIX and Mac platforms.</p> <p><strong><em>Certero says: </em></strong><em>This is correct, including </em><em>zLinux. </em></p> <p>12. <strong>What Gartner said about Certero<em>: </em></strong><em>Certero extracts data from third-party systems such as VMware and XenServer to inventory software running in virtualised environments.</em></p> <p><strong><em>Certero says: </em></strong><em>This is correct, including all major virtulizations vendors such as: Oracle VM, Red Hat oVirt, AIX LPARS, HMC etc</em></p> <p>13. <strong>What Gartner said about Certero<em>: </em></strong>Certero utilizes integrations with Okta, and offers 10 API integrations with common SaaS applications such as Salesforce, Office 365 and Adobe to monitor SaaS consumption. </p> <p><strong><em>Certero says: </em></strong><em>The</em><em> Certero for Cloud product has thirteen optional modules that cover AWS, AZURE, Microsoft 365, Salesforce, Adobe CC, G-Suite, Okta, Wrike, Box, Zoom, Tableau, Dropbox, Slack </em></p> <p>14. <strong>What Gartner said about Certero<em>: </em></strong><em>Certero lacks the ability to discover unknown shadow SaaS. </em><em> </em></p> <p><strong><em>Certero says: </em></strong><em>This is correct, the solution is currently being developed.</em><em> </em></p> <p>15. <strong>What Gartner said about Certero<em>: </em></strong>Certero currently offers support for public cloud providers AWS and Azure, but cannot discover and inventory software within other cloud providers, such as GCP, Alibaba Cloud and IBM Cloud. Certero lacks support for the management of specialty and engineering applications that are generally licensed concurrently and managed by a license server. Certero currently offers support for public cloud providers AWS and Azure, but cannot discover and inventory software within other cloud providers, such as GCP, Alibaba Cloud and IBM Cloud. Certero lacks support for the management of specialty and engineering applications that are generally licensed concurrently and managed by a license server.</p> <p><strong><em>Certero says: </em></strong><em>Certero does not have a connector for GCP, Alibaba Cloud and IBM Cloud. Certero can inventory assets in these environments via their agent or agentless technology. </em></p> <p>16. <strong>What Gartner said about Certero<em>: </em></strong>Certero allows users to adequately reconcile their entitlement and consumption data for commonly utilized applications; however, the interface is not intuitive and requires users to develop custom queries to produce effective license positions (ELPs).</p> <p><strong><em>Certero says: </em></strong><em>This is incorrect. Certero provide ELP reporting using Compliance Dashboards, which are maintained live within the solution. There is no limit to the number of vendor ELPs or which vendors you’d like to visualize on which dashboards – it’s entirely customizable for you and is therefore, purposefully designed to be easily intuitive. There is no requirement for users to develop custom queries. This is evident in the way that Certero does NOT need to provide users with ‘pre-canned’ reports, as the point is that the solution is intuitive enough for users to ask any question they wish of the data and be able to easily attain the answers they require immediately. Pre-canned reports are for solutions where accessing intelligence is difficult – that is not the Certero way. Again – Customer feedback via Gartner’s own ‘Peer Insights’ scores Certero higher than any major SAM vendor for ‘Software Position Establishment’ (as is the case with every other feedback category).</em></p> <p>17. <strong>What Gartner said about Certero<em>: </em></strong>While Certero Discovery is not a replacement for IBM’s Licence Metric Tool (ILMT), Certero identifies which instances require ILMT installed, to ensure compliance with IBM requirements to utilize ILMT where sub-capacity licensing is utilized.</p> <p><strong><em>Certero says: </em></strong><em>This is correct. Certero for IBM utilizes ILMT inventory as is required by IBM. It verifies the completeness and accuracy of ILMT data and automates complex <a href="https://www.certero.com/itam/license-reconciliation/">software license reconciliation</a> processes to establish an Effective Licence Position (ELP).</em></p> <p>18. <strong>What Gartner said about Certero<em>: </em></strong>The combination of App-Centre and AppsMonitor lets organizations identify candidates for software removal and reallocation. </p> <p><strong><em>Certero says: </em></strong><em><strong>Certero App-Centre</strong> is a product that can be purchased individually that provides a self-service application portal, it is NOT an add-on to any other product of Certero’s. </em></p> <p><em>The<strong>Certero for Enterprise ITAM</strong> product has a module called AppsMon (Application Monitoring) that lets organizations identify candidates for software removal and reallocation. </em></p> <p><em>The<strong>Certero for Enterprise SAM </strong>product has a module called AccessCtrl (Access Control) that lets organizations identify candidates for software removal and reallocation on Thin Client devices. Note: It also restricts the access to software on any device. It can also restrict access to any device, critical for enforcing compliance on thin client due to device based licensing metrics. </em></p> <p>19. <strong>What Gartner said about Certero<em>: </em></strong>Certero utilizes its own native business intelligence (BI) tool Acquaintia, which sits on top of the AssetStudio platform and allows users to create custom reports for technology insights. </p> <p><strong><em>Certero says: </em></strong><em>Certero utilizes its own native business intelligence (BI) capability in all its products. The exception is a product called Certero PowerStudio which uses a tool called Acquaintia.</em></p> <p>21. <strong>What Gartner said about Certero<em>: </em></strong>Note: Certero declined to participate in the process for this Critical Capabilities research; it identified no reference customers and chose not to provide supplementary information. Gartner’s analysis of Certero in this Critical Capabilities is therefore based on other credible sources, including previous vendor briefings, customer inquiries, Gartner Peer Insights reviews and other publicly available information. </p> <p><strong><em>Certero says: </em></strong><em>Correct, Certero did decline to participate, as we did with the Magic Quadrant for SAM Tools. Gartner have consistently been unable to move past their internal perceptions, thus why their analysis, understanding or representation of Certero is so misleading. It is the sole reason why Certero refuses to participate. This is why we have written this blog to help clarify some of the facts so businesses can get a real understanding of who we are and what we do!</em></p> <p></p> <p>The post <a rel="nofollow" href="https://www.certero.com/blog/gartner-myth-buster-part-2/">Gartner Myth Buster – Part 2</a> appeared first on <a rel="nofollow" href="https://www.certero.com">Certero</a>.</p> ]]></content> </entry> </feed>