Skip navigation
All Places > Snow Product Hub > General Licensing Forums > Blog > 2018 > January
2018

Dear all,

 

After a discreet enquiry from one of my business partners if I knew anyone who was a major wheel with Salesforce licensing, I reached out to a contact of mine who implements Salesforce for a living.

 

The lady concerned then provided me with two very good links:

 

https://help.salesforce.com/articleView?id=users_understanding_license_types.htm&type=5

 

http://www.kineticgrowth.com/salesforce-user-license-types/

 

I'm all about spreading the love, so please use as you see fit.

 

Cheers,

 

Rory

Rory Canavan

Go-Kart a go-go!!

Posted by Rory Canavan Jan 25, 2018

Huge thanks to Sean Feighery (pictured) and Joseph Powell (away setting lap records at the time of the pic) for waving the SAM Charter flag for the day at the ITAM Review go-karting challenge.  Congratulations to all the teams that took part, this is for a great cause:  

 

https://www.justgiving.com/fundraising/theitamreview 

 

Team SAM Charter :)

Blacklisting software is one of the 'bonus' features that comes courtesy of Snow's extensive recognition database. Even the best IT Security teams often dont have the time to figure out which .exe's are good and which are harmful. 

The question though is what to define in your blacklist. The obvious ones are which snow constantly keeps up to date are:

Definition
Notes
'Games%' Games are mostly bad - especially as users need admin rights to install
'Malware -%'notice the hyphen - otherwise Malware Bytes shows up which is good!
'Filesharing%'As Filesharing apps keep morphing, this is a really good one since ongoing SRS research keeps it up to date
'Poker%'Nuff sed - Games and Gambling together???

 

Recently we've started finding other applications - I've included a link so you can research at your leisure

 

Title
Reason its bad 
'Tor Browser' For surfing the Dark Web - If you dont know read the following https://www.techrepublic.com/article/dark-web-the-smart-persons-guide/
'TunnelBear'Its a free VPN product that hides your IP Address - typically used so you can stream video from other countries...
'CCleaner 5'Recently proved as hacked - https://www.cnet.com/how-to/ccleaner-was-hacked-heres-what-to-do-next/
'Mic Tray Icon 1'

This has the capability to be a key logger - https://www.computerworld.com/article/3196125/data-security/on-hp-computers-check-for-the-conexant-keylogger-called-mictray.html

In the Application Types Categorisation in Snow, there is a 'Keylogger' category - Good to know 

PortableApps

These are applications typically launched from a USB key. This means Admin rights are not needed - could be legitimate or not legitimate use - if its a game it probably not legitamate. If you see Wireshark (Packet sniffer) being used via PortableApps, check the user - are they a Network admin (legitimate) or an ordinary user (in which case why are they being sniffed?)

Caffeine

Moves the mouse every few seconds if you are not at your desk. Stops screensavers activating, and as a colleague pointed out, makes your Skype status look active when you are actually having a kip

Zenmap (Nmap)

A network scanning tool that has several password cracking add-ons. Great if you are IT security making sure things are secure - not so good if its being used by others....

 

If you've any more that you look for, comment below - We're constantly researching more and happy to hear of new bad things.

gdpr

we had a meeting with a Data Protection Manager form a customer. He were impressed about our GDPR reports but he was wondering how he can actually use SLM to document the assessment results. I showed a simple way with custome fields (attached) and hit the point for him. Maybe that is useful for someone else.

 

Step1: Create 4 custome fields in SLM assigned to applications:

 

 

Step2: search for your GDPR risk applications (NOTE: this is an addon feature to SLM and requires separate license key):

 

Step3: Add the required information to the resolved application

 

 

Step4: create and schedule a new report (based on "all applications")

 

 

Regards

Stefan Heller

Picture the scene:  In the not too distant future, a CIO is “networking” (i.e. out playing golf!) – when walking between shots with his phone set to silent (club rules) he receives a notification from his SAM app that a favoured vendor on the company hit-list has gone out of compliance due to a recent change management event he wasn’t informed of.  An auto-investigate email is sent to the SAM Manager so that he can proactively investigate this immediately, and so the prospect of a rampant deployment team is not an excuse he can offer if his golf swing goes awry.

 

For the full blog, please visit this link:  https://www.samcharter.com/run-sam-framework-mobile-phone/ 

 

Hi All,

 

I was recently talking with a prospective client and we were discussing the joys of trying to keep up with the projects and programmes office in respect of new software titles that they might bring to the IT estate.  The blind-siding that ITAM teams often experience here, is not a new story.  Neither too, are the problems that arise once programme installations become BAU (Business As Usual) IT assets.

 

Standard protocol would suggest that a software testing and packaging process is in place, ideally with a hand-in from the request process, so that if a new title is introduced into the business, a standard means of assessing its suitability can be made.

 

However, if a project or programme is working to a non-BAU agenda, then perhaps a cunning plan b might be to validate new titles at the Proof of Concept stage.  Clearly, this entails having the ear of the person who oversees projects or programmes, but once that is achieved then at least you stand a better chance of knowing what software will be introduced to your IT estate, when, and whether someone is being lined up to act as a go-to person for the ownership of that new software title come BAU.

 

As ever, there are no silver bullets in ITAM, but an ounce of lateral thought goes a long way in breaking down such problematic use-cases.

Firstly, may I offer everyone a very happy New Year - I hope 2018 is everything you wish for and more; and that Santa brought you the presents you deserved!

 

Fresh off the back of the new publication of ISO 19770-1: 2017 I have put together some guidance notes which can be downloaded for free from the link below:

 

https://www.samcharter.com/whitepapers/ 

 

Feel free to download these notes, and get back to me with any questions.  As stated in the document these notes are NOT a replacement for the Standard itself.