ITAM Roundup: 4/27/25
📰 News
What’s new at Flexera: April 2025
In April 2025, Flexera introduced major updates, including Cloud License Management for optimizing cloud software costs, a new Contextual Data Mashup UI for easier inventory contextualization, and enhancements to SaaS Management like Salesforce insights and a Microsoft CASB connector. Security updates include improvements to Software Vulnerability Manager and Patch Publisher, while FinOps capabilities expanded with AI-driven Cost Planning and new MSP-specific tools for better customer and pricing management. Finally, Azure users now benefit from hybrid autoscaling between spot VMs and reservations through Spot Ocean and Elastigroup integration.
Kevin Miller
Datadog acquires AI-powered observability startup Metaplane
Datadog has acquired Metaplane, an AI-driven data observability startup, to strengthen its offerings in the rapidly growing data observability market, though financial terms were not disclosed. Metaplane will continue operating as “Metaplane by Datadog,” helping unify application and data observability, especially as businesses increasingly deploy AI systems. This acquisition, Datadog’s second of 2025, positions the company to compete in a crowded market projected to grow significantly through 2030.
Kyle Wiggers
IBM dragged down by DOGE contract cancellation roulette
IBM exceeded Wall Street's expectations for revenue and income in Q1 2025, but its stock fell over 6% in after-hours trading, partly due to the cancellation of contracts influenced by Elon Musk's DOGE initiative. The company faced approximately $100 million in lost future payments after 15 government contracts were affected by DOGE's recommendations. Despite these challenges, IBM reported overall revenue growth, strong demand for generative AI, and continued confidence in meeting its revenue expectations.
Thomas Claburn
📖 Tips
Busting Four of the Biggest Microsoft Support Myths
Microsoft replaced its Premier Support with Unified Support, a more expensive model tied to overall Microsoft spending, leading many customers to complain about its high cost and inconsistent quality. Contrary to common myths, Microsoft is not the only or safest support option, as third-party vendors often provide better, faster service with Microsoft-certified experts and even escalate cases directly to Microsoft when needed. Additionally, Unified Support is often outsourced, and bundling Enterprise Agreements with support renewals mainly benefits Microsoft, limiting customers' ability to negotiate favorable terms.
Mary Jo Foley
5 steps to improve IT asset management in a siloed environment
In siloed environments, fragmented software management leads to higher costs, inefficiencies, and compliance risks, but organizations can fix this by centralizing ITAM efforts. Key steps include establishing a cross-functional ITAM team, tracking and managing assets with inventory and SAM tools, leveraging collective purchasing power, optimizing license usage to avoid waste, and building a centralized system to prevent non-compliance. SHI offers services like ITAM maturity assessments, process optimization, and cost management strategies to help organizations streamline their software management and maximize value.
Mika Harviala
Key Takeaways from the State of FinOps 2025 Report
The 2025 State of FinOps report shows FinOps is expanding beyond traditional cloud cost management to include AI, SaaS, and private cloud spending, with workload optimization still the top priority but governance quickly rising. AI cost management is a major new focus, with 63% of organizations now tracking AI spend, and the "cloud+" trend is pushing FinOps teams to manage a broader range of technology costs. As teams juggle more responsibilities, investment in FinOps tools and automation is up 20%, highlighting a shift toward greater efficiency and scalability.
George Arezina
Microsoft Fabric – everything you need to know
Microsoft Fabric is a unified, cloud-based analytics platform that combines services like data lakes, real-time analytics, and business intelligence into one integrated solution, now replacing Power BI Premium in new contracts at a generally higher cost. Microsoft introduced a Fabric Capacity Estimator to help organizations choose the right SKU and control costs during this transition, with Fabric purchasable through Azure on a pay-as-you-go basis and eventually via Microsoft 365. Key features include flexible capacity management, built-in security, and OneLake — a centralized data lake that connects and unifies enterprise data without duplication.
Erik
Third-Party Support for IBM Software: A CIO’s Playbook
Many CIOs are exploring third-party support for IBM software as a way to reduce costs, extend the life of stable systems, and avoid forced upgrades, especially as IBM pushes for expensive renewals and migrations. Independent providers like Origina and Rimini Street offer legitimate, tailored support for legacy IBM products—including WebSphere, Maximo, Lotus Notes, and Db2—often at significantly lower costs and with more flexible service than IBM itself. This playbook advises CIOs on evaluating, negotiating, and managing a shift to third-party support while ensuring licensing compliance and minimizing risks.
Fredrik Filipsson
🐛Bugs & Exploits
Emergency patch for potential SAP zero-day that could grant full system control
SAP has released an emergency patch for a critical zero-day vulnerability (CVE-2025-31324) in its NetWeaver platform, which experts believe may have already been exploited. The flaw, found in the Visual Composer app-building tool, allows attackers to upload malicious executables, potentially gaining full control over SAP systems and facilitating ransomware deployment or lateral network movement. While SAP has restricted full details behind a paywall, similar incidents involving webshells in SAP environments suggest the vulnerability could be actively exploited.
Connor Jones
More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans
Security experts warn that a wave of Ivanti attacks may be imminent, as endpoint scans for Ivanti Connect Secure and Pulse Secure systems surged by 800 percent, a pattern often seen before new vulnerabilities are exploited. GreyNoise reported that nearly a quarter of the past three months' scanning activity happened on a single day, with a large portion classified as "suspicious" or "malicious," while Ivanti urged customers to upgrade from unsupported products to avoid N-Day attacks. Given Ivanti’s history of recent vulnerabilities and zero-day exploits linked to Chinese threat groups, a new disclosure or attack would not be surprising.
Connor Jones
