The ITAM Roundup: 3/23/25

roundup Mar 23, 2025

📰 News

The latest cloud computing trends: Flexera 2025 State of the Cloud Report

The Flexera 2025 State of the Cloud Report highlights key cloud computing trends, including the rise of dedicated FinOps teams to manage growing cloud costs, the ongoing competition between AWS and Azure for market dominance, and the increasing reliance on Managed Service Providers (MSPs) to handle cloud complexity. With 83% of respondents already using or experimenting with AI, new cost challenges are emerging, leading to the rise of “FinOps for AI.” The report underscores the continued expansion of cloud workloads, the need for cost optimization, and the growing role of MSPs in streamlining cloud management.

Inside the Google-Wiz acquisition and the deal’s biggest winners

Google is acquiring cloud security startup Wiz for $32 billion after a series of negotiations, making it one of the largest deals in the sector. Sequoia and Israeli VC firm Cyberstarts are among the biggest winners, with Cyberstarts securing the largest percentage gain. The TechCrunch Equity podcast covers this deal, Nvidia’s GTC highlights, the Klarna IPO, HR tech drama, and Waymo’s new airport mapping project.

SoftBank to acquire semiconductor designer Ampere in $6.5B all-cash deal

SoftBank is acquiring semiconductor designer Ampere Computing for $6.5 billion in an all-cash deal, positioning it as a wholly owned subsidiary to strengthen its AI infrastructure investments. Ampere, backed by Carlyle and Oracle, develops ARM-based server chips used by major cloud providers like Google Cloud, Microsoft Azure, and Alibaba. SoftBank sees this acquisition as a key step in advancing AI computing power, aligning with its broader AI initiatives, including partnerships with OpenAI and the AI infrastructure project Stargate.

SAM Tools Market Research

The Software Asset Management (SAM) tools market is growing rapidly due to increasing software costs, compliance requirements, and the shift to cloud and SaaS environments, with Gartner estimating that up to 30% of software spending is wasted on unused licenses. Market projections indicate strong double-digit growth, with estimates ranging from $7.3 billion by 2029 (16% CAGR) to $16.5 billion by 2034, driven by cost optimization, vendor audits, and rising IT spending. While some conservative forecasts suggest slower growth (7–8% CAGR), most experts agree that SAM adoption will continue expanding as organizations seek to streamline software management and governance.

Trends driving IT decision-makers in 2025

In 2025, IT decision-makers face rising cloud costs, increased AI adoption, and pressure to modernize legacy systems. Many organizations are reconsidering cloud-first strategies in favor of hybrid models while integrating AI into business processes to improve efficiency and competitiveness. Meanwhile, CIOs must demonstrate the value of IT investments amid budget constraints, driving a focus on financial management and cross-functional collaboration to optimize technology strategies.

📖 Tips

Oracle Java subscription: How to easily gain visibility into your license agreements

Managing Oracle Java licenses has become increasingly complex due to frequent contract changes, including the shift to the Employee Universal metric, which can significantly impact costs. Organizations must gain full visibility into their Java environment, track license usage accurately, and consider alternatives like OpenJDK or Azul to optimize costs. SHI’s Oracle Discovery Application (SODA) provides an automated solution to scan, analyze, and optimize Java licensing, ensuring compliance and cost efficiency while preparing organizations for potential audits.

Hardware Asset Management Software: 10 Tools For 2025

The list includes solutions such as InvGate Asset Management, Freshservice, Device42, FlexeraOne, and AssetPanda, among others, each offering unique features to cater to various organizational needs. The article also emphasizes the importance of selecting the right HAM software to enhance IT visibility, reduce costs, and ensure compliance with corporate policies and industry regulations.

What is Cloud License Management?

Cloud License Management (CLM) helps companies gain visibility into their cloud software spend, optimize usage, and reduce compliance risks by tracking underutilization, preventing uncontrolled spending, and ensuring proper license management. Flexera’s CLM tool provides granular insights into software costs across multi-cloud environments, enabling businesses to cut waste, forecast expenses, and make informed budgeting decisions. By leveraging CLM, organizations can improve efficiency, avoid compliance penalties, and strategically manage their cloud software investments.

How Companies Get Phase 0 Wrong—And Set Themselves Up for Disaster

Companies frequently fail large-scale IT transformation projects due to poor decision-making in the pre-implementation "Phase 0," rather than technology issues. These failures often stem from misaligned priorities, lack of independent governance, and reliance on system integrators (SIs) that prioritize their own interests over the company's success. To avoid disaster, businesses must take a business-driven approach to Phase 0, maintain decision-making control, and ensure competitive selection of implementation partners rather than defaulting to their Phase 0 advisors.

Why you almost certainly have a shadow AI problem

Shadow AI, the unauthorized use of AI tools in organizations, poses significant risks, including data leakage and misinformation, yet many companies lack governance measures to address it. The rapid growth of AI capabilities far outpaces AI governance, making it difficult for businesses to control and mitigate risks effectively. To combat shadow AI, organizations should implement technical solutions like Retrieval-Augmented Generation (RAG), enforce security controls, and foster cultural awareness through AI literacy training, similar to cybersecurity education.

🐛Bugs & Exploits

Veeam Fixes Critical Vulnerability in Backup & Replication Software

Veeam has released a security update to fix a critical remote code execution vulnerability (CVE-2025-23120) in its Backup & Replication software, which has a CVSS score of 9.9 and could allow unauthorized access to sensitive data. The issue affects version 12.3.0.310 and earlier builds, and users are urged to upgrade to version 12.3.1. Lansweeper has introduced a new report to help organizations identify at-risk Veeam installations and mitigate potential threats.

Oracle denies breach after hacker claims theft of 6 million data records

Oracle has denied claims of a data breach after a hacker, "rose87168," alleged they stole 6 million records from Oracle Cloud's federated SSO login servers and attempted to sell the data. The hacker provided a sample database and claimed access via a vulnerability, demanding 100,000 XMR for breach details, but Oracle maintains that no customer data was compromised. BleepingComputer is investigating the validity of the alleged stolen data and has contacted affected companies for confirmation.

VSCode extensions found downloading early-stage ransomware

Two malicious VSCode extensions, "ahban.shiba" and "ahban.cychelloworld," were found deploying in-development ransomware, highlighting flaws in Microsoft's review process. Despite being reported in November 2024, Microsoft allowed the extensions to remain for months, only removing them after security researchers flagged them again. This incident raises concerns about Microsoft's ability to detect threats promptly, especially as their review process has inconsistencies—sometimes removing non-malicious extensions too quickly while allowing actual threats to persist.