The ITAM Roundup: 4/13/25
đ° News
Oracleâs Data Breach Response: A Crisis Management Playbook
Oracle is managing the fallout from multiple data breaches involving its cloud services and healthcare division, initially responding with denial before partially admitting issues and launching internal investigations. While it has begun notifying affected parties and hinted at corrective steps, the company has yet to fully acknowledge the scope of the breaches publicly. The situation follows a typical crisis management arcâinitial defensiveness, gradual transparency, potential personnel and policy changes, and a push to rebuild trust through improved security and communications.
Jeff Lazarto
IBM Launches New Mainframe in Bet That Some Data Stays Local
IBM has launched the z17 mainframe, designed to support AI workloads while keeping sensitive data on customer-owned hardware, reinforcing a shift toward hybrid cloud models. The z17 includes enhanced security features supported by IBMâs recent acquisition of HashiCorp and reflects growing customer demand for local data control. While IBM continues to emphasize software and consulting, its physical infrastructure business remains a steady revenue contributor amid rising hardware demand driven by AI.
Bloomberg News
The Evolution of FinOps Goes Beyond Cloud
FinOps has evolved from cloud financial management to a broader framework that now includes managing SaaS and data center costs. This expansion allows organizations to apply FinOps principles to optimize spending across diverse IT domains, including cloud, on-premises systems, and SaaS subscriptions. Additionally, the growing collaboration between FinOps and IT asset management (ITAM) teams is enhancing visibility and driving efficiencies, while the integration of AI-related resources into FinOps practices is becoming increasingly important to manage the costs associated with generative AI tools.
Jay Litkey
W16 SAM & ITAM Jobs | #ITAMjobs
This week's SAM and ITAM job roundup from Licenseware highlights a range of global opportunities for both entry-level and experienced professionals. Roles include positions like Flexera Administrator at Marriott International, Lead IT Asset Manager at AT&T, and Software License Manager at OpenText, with some salaries reaching up to $190,000 plus bonuses and equity. The list features openings across the U.S., UK, Europe, and Asia, covering companies from tech firms to retailers, with many listings shared via LinkedIn.
Licenseware
Trump Tariff Turmoil Seeds Uncertainty in Global Data Center Market
The reintroduction of U.S. tariffs under the Trump administration has created uncertainty in the global data center market, potentially raising costs for critical components and delaying new construction. While these tariffs are expected to impact capital and operational expenses, industry experts believe demand for data centersâdriven by AI, cloud computing, and digital transformationâwill remain strong and relatively inelastic. Operators are likely to adopt cost-saving strategies and pass some expenses to tenants, but long-term market growth is still anticipated despite short-term disruptions.
Nathan Eddy
Legal clock ticking for Microsoft over alleged software license abuses
Microsoft is facing a looming deadline to deliver a multi-tenant hybrid cloud product for European service providers as part of a settlement with CISPE, amid accusations of anti-competitive software licensing practices. Despite agreeing to the terms in mid-2024, Microsoft appears unlikely to meet the technical requirements or address ongoing price discrimination concerns, potentially reopening legal challenges in the EU. While Microsoft has paid $22 million to CISPE and paused audits, failure to meet the agreement's conditions could reignite regulatory scrutiny and escalate broader antitrust pressure from both European and UK authorities.
Paul Kunert
Infosec experts fear China could retaliate against tariffs with a Typhoon attack
As U.S.âChina trade tensions escalate with steep new tariffs, cybersecurity experts warn that China may retaliate with cyberattacks using pre-positioned malware from state-sponsored groups like Volt Typhoon. These groups have already infiltrated U.S. critical infrastructure, potentially preparing for large-scale digital disruption during crises. Meanwhile, cybercriminals are exploiting the confusion with a surge in sophisticated, AI-powered scamsâsuch as fake tariff invoices and phishing attacks tied to package deliveriesâtargeting both consumers and businesses.
Jessica Lyons
đ Tips
Find opportunity during the chaos of a trade war
While U.S. companies are struggling with the effects of new tariffs, global organizations may find opportunities by tapping into surplus capacity from suppliers outside the U.S. Procurement leaders in sectors like food and manufacturing are encouraging teams to look beyond risk mitigation and seek advantageous deals with suppliers eager to maintain production levels. Despite widespread pessimism, the article highlights that trade disruptions can create strategic openings for agile, globally-minded businesses.
Jonathan Webb
CIO Playbook: Negotiating VMware Contracts PostâBroadcom Acquisition
The Broadcom acquisition of VMware has significantly reshaped VMwareâs licensing, support, and sales models, shifting to subscription-only licensing, streamlining product bundles, and imposing stricter and more expensive contract terms. CIOs now face challenges such as skyrocketing costs, reduced support quality, vendor lock-in, and a narrower product portfolio that limits flexibility and choice. The CIO Playbook offers strategic guidance on negotiating with Broadcom, urging organizations to proactively address these changes to mitigate risks and avoid being locked into unfavorable long-term contracts.
admin
Why FinOps Is Key to Maximizing AI ROI
As AI spending accelerates, businesses are turning to FinOps to manage costs, track ROI, and ensure scalable, value-driven AI integration. By applying FinOps principlesâlike budgeting, resource allocation, and outcome-based metricsâorganizations can avoid wasted investments, enhance operational efficiency, and align AI initiatives with business goals. This strategic approach improves visibility, supports executive buy-in, and maximizes the long-term success and financial returns of enterprise AI projects.
Industry Perspectives
đBugs & Exploits
AI-hallucinated code dependencies become new supply chain risk
A new threat called "slopsquatting" has emerged from AI-generated code that hallucinates non-existent package dependencies, which attackers could exploit by creating malicious packages with those names. Studies show that a significant portion of AI-generated code, including from commercial tools like ChatGPT-4, references fake but plausible packages, creating a predictable and repeatable attack surface. To mitigate the risk, developers are advised to manually verify package names, use dependency management tools, and test AI-generated code in secure environments.
Bill Toulas
