The ITAM Roundup: 5/5/24

roundup May 5, 2024

📰

News

Annual IAITAM Conference (5/7-5/9)

The IAITAM Annual Conference and Exhibition (ACE) kicks off this week, May 7th - May 9th, at the M Resort in Las Vegas. ACE is the premier global event for IT Asset Management, attended by over 2,000 professionals including C-level executives and experts from IT, finance, and legal sectors. It offers more than 100 educational sessions, workshops, and networking opportunities, equipping attendees with actionable insights to either initiate or enhance ITAM programs within their organizations.

IBM and AWS forge global alliance, streamlining access to AI and hybrid cloud solutions

IBM and AWS have formed a global alliance to expand IBM's software portfolio to 92 countries through the AWS Marketplace, allowing businesses access to AI and data technologies directly. This partnership streamlines procurement, enhances accessibility to IBM's offerings, and creates potential cross-selling opportunities for AWS. The collaboration signals a trend of major tech players working together to meet the growing demand for cloud solutions, offering customers a wider range of solutions and streamlined procurement processes.

CIO Talk: Is Compliance the Killer App for E5?

Barry Briggs discusses the increasing importance of compliance in enterprise computing, highlighting Microsoft's advancements in regulatory compliance services within Microsoft 365, particularly through the E5 tier. With around 234 regulatory changes per day, compliance technology becomes crucial for businesses across various industries, and Microsoft's Purview umbrella brand offers a comprehensive suite of compliance services, although predominantly available in the E5 tier. While compliance expenses may seem burdensome, the penalties for non-compliance underscore its significance, making E5 investment a likely necessity for large organizations seeking comprehensive compliance solutions.

Red Hat Enterprise Linux End of Life

Red Hat Enterprise Linux 8 will reach the end of its full support on May 31st, 2024, transitioning to a maintenance support phase for the next five years until May 31st, 2029. During this maintenance phase, updates for security advisories and high-priority bug fixes will be provided, but no new functionality or hardware enablement will occur. Users are encouraged to upgrade to RHEL 9 to continue receiving full support and access new features.

Microsoft EA Negotiation – Discounts & Concessions

Directions on Microsoft negotiation expert Dean Bedwell details the types of financial, legal, and business concessions Microsoft customers should ask for during their EA negotiation and the best way to ask for them.

Introducing User Inventory for Full Visibility in Lansweeper Sites (Cloud-based Console)

Lansweeper has introduced a new User Inventory feature in Lansweeper Sites, offering detailed insights into Active Directory user data to streamline IT asset management. With enhanced visibility into user-asset relations, organizations can optimize resource allocation, streamline support processes, and strengthen cybersecurity measures. The feature bridges the gap between on-premises and cloud-based environments, ensuring a seamless user experience and consistent functionality, with ongoing enhancements promised based on user feedback.

Microsoft plans to lock down Windows DNS like never before. Here’s how.

Microsoft is unveiling ZTDNS, a framework aimed at securing the Domain Name System (DNS) within Windows networks by encrypting and restricting domain resolutions. ZTDNS integrates encryption and fine-grained control features into Windows DNS, enabling encrypted and authenticated connections while tightly controlling domain resolutions. This initiative addresses the security risks associated with DNS, where traditional approaches often compromise either encryption or visibility, by allowing administrators to enforce strict policies on DNS traffic, enhancing network security.

📖

Tips

5 keys to optimizing ROI on your Cloud Center of Excellence

To optimize ROI on a Cloud Center of Excellence (CoE), it's crucial to focus on five key aspects: relevance, connectivity, team building, continuous innovation, and cultural transformation. These elements ensure alignment with long-term objectives, representation across the business, a diverse skill set within the team, ongoing innovation, and collaboration with security and risk groups. A successful CoE not only accelerates cloud adoption but also supports future strategy, mitigates risks, and drives value creation in enterprises.

Also, check out TCS's Cloud CoE whitepaper here.

How to Upgrade Pega in 9 Steps

Regular upgrades of Pega software offer numerous benefits, including access to new features, security patches, and improved performance, ensuring smooth and uninterrupted operations while meeting compliance requirements. The upgrade process involves steps such as pre-checks, environment preparation, customization analysis, testing, and deployment, with careful planning and utilization of available tools recommended for a successful upgrade.

🐛

Bugs & Exploits

Maximum-severity GitLab flaw allowing account hijacking under active exploitation

In May 2023, GitLab introduced a feature allowing users to reset passwords through links sent to secondary email addresses, but this change inadvertently led to account takeovers by attackers exploiting the feature. While multifactor authentication (MFA) mitigates the risk, accounts without MFA remain vulnerable to password resets, although the rightful owner can still regain control by changing the reset password. Classified as CVE-2023-7028, this vulnerability has a severity rating of 10 out of 10, prompting the US Cybersecurity and Infrastructure Security Agency to issue warnings and urge immediate patching.