The decision to maintain software systems in-house is sometimes predicated on the notion that internal IT experts will have better control over security, privacy, use, and application control of the software. Security is often touted as the number one concern.

Close-up of a security guard listening to his earpiece. Back of jacket showing.

In contrast, software vendors have countered that a web-based EAM/CMMS solution makes more sense because of a lower asset Total Cost of Ownership (TCO) and greater accessibility. If security was no longer the top concern would your company be more willing to accept a web-based EAM/CMMS solution?

A Quick Look at Security Intelligence

Not that long ago, Microsoft released Volume 9 of it’s Security Intelligence Report (SIR) for the first half of 2010 that covers the latest security threats to more than 600 million systems. According to Microsoft, the three greatest threats to system security comes from:

  • Stolen equipment – 30.6% of the total reported security breaches. This includes stolen laptops, flash drives, CD’s and so on.
  • Malicious incidents such as hacking, malware and fraud at about 15%.
  • Improper disposal of business records. This may include not wiping hard drives before disposal, misplaced sensitive files or lost asset management documents.

Security breach incidents by incident type

Source: SIR

Why Asset Information Needs to be Secured

Since theft is the number one security breach, it makes sense to make sure that Company owned software, is not on equipment or assets that can be stolen, damaged or erased by thieves. This includes laptops, desktops, CD ROMs or anything else that can be removed from the facilities premises.

Quality EAM software provides facilities, property managers, plants, utilities and governments with the tools they need to streamline maintenance operations as well as manage the physical assets of a company. These two areas represent substantial cost to any asset intensive organization. Theft of critical information can lead to some very expensive capital replacements if crucial asset information is lost.

Web-based EAM/CMMS Security Advantage

Good EAM and CMMS vendors offering hosted solutions have a significant advantage for software application security. This includes features such as:

  • State-of-the-Art secure data centers that care for hundreds if not thousands of client servers.
  • Theft or the improper disposal of hardware/software and files is minimized by the latest and proven audited practices and security teams.
  • Dedicated security experts staying up to date on the latest security threats with resources usually much better than any stand alone company.
  • 24/7/365 access over a secure network.
  • Software is updated and maintained by the vendor much faster than sending out upgrades to individual PCs or laptops.
What Does This Mean for Potential EAM/CMMS Customers

The reality is any system can be breached given enough effort and resources. Lowering the threat means minimizing the opportunity for loss or damage to the company. A hosted asset and maintenance management solution reduces the risk from the top three security threats for the facility using the software. For example:

  • If a laptop is stolen only the laptop is lost. Data is not stored on the laptop, it is stored in the data centers.
  • System and redundancy planning in data centers means you always have access to your asset maintenance and history. In contrast, if the data was located on a local server, downtime is a given for hardware upgrades or other changes.
  • A hosted solution takes the control of the system out of the hands of one rogue in-house person who might wish to harm your company.
Final Note About Enterprise Level Software

Enterprise level software application security does not have the same threat vulnerabilities as software that is downloaded off the Internet to play games with or run simple applications. The reason is enterprise level software such as an EAM system or CMMS is built and maintained at a much more sophisticated and secure level. System access can be tied down to specific levels or users.