When you purchase software, you will receive a copy of the software to install along with a license. You do not have any ownership rights, as these belong to the software company. A software license gives you the right to use a software product. It also governs the use of the software along with the copyright laws, which prevent the unauthorized distribution or reproduction of the software. A license might also specify, among other terms and conditions, whether you may install the software on more than one computer and whether you can create backup copies of the software.
There are two main types of software procurement options:
1. On-Premises Software
On-premises is a type of software delivery model that is installed and operated from a customer’s in-house server and computing infrastructure.
It utilises a business’s own computing resources and requires only a licensed/purchased copy of the software from an independent software vendor.
The customer is responsible for the security, availability and overall management of on-premises software. However, the vendor also provides after-sales integration and support services.
2. On-Demand (Cloud) Software
On-demand software is a type of software delivery model that is deployed and managed on a vendor’s cloud computing infrastructure and accessed by users over the Internet as and when required. On-demand software enables a user/organization to subscribe to software on a pay-as-you-go, monthly or otherwise billing method.
On-demand software is also known as Software as a Service (SaaS), online software and cloud-based software.
On-demand software provides the same or enhanced capabilities compared to on-premises software, but the main benefit is that companies don't have to buy their own software. The customer pays a flat monthly fee to use the software and can decommission services anytime.
Hardware refers to the physical electronic devices that form the technology structure of most businesses. By investing in high-quality hardware, you can save time, increase productivity and potentially boost revenue and profits.
Examples of essential pieces of business hardware include:
• Laptop or Desktop computer
• Mobile Devices (including phones and tablets)
• Printers, copiers and scanners
• Wireless routers
• Network Server
• An Uninterruptible Power Supply (also called a UPS system or UPS battery backup)
IT Partner/Service Provider
SME’s may not have IT expertise within their staff structure, so may need to look at flexible skills acquisition options to fulfil their needs. There are IT service providers who will provide a range of short to long term services including:
• IT Installation Services - Providing proactive support to your infrastructure and software set up and connectivity of your business network.
• IT Support Services - Providing reactive support by phone, remote access or on-site on general enquiries relating hardware and software.
• Managed IT Service - Providing a proactive and reactive service to monitor systems, keeping things up to date and secure.
Cyber Security or Information Technology Security is the technique of protecting computers, networks, programs and data from unauthorised access or attacks that are aimed at exploitation.
Cyber Essentials is a government-backed cybersecurity certification scheme that is suitable for small businesses and other organisations. Its goal is to set out the basics of cybersecurity and guide organisations through the process of self-protection against cybersecurity risks.
Cyber Essentials covers all the basic security weaknesses that a business might have within its own IT systems and software. It works on the basis that straightforward but robust measures can have a big impact when it comes to external cybersecurity risks.
The requirements that a business must meet for Cyber Essentials certification are specified under five 'technical control themes':
Firewalls: Computers and network devices must be protected by a correctly configured firewall (or equivalent network device) to ensure that only safe and necessary network services can be accessed from the internet.
Secure configuration: Computers and network devices must be properly configured to reduce their vulnerability to cyberattack, for example, unnecessary user accounts and software must be disabled or removed; users must be authenticated before they can access sensitive data; weak or default passwords must be changed.
User access control: Employees' access to software, settings, online services and device connectivity should be at the lowest level necessary for them to perform their roles. Additional access should only be given to employees who need it.
Patch management: Software on all devices must be kept up to date to ensure that they are not vulnerable to known security issues for which fixes are available. Software that is no longer supported and updated must be removed from devices.
Malware protection: Every device must be protected against viruses and other malware by using anti-malware software, application whitelisting (i.e. allowing only approved applications to run on devices) and/or application sandboxing (i.e. placing restrictions on unknown applications to minimise potential threat).
For more information, and to a view directory of certification bodies, go to www.cyberessentials.ncsc.gov.uk/getting-certified.
Data backup is a process of duplicating data to allow retrieval of the duplicate set after a data loss event. Today, there are many kinds of data backup services that help businesses ensure that data is secure and that critical information is not lost in a natural disaster, theft situation or other kinds of emergency.
Businesses have the option of backing up data remotely or downloading huge amounts of data into small portable devices. Cloud services and related options facilitate easy remote data storage, so that data is secure if an entire facility or location is compromised, while RAID, or mirror, technologies provide automated backup options.
In addition to remote data backup, there are new methods, such as failback and failover systems that automatically switch the destination of data when a primary destination is negatively affected in any way.