About the Author

Matt Hooper

Author, podcaster, blogger, and Twitter addict, Matt Hooper is an engaging international speaker on agile business management, leadership, technology, and customer service. His 20+ year career has taken him from help desk analyst to CIO. Matt brings practical and real-world insights for growing and sustaining business outcomes through organizational agility and customer centricity. An active member of the ITSM, DevOps, and Agile communities find him on twitter @Vigilantguy.

Why Failure to Sponsor ITSM Is Just Asking for Ransomware

Locky Ransomware virus“You are traveling through another dimension, a dimension not only of sight and sound but of mind. A journey into a wondrous land whose boundaries are that of imagination. Your next stop, the Twilight Zone!”

If you are even slightly connected on social media, maybe you have been feeling like I have lately: that you have mysteriously entered a parallel universe.

One universe is filled with rainbow-colored unicorns, where developers are magically empowered with unlimited knowledge of operational excellence. They also instinctively know the perfect customer experience (DevOps).

The other universe consists of a den of trolls who have maliciously infected every electronic device you own. What’s worse, they’ve systematically cooked up a scheme where you’re holding a winning lottery ticket, all so they can steal it from you and leave you holding the source code (SecOps).

Somewhere in the middle of all of this madness is reality.

As IT leaders, we must ground our ITSM disciplines in reality. In doing so, we recognize that ITSM is how IT gets work done. We need to understand that an appropriate balance is required in addressing any risk or opportunity.

There has always been a balancing act for our prioritization of IT resources.

CHEAP, SECURE, GOOD, or FAST. PICK TWO.

Let’s take a look at some realities. We’ll start with SecOps, and in particular, the immediate threat of ransomware.

REALITY: You are already hacked and it’s going to happen again.

How do I know this?

Ransomware and malware do not happen as a result of vulnerabilities. They happen as a result of failed ITSM sponsorship and support.

Failure to manage ITSM disciplines have enabled one or more of the following activities to take place within your environment:

  • Failure to sanction an approved software distribution program. Since users are not able to get software from the sanctioned self-service request catalog, they download and install applications on devices from other sources.
  • Failure to inventory software configuration items. With the lack of support to discover and document configuration items properly into your CMDB, management of applications (and particularly, their security) is impossible. Patch management is about updating the keys, but if you don’t know where the safes are and what type they are, your patch management is already flawed.
  • Business service models don’t exist. Failing to map critical business services and vital business functions to your technology assets removes the impact of vital decision making for access control, risk assessment, and recovery. IT works with limited resources, and this lack of intelligence is critical to change, access, and availability planning around high-value targets.
  • ITSM is focused on IT support and is separate from PMO and SDLC. Incident and request management is not ITSM. Relegating accountability for how IT gets work done to your service desk manager or director of IT operations is a critical management flaw. Asset acquisition starts with a project. Sourcing the IT asset or building it requires all parties to understand the risk levels involved. Once operational, this will directly impact response procedures, change authority, and other governance.
  • We don’t need ITSM; we outsource everything and use the cloud. Heaven help me!

BOTTOM LINE: Ransomware is a byproduct of failing to effectively sponsor ITSM enterprise-wide.

The following three tactical efforts need to happen to improve protection against ransomware and malware:

1. Establish critical business service mappings. Starting with customer-facing offerings, map the interfaces, technologies, and systems that support these customers. Define their value and risk to the business. Yes, this is hard and expensive. But try data hostage negotiations for a couple of weeks! This is a walk in the park compared to what could happen.

2. Establish the sanctioned enterprise architecture of approved and supported technologies. This definitive list should be tracked in your ITAM solution, mapped to the discovered inventory. It should be followed by a solid white-listing strategy and a rigorous “non-allowed” removal program to eliminate rouge (non-sanctioned) applications.

3. Redefine the accountability in your BYOD and cloud usage policies. Yes, it’s great that everyone wants to use their own devices for work. However, it must be crystal clear that their allowance for hijacking or malware is a personal liability. Arm your employees with security, inventory, and patch management tools that will ensure they are equipped to protect themselves, but more importantly, the corporate assets they access.

Clearly, it will take more than this to protect against ransomware. However, effective ITSM is already providing processes and tools to support these governance areas.

Is your ITSM lacking this level of governance focus or sponsorship? Talk to us about how to take your governance to the next level, and be sure to download our free whitepaper on how to prevent ransomware.

Blog-CTA-Whitepaper-527x150

When selecting ITSM tools choose the why over what and how

ITSM tools

When it comes to selecting ITSM tools, you should be focused on the “why” over the “what” and “how.” The ITSSM market as defined by Gartner is HOT right now, and for some very good reasons:

  • Requirements for IT transparency and governance
  • Need for increased speed of change and focus on value streams
  • Improvements in the way IT participates in the corporate digital-transformation strategy

As a leader in Gartner’s MQ (Magic Quadrant) and labeled “Visionary”, LANDESK is frequently invited to participate in companies’ request for information (RFI) and request for proposal (RFP) processes for ITSM tools. Over the past few years, it has become common place for organizations to use a standard template for the RFPs.  Requirements that used to be differentiators between vendors have become table stakes for any of the vendors in the MQ, Forrester Wave, ITSM Review, and other analyst assessment portfolios.

If you fire off your RFP to any of these vendors, you’re guaranteed to get it returned riddled with out–of-the–box (OOTB) features. In other words, the functionality you are looking for around Incident Management, Change Management, Release or Self-Service is designed and built into the product.

The reality is you no longer need to ask these vendors: “Does your software support ITIL process? Does your software support Mobile ITSM?  Does your software offer easy configuration?” All vendors are going to answer yes.

So how do you find ITSM tools that are going to fit your needs?

First, as with any software vendor, view it as a partnership. Where is your organization heading? What are your goals and objectives for IT? How does improved automation and management help you reach those goals?

Once, you have a clear picture of where you want to go, then you can start to evaluate if the vendor makes a suitable partner. If one of your objectives is to help you pass audits and improve compliance, then look for a vendor whose purpose of being in business aligns with that goal. Do they have clear focus and vision for asset and security management?

Understanding WHY they are in business tells you that this company is going to be focused on those things. As we know, no vendor is going to be perfect, but the ones that are focused on improving in the direction we are going make for great partners.

Before you even start to list your requirements, you can short list the vendors you are going to be good candidates for your ITSM journey, simply by looking at WHY they are in the market.

Did they start with being a help desk solution and are trying to expand into ITSM? If so WHY? Was it to help improve asset and configuration management through change automation?

Are they focused on IT and ITSM, or are they a platform focused on offering capabilities around ITSM as just a part of an overall technology strategy? If not WHY? Have they exhausted all the ITSM automation capabilities, or are they responding to investor pressures to service outside of IT for licensing growth?

Are they advancing their product strategy in both architecture and delivery, offering on premise as well as SaaS/Cloud capabilities though modern responsive design? If so WHY? Is it to make software licensing and the user experience easier?

So is LANDESK Service Desk the best ITSM tool in the industry? We will most likely meet your ITSM short-list vendor requirements, that’s for sure. But is LANDESK right for you? Well that really depends on your goals and whether we would be a great partner in the journey together.

What I can tell you is that more and more companies are choosing LANDESK for their service desk and ITSM tool selection.

Let’s then take a look at WHY companies choose LANDESK Service Desk. We’ll start the countdown and cover

5 reasons LANDESK makes the short-list for ITSM tool selection.

So what’s the WHY for LANDESK?

The reason WHY LANDESK exists is to make the job of IT professionals easier by eliminating physical tasks. Whether it’s unifying the administration and management of end-points in the environment(UEM Suite), inventorying software and hardware (ITAM Suite), identifying and mitigating risk and security weaknesses (InfoSec Suite), or automating the assignment, notification, or execution of IT change, support and management activities (ITSM Suite), LANDESK is focused on bringing digital transformation solutions for IT Operations challenges.

5) Tool Kit not Ticket System

LANDESK Service Desk has always been focused on automating business processes. With growing worldwide adoption of ITIL, LANDESK was one of the first to offer out-of-the-box ITIL workflows to ease the adoption of processes into the organization. Instead of building, yet another forms-based ticketing system, the technology was engineered around business objects. Business objects that can be configured into a system of record, easily dragged into place to create views into data capture, presentation and actions.

In other words, think Legos not Matchbox. While you can build a car, if you need to morph it into the Millennium Falcon, you have the tools to do that. Most organizations are not ready to be flying through asteroid fields at hyperdrive… but want a product that can handle it when they are ready.

4) Built around Process not Forms

Since its origin, LANDESK Service Desk has been about automating process, not providing data entry forms. So unlike any other product on the market, its state-based workflow engine, not a forms-based workflow engine, provides a visual workflow designer as the core of the application module configurations. What’s the difference? The views, fields, and actions are all based on the status and outcomes of the process interaction.

This provides more decision making capability at a granular level. Process engineers and business analysts love the flexibility, though system administrators sometimes struggle with the concepts of design. If you are looking to create “sexy” web forms, then LANDESK will be a struggle for you. Want to create killer automation of your ITIL, COBIT and PMI processes, then LANDESK is a fit.

3) Modern & Flexible

As discussed previously, when selecting a partner, you want to make sure they have a shared vision. Our vision is focused on creating innovative solutions to physical limitations that are affecting modern IT professionals. Thus, our releases address current needs such as mobile knowledge management where users can simply take a picture of an error message and it automatically translates it, searches knowledge and opens an incident ticket. We call this ITSM innovation SnapIT, and it’s just a small part of our overall commitment to an amazing digital user experience with HTML5 responsive design user interfaces.

We also recognize IT professionals need choice in how their ITSM Suite is deployed.  Thus we offer and support both on premise and SaaS solutions.  Both offerings are designed to easily integrate with existing tools through web services and event management services.  This flexibility makes the implementation time to value short, providing benefits quickly and allowing growth plan of maturity.

2) Integrated into I&O functions

Ah yes… the infamous “Right Click” functionality. ITSM tools selection committees love this about LANDESK. Throughout our product suites, we are constantly thinking about how to leverage our product strengths to make life easier for users. For instance, on a request screen, you can easily see all the assets associated to the end user making the inquiry. You can then in real-time pull up current inventory, remote control, scan for security issues, push software changes, etc… We love it when prospects say: “It would be great if you could do …” most of the time we can. That is because we constantly thinking about how to integrate our ITSM capabilities across the infrastructure and operation lifecycles.

ITSM Support for Asset

ITSM Support for Security

ITSM Support for Systems Management

1) We Exist to Help IT to do Less not More

This may sound counter intuitive, but many products in the ITSSM spaces are marketed as a platforms that allows you to do more. And trust me, they live up to their promise. More administration, more configuration, more time with support calls trying to get through failed upgrades because of the sprawled customization.

LANDESK is designing and building its products that allow IT people to do less. Less data entry, less system administration, less meetings reviewing workload, less phone calls between teams trying to find information. We want our customers to do less data chasing, and report generating, less support and request phone calls.

The role of ITSM professionals is changing. IT functions and services are becoming more distributed and more complex. IT professionals enabled with the capabilities of LANDESK Service Desk are empowered to do less IT minutiae and more value added business activities.

These are the reasons WHY LANDESK Service Desk is selected as the ITSM solution by thousands of customers.

So if our WHY matches your vision, come talk to us. We’d be happy to come talk to you about WHAT we do and HOW we do it.

Password Reset: Is it an Incident or a Request?

Website loginWhat’s in a name?
Does it really matter what you call this common plea for IT help?

Yes! It absolutely matters!

Organizations must manage the activity of IT. Part of that management is to understand workloads, risks and improvement opportunities.
With these factors in mind, incidents and requests imply very different things.
• The higher the incidents, the greater the instability within your infrastructure.
• The higher the requests, the more demand on IT.
Metrics derived from Service Management measuring these factors can help as we decide whether to invest in “Automation and Innovation” or in “Fixing and Stabilizing.”