The Cybersecurity Skills Shortage: Threat AND Opportunity for IT?

RET_005To paraphrase iconic singer/songwriter Donovan Leitch, who borrowed the idea from a Buddhist saying, “First, there is a cybersecurity skills shortage, then there is no shortage, then there is.”

A recent Computerworld article highlighted a US Department of Homeland Security (DHS) blog post, in which a DHS official argued that the much-publicized cybersecurity skills shortage is a myth.

In that post, the DHS official offered as evidence the 14,000 applicants, including 2,000 walk-ins, who attended a DHS job fair last July. “[W]hile not all of them were qualified, we continue to this day to hire from the wealth of talent made available as a result of our hiring event. The amount of talent available to hire was so great, we stayed well into the night interviewing potential employees.”

Perhaps unsurprisingly, the Computerworld article contrasts DHS’s interpretation of its job fair experience with the findings of numerous others outside of government. “For instance, a report released one day before the government’s job fair in July, Intel Security, in partnership with the Center for Strategic and International Studies (CSIS), pointed to a ‘talent shortage crisis’ of cybersecurity skills.”

Of course, the question isn’t whether there is or is not a cybersecurity skills shortage. The real question is, how can your company avoid the negative effects of such a shortage, now or in the future?

If skills are the question, technology is the answer

The right combination of skills, technologies, and processes can maximize the business value of the skills already in place at your organization. That combination can also help your organization to deal with any difficulties in expanding your cybersecurity team, by instead expanding the reach of the people you already have and the knowledge and experience they possess.

These benefits are equally applicable beyond cybersecurity. Technologies and processes that automate mundane tasks effectively and enable well-managed collection, sharing, and application of knowledge can aid your organization’s IT asset management (ITAM), IT service management (ITSM), and other efforts as well.

However, given the highly publicized challenges and risks associated with ransomware and other cybersecurity threats, cybersecurity may be the starting point that delivers the most benefits soonest.

LANDESK, AppSense, and Shavlik solutions—and the skills and experience of their developers, resellers, and partners—can help you to ensure that your business can do business safely and efficiently. No matter how the availability of skilled, experienced personnel may ebb and flow. Visit us online, or contact your representative, to begin implementing the solutions and processes that protect and enable your people and your business.

No More ‘Small, Mid-Sized’ Businesses: Size Is out—Maturity Is In

Map pin flat above city scape and network connection conceptAs we approach another new year, some may already be thinking about resolutions for 2017.

Here’s a suggestion: Stop talking about your company in monolithic, size-focused terms such as “SMB” (“small to mid-sized business”) or “large enterprise.”

In all but the smallest companies, there is rarely if ever a situation where one size fits all. Why? Because in most enterprises (regardless of size) multiple initiatives and efforts are underway simultaneously. And while your business may be deeply experienced in some areas, some of those initiatives likely involve areas of focus at which you and your colleagues are novices.

IT presents several immediate and obvious examples. Your company may be expert in its primary business or businesses. But unless one or more of those is, in fact, IT, it’s unlikely that your company is as good at IT as it is at whatever it does best.

With this in mind, it may be more valuable and relevant to think less about companies in terms of “small” and “large”, and more about companies in terms of “start-up” and “scale-up” of specific initiatives. Or about processes that are more mature and less mature. Or environments or situations that are more complex or less complex.

Why words matter

This may seem at first like a pointless exercise in rhetorical hair-splitting. However, it turns out that how you frame discussions can have important effects on how those discussions play out and the results they produce.

Or, to be a bit more succinct, word choice matters.

Especially when you’re considering or pursuing initiatives important to your business.

Depending on the words you use to describe it, an initiative to, say, improve IT security or asset management may come across as a daunting, boil-the-ocean exercise, or as a worthy enhancement to the processes that run the business. And since every significant initiative involves engaging the support of others, how you present the initiative can have a major effect on its probability of success.

The challenge of word choice is equally significant regardless of the size of your enterprise. There are lots of smaller companies that face IT and other challenges as complex as those faced by larger organizations. And not every challenge faced by a larger enterprise is necessarily more complex than those faced by their smaller counterparts.

Another challenge: making sure the words used to assess challenges and plan solutions are based on accurate, credible information wherever possible. This means that in many cases, a central, well-managed repository of relevant information, stored and organized with an agreed-upon taxonomy, is the best foundation for communications based on or related to that information.

LANDESK solutions

LANDESK has both the solutions and the thought leaders to help you use the right words to pursue your IT initiatives successfully, and to back those words up with the best available information about your environment.

  • ITAM

Are you considering or pursuing an IT asset management (ITAM) initiative? You can read about how different people view assets differently, as well as what should be in your ITAM database, in this excellent blog post by ITAM Evangelist Patricia Adams: What is IT Asset Management?

You might also want to check out Patricia’s on-demand webinar in which she introduces her ITAM Attainment Model. There is also the very useful Info-Tech ITAM Report in which LANDESK was named a “Champion” vendor.

  • Risk management

How about risk management? Read Effective Risk Management Without Boiling the Ocean, another great post by our CSO, Phil Richards. In it, Phil discusses why a risk register aids risk and security management initiatives, and suggests some of the words that can help avoid boiling the risk management ocean.

  • Service management

Service management, within and even beyond IT? Got you covered there, too. LANDESK Service Desk combines social, mobile, and self-service support with data connectors and multiple integrations with other tools and data. Its ability to deliver a federated view of your configuration management database (CMDB) and other features are why Garter named LANDESK a “Visionary” in its 2015 IT Service Management and Support report.

Of course, we have other resources and solutions to help you succeed with initiatives in these and other areas as well. Check them out online, or contact your LANDESKAppSense, Shavlik, or Wavelink representative to learn more.

Let LANDESK help you make 2017 the year in which your organization increases the maturity of its IT initiatives and processes, to the benefit of the entire business.

ITSM-CTA-Blog-Banner (1)

Shavlik Protect Wins Gold Award for Security at VMworld 2016

This just in! Our amazing team at Shavlik Protect just won the Gold Award of VMworld 2016 for the Security category by TechTarget’s SearchServerVirtualization.com!

While the win is not a complete surprise—it was wholeheartedly deserved, after all—here we’ll break down our perspective on why Shavlik took home the award.

Emphasis on virtualization

Chris Goettl, Sr. Product Manager for Shavlik Protect

Virtualization was one of the hottest topics at VMWorld 2016, and it also happens to be one of the greatest strengths of Shavlik Protect. Data centers are constantly choosing Shavlik for its ability to seamlessly patch virtual environments.

Some of the features offered in regards to patching virtual environments include:

  • Virtual machine template patching
  • Online and offline virtual machine patching
  • VMware vCenter integration
  • VMware ESXi Hypervisor patching
  • Snapshot critical assets for superior rollback

Third-party patching

Many organizations make the mistake of only focusing on their OS, forgetting that third party applications can also create system vulnerabilities.

Shavlik provides an immense catalog of third-party applications which is always expanding to include new products and updated versions.

Security foundation with patch management

Today’s security landscape is filled with all kinds of new and flashy products that promise protection from today’s latest threats.

But many organizations are overlooking the basic simplicity and efficiency of patch management. A robust patch tool doesn’t just eliminate vulnerabilities, it also eliminates the threats that target those vulnerabilities.

Go agentless

Shavlik’s agentless capabilities are great for many reasons:

  • Minimize impact to server workloads
  • Assess and deploy patches
  • New virtual systems are never missed

Add water and stir

Software for the enterprise has had a bad rap for being difficult to configure and install. Shavlik’s engineers have put a lot of effort into making sure their product is not only installed properly, but is also scanning for patches and deploying patches in half an hour or less. This might sounds too simplistic, but trust us, Shavlik Protect has the capability to work in large and complex environments.

Try it for yourself and you’ll quickly see why Shavlik Protect won the Gold Award of VMworld 2016 for the Security category!

The New Shavlik.com

As you may know, LANDesk acquired Shavlik from VMware back in April. Since then the web team has been working on a new Shavlik website that is easier to navigate and find all the content you’re looking for. Today the new Shavlik.com site has been pushed live. Screenshots of the new site can be found below.

We hope you find the site helpful and informative when it comes to all of your patch and patch and IT management needs. If you have any comments for the web team on the new site, you can drop them a note here.

shavlik-home

The new Shavlik.com home page.

shavlik-secondary

A secondary page on the Shavlik.com website.

Patch Tuesday

Last week Microsoft announced 10 bulletins for May Patch Tuesday.  Among these should be a fix for Security Advisory 2847140 which is a major cyber security threat targeting IE 8. Microsoft released a Fix IT for this vulnerability last week in an effort to help reduce risk of exposure to this threat.  The vulnerability could be used in what is referred to as a watering hole attack, in which an attacker would exploit a third-party site that a particular group would tend to frequent.

Join us on Wednesday, May 15 as we discuss the patches that Microsoft will release tomorrow as part of the May Patch Tuesday.

Join us on Wednesday, May 15 as we discuss the patches that Microsoft will release tomorrow as part of the May Patch Tuesday.

The hope being that any one of the intended group would visit the exploited site and if using IE 8 could be exploited in turn.   There is probably evidence that this vulnerability could already have been exploited in the wild as far back as March of this year.

Join us on Wednesday, May 15 as we discuss the patches that Microsoft will release tomorrow as part of the May Patch Tuesday.  We will also discuss third-party releases for Patch Tuesday as well as recap all bulletins released for the Shavlik Protect products since the April Patch Tuesday.  Sign up for this and other Shavlik product webinars here.

Shavlik: A Brief Introduction

Last week at the Microsoft Management Summit, LANDesk announced its acquisition of the VMware Protect Product Family.   Part way through the day on Monday the LANDesk staff reskinned the LANDesk booth, and by the welcome reception that evening booth #609 became a Shavlik booth.  Needless to say the appearance of the Shavlik brand surprised many people at the expo.   LANDesk reintroduced the Protect products under its original Shavlik brand and added an additional product to the brand as well.

For those of you already familiar with the Shavlik products, you will see a new release of Shavlik Protect 9.0 in early May.  The Update Catalog is also being rebranded to its original Shavlik SCUPdates branding.   For those who may not be familiar with the Shavlik products, here is a brief introduction.

The Shavlik products are well known for their simplicity, flexibility, and quick ROI.  Whether you are a SCCM shop or looking for alternatives, the Shavlik products provide quick, easy, and cost effective solutions to simplify IT Management.

Shavlik Protect is a product that you may recognize as HFNetChk (as it was originally branded).   It is an IT Management solution that provides Patch Management, Asset, Management, Power Management, Threat Protection, and ITScripts to effectively manage your environment through a single pane of glass.   The agentless capabilities allow the product to be up and running in 30 minutes and assessing your environment.  You can effectively be updating your environment same day.  Protect has the ability to support Physical and Virtual environments as well.   For customer using vSphere, Protect can patch the ESXi Hypervisor, scan and deploy to offline VMs (including templates), and even snapshot pre and post deployment.  Protect also includes agents which can be cloud enabled to allow you to easily manage machines in and outside of your network without opening security risks in your Firewall.

Shavlik SCUPdates is a data catalog that provides 3rd Party patches for SCCM users.  It is the fastest way to cover 3rd Party products from vendors such as Adobe, Oracle, Apple, Mozilla, Google, and more.  For those who have committed to using SCCM, you do not need to learn another solution or install and maintain an additional product to cover the non-Micorosft products in your environment.  SCUPdates can be imported and published through SCUP, a component of SCCM.  Within minutes you have 3rd Party patch updates published to SCCM and can continue with your day job.

New to the Shavilk family is another product recently acquired by LANDesk.  Management Intelligence is another complimentary solution to SCCM.  This solution is able to pull data from SCCM and user a variety of connectors to pull data from your software and hardware vendors.  The data is normalized allowing you to easily and effectively tackle License Management and Hardware Lifecycle Management problems that could take five or six additional solutions to maintain.

Shavlik is also well known for hosting PatchManagement.org and our regular Patch Tuesday Webinars.   PatchManagement.org is a site where anyone can join and participate in patch management discussions, ask questions, and receive feedback from your peers.  The Shavlik Patch Tuesday Webinars are run monthly on the Wednesday after Microsoft’s Patch Tuesday.  This webinar covers the Microsoft Patches that released as well as the other 3rd Party updates that released in the Shavlik Protect product as well as reviewing the previous month of patch releases for Shavlik Protect.  Check out the April Patch Tuesday playback below.

We at the Shavlik team in Minnesota are excited and proud to be working with the LANDesk team to continue bringing effective IT Management solutions to the market.  Thank You for the warm reception at the show last week for those who stopped by, and for the rest of you, we look forward to working with you soon.