Boom or Bust: What’s Your ITSM Operation Worth?

GettyImages-537624508There’s a popular TV show on PBS called Antiques Roadshow. The premise of the show is people bringing in items that they’ve either picked up at a yard sale or inherited in order to have them professionally appraised.

Every once in a while, an unassuming bargain hunter will find out that their thrift store painting (that looks like a horse made out of lasagna) is actually a Picasso. Or the vase they’ve been putting plastic flowers in is actually from the Ming Dynasty.

The bottom line is you never know what something is actually worth until you invest in getting it valuated.

Measuring the value of ITSM

One of the most significant challenges facing IT service management (ITSM) organizations is the inability to measure and find meaningful ways to communicate metrics around the value they bring to the business.

While many organizations have effective operational performance measures in place, a focus on demonstrating and maximizing business value often isn’t evident.

Traditional metrics

Traditional metrics focus on the performance of the ITSM team and tools, e.g., first contact resolution or number of service requests logged in a given day. They describe the current and past situation but don’t provide the necessary insight to predict what to do next, spot moments of importance, and make connections between them.

These traditional metrics are not the figures that business leaders use to make strategic decisions. IT performance and productivity reporting has its place, but alone doesn’t reveal how IT assists the business or business users presently and how it can drive future strategy.

Incident reports

Take a typical incident report. It might indicate there were 25 major incidents over a two-week period. But for the executive level, it’s difficult to understand the business impact of this number.

Showing how those major incidents translate into hours of unavailability for each service, coupled with financial cost, helps the executive level understand the business impacts and risks of a particular service outage, and to make appropriate decisions.

Dashboards and reports

Dashboards and reports are vital to modernizing IT service management, but to be most effective, it’s necessary to understand the required outcomes and priorities of different business managers within the organization.

The most valuable reports are those that offer accurate insights into performance and how that translates into business impact.

Valuable dashboards highlight areas to drive improvements. These reports and dashboards focus communication on what’s important to each business manager viewing the data—the CIO, VP of Operations, or the CEO.

Embracing a value-based approach

It’s time to embrace a value-based approach that ties IT performance and measurement to business outcomes. Only then can you add value by disclosing insights in a business-centric way. This aggregated business view requires inputs from multiple data sources such as incident data, service availability, and cost.

Market research firm IDC predicts that by 2017, 80 percent of CIOs will have a plan in place centered on using data to drive the business past its competition. The same IDC study found that more than 70 percent of organizations that have data valuation processes in place are primarily collecting and analyzing data manually.

Use reporting tools to avoid manual, time-intensive analysis. These tools roll up old-school metrics to dashboards in a way that individual systems and tools can’t achieve easily:

  • Offer the context of business impact alongside standard performance metrics.
  • Ensure that dashboard data can be filtered easily so any business user can dig into the results and make a fast decision that matches your modern-responsive ITSM operation.
  • Enable your service management teams to communicate effectively to business decision-makers and stay relevant to the business.

The foundation for value 

The value of timely dashboards with relevant data cannot be overstated. Using visualizations that are intuitive and easy to interpret, these dashboards help managers quickly determine:

  • The current state of where they are.
  • If they’re on track to meet objectives.
  • What changes or fine-tuning are required to stay on course.

Value-based dashboards and reports targeted at business users are a requirement for every modern ITSM organization to drive performance efficiencies, facilitate business strategy, optimize processes, monitor trends, and quickly identify new opportunities for growth.

These business-oriented dashboards create the foundation for demonstrating and improving value and effectiveness for your business by improving the speed and accuracy of decision-making.

ITSM-CTA-Blog-Banner (1)

Fantom Ransomware: Looks Like Windows. Disrupts Like Hell.

Digital Internet securityAs if ransomware and Windows updates weren’t already challenging enough, a new threat pretends to be the latter but delivers the former.

If your organization has been in the process of deploying (or considering to deploy) Windows 10, then you already know about the issues regarding Microsoft’s shift to cumulative updates and the problems with third-party applications they’ve already caused at some companies.

Microsoft updates

Even if you’re not moving to Windows 10, you may still be affected by changes Microsoft is making to how it delivers updates to Windows 7 and Windows 8.1. And if you haven’t already, you should read the sagacious guidance offered in blog posts on these and related subjects by LANDESK Director of Product Management Stephen Brown and Senior Product Manager Chris Goettl.

In addition, you’ve doubtless heard and read about—or maybe even been affected by—ransomware.

Most ransomware infiltrates computer systems, locates and encrypts critical files, then demands payment of a ransom for access to the keys needed to restore access to those files. A recent variant, known as “Hitler ransomware,” threatens to encrypt critical files, but in reality, deletes them. (Read more about this variant in blog posts by me and Stephen.)

Fantom ransomware

And now, there’s Fantom. Once it gets into a system, it looks and acts like a legitimate critical Windows update. As reported by Lawrence Abrams of and others, it even displays a realistic-looking screen that says the updates are being configured.


What’s really going on, though, is that the software is busily encrypting all the files it can find. It then displays a poorly written ransom note.


Once that note appears, victimized users have no choice but to pay the ransom and hope that they receive the decryption keys promised by that ransom note. And that those keys actually restore access to all of their files, and that the malware infection doesn’t result in further mayhem.

This is only one recent variation on the ransomware theme. Others can be at least as disruptive to your users and your business, if not more so. A ransomware variant known as “Petya,” for example, ignores your files and goes directly after the master boot records and file tables that govern access to entire hard drives.

Ransomware webinar on September 14

All of this is why we’re having a ransomware update webinar on September 14, featuring Stephen Brown and Principal Product Manager Eran Livne. (Eran’s also written some sagacious and helpful guidance for combatting ransomware, as have other members of the LANDESK team. You can browse, read, and share these in our ransomware archive.)

It’s also why we continue to evolve our solutions for fighting ransomware. In the webinar, Stephen and Eran will describe some specific upcoming enhancements to LANDESK Security Suite that can help you to defeat even the newest ransomware variants, and keep your organization’s computers and users productive and operational.

Get and stay ahead of the bad guys developing and distributing ransomware. Protect your organization, its users, and its critical information. Start now by registering for the webinar today!

Also, be sure to get your free copy of our most popular white paper below.


Ransomware: The Threat and How to Protect Your Enterprise Part 2

ransomwarePart one in this series described the threat of ransomware and looked at user education and cloud-based file sync and backup solutions as possible defenses. In this post, I’ll provide some analysis and opinions about antivirus software as well as other, stronger defenses against this growing threat.

Traditional antivirus software

Many organizations rely upon traditional antivirus software to protect against malware, including ransomware. This is an effective method to protect against ransomware instances already detected by an organization’s chosen antivirus vendor or vendors.

However, today’s malware world is highly dynamic, allowing ransomware to change itself before or after each attack. The Verizon 2015 Data Breach Investigations Report found that 70 to 90 percent of malware samples are unique to a single organization.

This dynamism makes it highly likely that antivirus software alone will not be able to detect and block the ransomware that attacks your organization.

Advanced antivirus software

Newer antivirus solutions use so-called heuristic techniques—based on decision rules or weighting criteria—to analyze and defend previously unknown instances and variants of malware, including ransomware.

Numerous startups and younger vendors, such as SentinelOne, provide offerings based on powerful algorithms that can detect and block users from invoking ransomware and other malware. However, not even these advanced antivirus alternatives are entirely bulletproof, as developers of ransomware and other malware can determine and bypass specific heuristic techniques.

Can containers contain malware?

So-called container solutions ensure that applications running on network endpoints are isolated from the rest of the OS and corporate network. If a user succumbs to a ransomware attack, the ransomware will only run inside the application’s designated container, infecting it but leaving the rest of the system unharmed.

The container can then be wiped and restored so the user can continue to work with only minimal interruption. Bufferzone, a leading provider of container solutions, is both a LANDESK One technology partner and Shavlik partner.

Encryption prevention

The main purpose of every type of ransomware is to encrypt files, especially Microsoft Office documents. (Ransomware is often designed to target specific file types.) A good method to protect against ransomware is, therefore, to protect those documents from been encrypted in the first place.

Solutions such as LANDESK Security Suite (LDSS) enable IT and security admins to ensure that designated documents or file types simply cannot be encrypted, whether by ransomware or even by legitimate encryption tools.

For example, a simple rule can be defined within LDSS to allow only Microsoft Word to modify.doc or .docx files. Even if ransomware infects a user endpoint, the ransomware will not be able to encrypt those Word documents. The most recent versions of the user’s Word documents remain unharmed. The user remains productive, since she can continue to work on her latest versions of her Word documents, without the need to restore an older version from backup.


The best method to protect against any malware—and specifically ransomware—is to embrace a whitelisting solution. With whitelisting, users can only run authorized applications that are on the list. This eliminates the possibility of running any executable ransomware, since no ransomware will appear on a list of authorized applications.

Creating the list of authorized applications may be time-consuming, but the right tools can make the task easier and faster to complete. With LANDESK Security Suite, for example, IT or security administrators can create whitelists automatically by using the included application reputation database, or by using so-called gold images of legitimate applications.

But even if you must create your whitelists manually, the protections they can provide are worth the effort.

Whatever you do, do it now!

Ransomware is growing in popularity and increasingly infecting organizations large and small. It is not a question of if ransomware will infect your organization; it is a question of when.

The sooner you and your colleagues take effective steps to defend against this potent threat, the less likely your organization will become a ransomware victim. Start today by evaluating the protection tools you already have and activating as much protection as possible, using the selections above as a guide.


Ransomware: Should You Pay the Ransom?

RansomwareBy Phil Richards, CSO

Security professionals dread the day when they get the call that ransomware has infiltrated their network and has already started encrypting files, drives and network shares. After the initial shock has worn off and the ransomware is no longer encrypting new files, the decision quickly turns to whether to pay the ransom in order to (maybe) recover the files.

Noticeably absent from this article is the actual answer to that question. That is because there are lots of issues and questions that go into this decision. I want to highlight some of the issues you will face and help work through the answers.

1. Can you live without the files?

Files encrypted by ransomware are locked and cannot be viewed or accessed by anyone in the organization. It is important to catalog the extent of the loss. Files can be grouped based on how critical they are to the organization.

2. Do you have backups, and if so, how recent?

The existence of backups for encrypted files gives you options. You might have the ability to recover encrypted files through your own backups. The existence of backup varies by company and by type of system that has been compromised.

3. Recovery

If you have backups of the encrypted files, how quickly can you recover from backup? Companies have varying strategies for backup/storage and retrieval. Recovery can take multiple days. When that happens, paying the ransom may be a viable alternative to restore files more quickly.

4. Do you have an obligation to outside parties?

File availability requirements may impact your decision-making. If you need to have files available quickly, that may tilt the balance in favor of paying the ransom for the possibility of recovering them quickly. Obligations may be to customers, suppliers, regulatory organizations, legal entities and many others.

5. Is it possible to decrypt the files without paying the ransom?

Some ransomware is not well written. If you are lucky enough to have become infected with a weaker variant of encryption, it is possible to use a recovery pack.  A good resource for identifying and remediating some types of ransomware can be found in this list of decryptor tools.  

6. Assess the likelihood of getting the encryption key after paying the ransom

Not all ransomware organizations are trustworthy (big surprise). Some will take your money and not provide you with the decryption keys.

On May 20, 2016, Kansas Heart Hospital paid a ransomware organization an undisclosed amount, only to have the organization extort them for a second time for additional money. The hospital refused to pay the second ransom, stating: “The policy of the Kansas Heart Hospital in conjunction with our consultants, felt no longer was this a wise maneuver or strategy.”

7. Other risk factors

You need to consider reputation, regulatory and financial risk when deciding whether to pay or not pay the extortionists. Make sure you’re considering all angles.

The recommendation from the FBI and several non-government organizations is to never pay a ransom. Some reasons to not pay the ransom include:

  • There is a possibility that you will not get the files recovered after you pay.
  • It encourages bad actors to continue developing ransomware.
  • You fuel a perception that you are weak by giving in to the bandits.
  • You fuel a perception that you are inept if you don’t know how to prevent/resolve security breaches.

In the real world there are other issues that need to be evaluated when deciding to pay the bad guys.

  • Locked files are critical to your business or represent a significant investment.
  • Operations are compromised because of the locked files.
  • There is no backup, so the files would be lost forever.
  • Restoration of the files will take a significant amount of time and will impact business.
  • Need to divulge lost files to customers.
  • Regulatory consequences for the lost files.

So while it is easy to say, “Never pay the ransom,” sometimes there are practical considerations that need to be evaluated. Clearly, this is a situation that is best avoided altogether. Future blog posts will show you how LANDESK software can help avoid ever needing to make this decision.

LANDESK Security Suite (LDSS) ensures your user environment is stable and secure, helping you to reduce risk and extend protection and control.


Five Tips for Improving the ITSM End-User Experience

five tips -1I often use public transportation services. Sometimes I have a good opinion of the service provider and sometimes I do not. I develop my opinion of service offerings based on the experience I have when I use the services offerings. For example, if I travel on a train that is dirty and doesn’t smell very good, then I am likely to judge the service offerings in a poor light. As a passenger, I am expecting to arrive at my destination so I am not going to develop my opinion of the services based on whether or not I arrive. Instead, I develop my opinion on the overall experience I had while traveling to my destination. If I have a poor experience, I will probably try to find another way to get to my destination even if it takes longer and costs more money.

When providing IT services to end-users, it is important to understand that end-users expect that IT services will be delivered much like I expected my train to arrive at its destination. Therefore, end-users will judge the quality of IT services based on their experience while using IT support. For example, imagine a process is published offering a way to request a laptop through a self-service portal. If the interface is difficult to navigate, or if the automated process fails to deliver the asset in the time it was promised, then you might find your end-users searching for other ways to fulfill their asset requests.

Unhappy end-users reflects poorly on the IT department. Without the support of the end-users, your ITSM solution will not be successful.

  • Do you know what makes end-users happy or unhappy?

When designing your ITSM solution, use the following steps to identify and document what makes end-users happy or unhappy, then design your ITSM processes and interface in such a way that end-users will have a positive experience:

  1. What makes end-users unhappy?
  2. How does IT make end-users happy?
  3. Design your ITSM solution to improve the end-user experience

What makes end-users unhappy?

five tips - 2When the IT department doesn’t notify end-users about projects that impacts end-users

  • End-users don’t want to be surprised by changes to the interface or changes to ITSM processes without prior knowledge. To ensure end-users buy in to new IT service offerings, be sure to include them in the design processes so they can provide feedback from their perspective.

IT analysts over commit and under deliver

  • Proper expectations need to be set for the end-users. If a callback to the end-user is promised by 5:00 PM, then be sure to call them back. If analysts are over committing, they might have too much on their plate. When assigning tasks to your analysts, be sure to monitor their follow-up. If analysts are not following up in a timely manner, monitor their workloads. Poor follow-up should never be acceptable. Remove analysts that consistently demonstrate poor follow-up capabilities.

We don’t make easy answers readily available

  • Knowledge is extremely important when providing IT services. It can take a lot of time for an analyst to troubleshoot an issue. Avoid duplicating troubleshooting efforts by providing up-to-date knowledge for your analysts. As methods for resolving an issue are discovered, document and publish those methods. When possible, publish methods for resolving an issue to the end-users. If they can fix the issue by following directions from a knowledge article, they will not have to call the help desk.

End-Users don’t like to wait on the phone

  • Long hold times frustrate end-users that call for IT support. It is important that the IT department understand peak call times, then develop methods to handle large call volumes during those times. Provide additional staffing during peak times if needed or build a process that facilitates a call-back from the analyst to the end-user when call volume is high so that end-users do not have to wait on the phone for a long period of time. The longer the wait time, the unhappier the end-user.

We treat end-users like end-users, not customers

  • The customer is always right mentality used by sales operations should be the mentality of the IT service Dept. ITIL calls the end-user a customer which is how they should be treated by the IT analysts. Encourage and positively reinforce good customer service provided by analysts.

How does IT make end-users happy?

five tips - 3Keep end-users informed and involved with IT projects

  • If end-users will be impacted by an IT project, involve them in the design and testing phase of the project. End-users are happy when they are heard. Furthermore, they will be more likely to support the IT project when it goes into production.

Apply Service Level Agreements

  • Service Level Agreements (SLA’s) provide a way for IT to set expectations for the end-user. SLA’s also provide a way for IT to monitor how well it is providing support for the end-users.

Create multiple ways to ask for assistance

  • Provide multiple ways for the end-user to open an incident or make a request. Providing multiple access points for opening incidents or making requests can alleviate long wait times for telephone support; especially during peak hours.

Provide help through a knowledge base with up-to-date relevant information

  • Today’s end-user knows how to find answers to their questions using a smartphone and Google search. If IT provides answers to commonly asked questions by publishing a knowledge database to the end-users, calls into the support center will decrease. Over-all wait times will decrease while end-users will feel empowered as they are able to solve issues themselves.

five tips - 4End-Users want respect

  • Although IT questions and requests might seem elementary to an analyst, they are not elementary for the end-user. Analysts need to avoid talking in a condescending way to the end-user. For example, “you should know that,” or “didn’t you go to training?” are statements that should never be uttered by an IT analyst. When end-users get respect, they will probably give respect to IT and appreciate all that the IT department does for them.

Design your ITSM solution to improve the end-user experience

  1. Build a self-service landing page – Publish services through a self-service catalog then automate request fulfillment processes where possible. Build approvals and authorizations into the automated self-service processes.
  2. Provide Multiple Ways to Open Incidents and Make Requests – Today’s end-users access the internet in a variety of ways. Be sure to provide a way for them to open incidents and to make requests from multiple access points. For example, not only should end-users be able to make a request for an asset by calling IT services, they should be able to make the same request using their mobile device or personal computer. I have also seen organizations that have IT services provide a “one-stop-shop” where employees can physically go to an office to report an issue or to make an IT request
  3. Look for Ways to Modernize Your Interface – Much like music and furniture, an IT interface can quickly become outdated. Be sure to use software solutions that have a modern, easy-to-use interface. Today’s software solutions need to be easy-to-use across all platforms. A good ITSM interface will change very little when going from a PC browser to a mobile app or browser. Today’s end-users want consistency.
  4. Never believe your processes are perfect – ITSM in not a destination, it is a journey. Never stop measuring and improving ITSM processes. End-users have little patience for redundant tasks that do not make any sense. Keep in communication with end-users and analysts to find areas where a processes can be improved to make them easier, faster, and more reliable.
  5. New technology is your friend – Stay current with the ITSM community by subscribing to ITSM magazines or online forums. New technology that can help you improve IT support will help you reduce your IT costs. Recently, I looked at some new ITSM technology that uses a screenshot to search a knowledge database.


If your ITSM software solution is not providing you with the latest technology available, or if it cannot be integrated with the latest technology features available, it’s probably time to look for another ITSM solution. To create a positive end-user experience, build an interface that is easy to navigate, provide processes that are quick and efficient, maintain an up-to-date knowledge database, and schedule re-occurring meetings with IT services and a focus group of end-users for the purpose of re-evaluating and improving your current IT services and their processes.

-follow me on Twitter @marcelshaw

Originally posted at

Lost Assets and Rogue devices Part II

Rogue DevicesIn part one of this blog series, we discussed how tracking rogue IT assets is very similar to tracking down stray livestock during the annual roundup. With IT assets, that roundup often comes during an audit or annual hardware refresh and often comes in the form of someone looking around the office and cataloguing devices in a spreadsheet; which is not only ineffective but costly. As you know, LANDESK has always offered asset discovery, we have to know what devices you have in order to manage those devices. This has often been in the form of active network discovery. You pick a location (subnet) and start scanning and it will return a report of devices on that network, eliminating the need to send someone around the office. Or does it? As we mentioned in the previous blog, this is just a targeted look into the network. The device might not be on that subnet or might have certain security features enabled that prevent the sweep from being successful. So that leads us to the need for passive scanning capabilities. However, setting this up can take some planning and often serious IT effort.

What does passive scanning offer that active discovery does not? Our passive discovery is listening to the ARP requests to see what devices come online. It send a CBA ping request to see if that agent is managed; if it does not respond to the request, it is marked as unmanaged and a list is sent to the core server. The benefit to this over a standard IP ping is, I have yet to find a way to have a device connect to a network without sending out ARP discovery packets.

Now that we understand that we should have passive scanning enabled, how do we go about reconfiguring my network to do this? LANDESK System and Security Suite 2016 has simplified this by automatically enabling passive scanning by default on all devices. Now, if you have been with LANDESK for a while, you are saying to yourself, “Wait a minute! I have been warned for years not have passive scanning on all devices, especially devices that leave the office as I will often get false positives and create a backlog of devices I need to determine if they are on my network or the local coffee shops.” In 2016 we introduced a new platform technology that will help eliminate this administrative mess while maintaining the benefits of passive discovery. Self-electing subnet services (SESS), is enabled by default for all windows devices, currently multicast and passive unmanaged device discovery (formerly referred to as Extended device discovery (XDD) or the marketing term of neighborhood watch) operate on SESS with more to be added in future releases.

To dive a little deeper into this, SESS is now available to be configured on a per-agent setting, it can also be disabled/enabled per subnet. The configuration options are limited to XDD both for ARP and WAP.  You can set your thresholds and either enable or disable the ability to perform said service. So the next comment that is often mentioned is, I do not want or need all of my devices preforming this service. That is where the advantage of SESS comes into play. Once we have decided what agent settings to use, the devices on that subnet hold an election to designate a host to talk back to the core server. If that device goes offline, another election is held and a new system is elected to talk back to the core server, so you will always have a device preforming these capabilities.

Now that we have discussed needing to find our assets, how to go about doing so? Let’s cover a real-world example that we saw during our LDMS 2016 field test. Remember, I stated earlier that discovery is enabled by default. During field testing, we had a customer that installed the agent to his pilot test group; this covered multiple subnets by chance. As we were discussing the new features in 2016, SESS came up and they stated, “That will probably be useful on our remote subnets but the subnets local we know what is out there.” They pulled up unmanaged device discovery and were a bit surprised to see that we had already located 30 some odd computers on this local subnet alone. Looking at the list, most were laptop and a few were BYOD but somewhere company resources as well as a handful of desktops they had purchased and installed in the last 6 months or so and forgotten about.  They were surprised by the results to stay the least and stated that this was going to a huge help in starting to get full control of their resources both for keeping track of company assets and knowing what rogue devices are on that network that might be causing significant risk to the business.

Windows 10 Insider Preview Branch


In my previous article, I provided a Windows 10 Branches Overview, setting up the conversation on the Windows 10 Insider Preview Branch. This might be looked at for something only used by tech heads, but there is value to using it for gaining early insights into new features and potential issues that can arise from future branch upgrades. There are many nuances that should be understood before considering this branch.

Here at LANDESK, my colleague Rex McMillan, product manager extraordinaire, has been running on the Insider Preview for over a year. Much of the insights come from his experience.

Signing Up

Joining the Windows 10 Insider Preview is fairly easy. One simply goes into Settings > Update & security > Windows Update > Advanced options. Using a Microsoft account, you can register and configure your computer for the Insider Preview.  Microsoft  has simplified the process of becoming an insider.  A growing community of insiders are testing and helping improve Windows. Insiders do receive invitations to special insider only events.  There are also some incentives to encourage participation in the reporting of issues and the quests.

Fast or Slow?

With Windows 10 Insider Branch, there are two modes of delivery: Fast ring or Slow ring.

  • Fast ring
    • Updates are cumulative and release 1-3 times a month.
    • Contain lots of changes and bugs as noted in build 14251 release notes, “I also want to reiterate once again that with the change to release builds faster to Windows Insiders in the Fast ring, bugs like the ones we had in the last build” … “are going to pop up. Sometimes it might be several builds before we get these bugs fixed. And there might be times where a build we release contains bugs we haven’t found in internal testing as well.”
  • Slow ring
    • Updates are also cumulative and much less frequent with releases every few months.
    • More stable than the Fast ring with lots of bug fixes

Recently, we saw Release Preview which is a new insider track that was used with the latest Windows 10 for mobile.  Release preview is more conservative than slow ring, still allowing early access but with reduced risk.


When builds are available, you will be notified and can proceed with an update. Now these are often big updates where the computer will have to download a lot of product, reboot into a Win PE mode, update, then boot to normal Windows. In a recent build, Rex and I observed that it took over 20 minutes to update his computer to the latest build in the Fast ring.

General Experience

In speaking with Rex, he has many insights on using Insider Preview’s Fast ring. He has never been burned with a build, but has heard of people running into hardware compatibility. In the past year he experienced one build that was fairly unstable and has the occasional crash and bug. The biggest challenge is the time to update. He likes to plan on a hour of downtime just in case any issues arise.

When to Use

Looking at the instability, one might wonder why to use the Windows 10 Insider Preview. The greatest value for a business to run some computers on Insider Preview is early visibility into changes that may affect future Current Branch or Current Branch for Business builds. Insider Preview provides a Feedback Hub to review known issues and submit bugs. One could also run some systems on Current Branch and the bulk of other systems on Current Branch for Business to also provide early insight on potential conflicts to your end user environment.

The other (and probably bigger) reason to run Insider Preview is to get familiar with the never ending stream of new features that are coming your way.

Key Takeaways

Here’s the summary for Windows 10 Insider Preview:

  • Comes in two update frequencies: fast (1-3 times a month) and slow (every few months)
  • Can be used to test against system baselines for early warning of issues
  • Will be disruptive and should only be used by highly technical users with strong connections to IT
  • Should not be deployed widely on product systems

With Insider Preview covered, we will next move on to discuss Windows 10 Current Branch.

Modernizing ITSM through Automation: A Three Step Plan (Part 1)

Modernizing ITSM through automation

In a report published by the analyst organization Forrester Research on ITSM, research showed that

“57% of service desks struggle with increased ticket volumes, but only 31% are expanding headcount.”

(Elinor Klavens and Eveline Oehrlich, “Five Key Initiatives to Wow Your Workforce with Service Desk,” Forrester Research, September 18, 2015)

Increased ticket volume is not a new challenge but, if you add to this the possibility that when someone leaves the team they may not be replaced as headcount shrinks or remains the same, then the only thing you can do is think creatively – automation offers the potential to assist with your challenge as you modernize your ITSM operations.

According to recent research by Gartner, the top three reasons cited for driving organizations to automate are:

  1. Efficiency (78%)
  2. Cost reduction (58%)
  3. Risk mitigation (40%)

Robert Naegle and Ronni J. Colville, “Survey Analysis: The Realities, Opportunities and Challenges of I&O Automation,” Gartner, May 27, 2015.

A Motivation Booster

Before there is an outcry about replacement of ITSM jobs though automation as the means of cost reduction, think again. A survey of IT pros, reported in Baseline magazine, revealed that only 7% felt that automated IT tools put their jobs at risk.

Automating key IT processes drive efficiencies, eliminating time spent on the manually intensive, mundane or commons tasks. I can guarantee your IT analyst staff did not put any of those tasks on their wish list when joining the team. So now you can use those man-hours to better meet the needs of business users and, at the same time, provide a motivation boost through job enrichment for your staff.

A Quality Enhancer

It’s often assumed that automation means delivering more of the same; but effective automation also provides opportunities for maturing, as well as unifying, separate workflows. Automation provides the opportunity to offer a better quality of support and user satisfaction through faster response times and improved quality and range of services delivered.

An Ambiguity Terminator

Automation offers a predictable and repeatable sequence of steps from start to finish and takes the same route each time. In doing so, it eliminates ambiguity by following a tested, consistent path. As a workflow, or a process like a change, passes from one person to the next, it hits different stages of progress. It’s at these handoff points that tasks can fall through the cracks or workflow is interrupted, resulting in an SLA breach. Automation will lessen the risks of human error. What once took weeks can be accomplished in hours or minutes, without cutting corners that injects risk.

A Strategic Enabler

Whether you’re aiming to work faster, maintain consistency, or reduce costs, automation can assist you operationally. And from a long-term perspective, at a time when service management teams are required to cope with increased and new demands like digital transformation projects on limited headcount, you can refocus time and resources to support business initiatives and goals so that automation becomes a strategic enabler.

There will be many areas of your environment that are ripe for automation, and like any part of your service management operation, the use of a maturity path approach will assist you on your automation journey. Each journey needs a road map, but where you start is equally important.

Step 1 – Re-evaluate Your Processes

Gartner recommends IT organizations focus on moving redundant and repetitive tasks into automation processes. But before you start, understand that automated processes are only as effective as the planning that goes into their development. Einstein is widely attributed with saying that “the definition of insanity is doing the same thing over and over again, but expecting different results.” Whether he said it or not doesn’t matter, but it’s worth bearing in mind when starting down the process automation path.

Before automating processes, re-evaluate each process. Too often we consider the elements in closest proximity to our own environment and do not incorporate considerations that have an effect on the business at large. Automation requires user-centric planning. One thing you must do, and keep doing, is engage with your end users directly or through business productivity teams to map out the current workflow, ensuring they are optimized and makes sense for any users it touches. Only once these processes have been re-evaluated at every step and re-communicated to your teams and users, should you review which optimized processes to automate.

In the next blog, we’ll review Step 2: Initial Maturity Steps for Immediate Value

Lost Assets and Rogue devices Part I

Rouge Devices

Have you ever misplaced something? Of course you have, we all have. When this occurs, the realization that you have lost something or, even worse, that someone else may be in possession of that missing item, causes us to have various reactions from anger to fear and sadness. These reactions cause us to start the next phase of actions which may be anything from panic to a methodical search and recovery.

I have seen or experienced many of the different reactions that occur when I’ve lost an asset.

Different types of assets require a difference in the ways that we react to a loss or even a rogue asset. There was a time when I was listening to some ranchers discuss their assets (sheep and cattle), it was the time of year that they were gathering their assets from the vast western ranges that they use to graze their stock on. During the conversation, one of the ranchers stated, “Don’t worry we will find all of the sheep, we have them fully contained, there is no way for them to escape. The Atlantic is on one side and the Pacific is on the other side, how could we possibly come up short?” After much laughter about how impossible it would be if that were the actual boundaries, it became obvious that, at times, that is how IT assets are managed.

Later in the discussion, another mentioned he was missing a few of his assets, he was sure that they were still on location but he just couldn’t find them, every day we would look for them and the next day they would have moved to a different part of the place in the night. Sometimes, in IT, we have the same type of experience with roaming users and their IT assets.

IT asset management starts with a complete inventory of what is in the environment, fortunately IT assets can’t just walk away without help. Many of the technologies that we use to find IT assets may lead us to a similar experience as the rancher looking for his cows, sometimes they are on and other times they are gone. Active discovery of network-attached devices is prone to the same misleading results as looking in different parts of the pasture each day. While the assets are still there, we are unable to know this if we aren’t at the right spot at the right time. Passive network discovery technologies allow us to know when any asset is on the network and reports this. Automated passive discovery is the first step in completing our knowledge about what assets are in the environment, as well as exposing the assets that should not be in there. Rogue devices can bring significant risks to the business and can have devastating impacts.

Implementation of a passive discovery tool should be a high priority to all IT that want to ensure that they are properly managing their assets and securing their environments from unknown risks.