Blog

Trends and opinions for improved IT service management and client management

Posted By: Anonymous
19 Jun 2015

By Steve Brasen

EMA, Managing Research Director - Enterprise, Mobile & Endpoint Management

It’s time to take a serious look at Office 365. The cloud edition of Microsoft’s broadly adopted business productivity suite – which bundles such popular packages as Microsoft Word, Microsoft Excel, Microsoft PowerPoint, and Microsoft Outlook – has been both heavily praised and heavily criticized since its introduction in 2011. While the adoption rate of the traditional software edition of Microsoft Office is currently in no danger of being overtaken by its cloud-hosted cousin, recent adoption rates for Office 365 have substantially accelerated. Businesses, in particular, have shown increased interest in the cloud-based platform, and many are carefully considering whether to make the transition after existing Enterprise Agreement (EA) licenses expire.

Currently, Microsoft offers a variety of licensing plans for both home and business users of Office 365. However, all Office 365 plans are based on subscription pricing models (i.e., per user per month or per user per year) as opposed to the one-time perpetual licenses offered with Microsoft Office. In November 2014, Microsoft introduced free versions of Word, PowerPoint, and Excel apps for iOS and Android platforms independent of Office 365; however, the licensing agreement for these apps states that they can only be used for “non-commercial purposes” (though I’m really not sure how that could possibly be enforced). Clearly these free mobile editions were made in direct response to the increasing popularity of Google Docs in that particular market. It should also be noted that Microsoft offers a free package of web-based apps, Office Online, which is a lobotomized version of Office and should be avoided at all costs to retain your sanity.

While Microsoft has promoted a number of reasons to adopt Office 365, in my opinion there are only two that really matter: to support enterprise mobility and to reduce costs. Here’s a summary of the benefits of both:

  • Supporting Enterprise Mobility – A single user license for Office 365 will support up to 5 devices of any type. So, users can employ any combination of PC and mobile devices that would enable them to be most productive whenever and wherever they need to read, create, and/or edit documents. Additionally, for its Office 365 customers, Microsoft offers free and unlimited access to its cloud storage solution, OneDrive. While users can still store data on their local devices, any files stored on OneDrive will be accessible by any other devices they use. OneDrive also enables files to be shared with coworkers or to create collaboration environments.
  • Reducing the Cost of Operations – With Office 365, license costs are substantially reduced for users who employ multiple devices. Unlike Microsoft Office, which requires individual licenses to be purchased for every device, Office 365 requires only a single license for up to 5 devices. Additionally, this subscription pricing is more conducive for organizations with fixed budgets (particularly SMBs) and can be substantially cheaper for supporting short-term projects (i.e., those lasting less than two years).

All organizations are different, and a number of factors will need to be considered when deciding if transitioning from locally installed software to a cloud-based solution is right for you. Some of the factors include organization size, industry type, user requirements, regulatory compliance goals, budget restrictions, and the breadth of available IT support. Detractors of Office 365 primarily raise concerns about reliability and performance. For instance, organizations with heavy security or regulatory compliance requirements may be restricted from using applications that host data in multi-tenant environments. Also, while Microsoft claims 99.9% uptime on the hosting environment, unreliable internet and LAN network connectivity could impact the performance of the platform. To be clear, while Office 365 does not require persistent connectivity (as it runs locally on each device), it still requires periodic contact with the cloud-hosted environment and, of course, it is necessary for accessing any files stored on OneDrive. Synchronization issues with Outlook and SharePoint have also been frequently noted by users as challenges to the platforms reliability.

Organizations that do decide to make the leap to adopting Office 365 should be prepared to carefully manage the various licenses adopted for each user. For instance, since each user can assign their license to up to five devices, it is possible that multiple licenses could be assigned to a single device, which is obviously not cost-effective. Additionally, it’s important to know the type of license employed by each user, the length of the license term (monthly or annually), and when the term expires to prevent the business from being charged for any software that is no longer being used.

Taking all these pros and cons into consideration along with your own unique business requirements (and a measure of common sense) should provide ideal guidance on whether it’s time to transition to Office 365. One final note: Don’t be afraid of the cloud simply for fear of change. Cloud-hosted services are neither the ultimate solution nor the ultimate challenge. They simply represent another technology approach to be evaluated – another tool in the belt to be employed when it makes the most sense for your organization.

Posted By: Russ Ernst
09 Jun 2015

This June Patch Tuesday we have a slightly smaller patch load from Microsoft, taking us back to more historic average releases of 8 bulletins. We have just 2 critical patches to deal with and 6 important. While this is good news for those that have their sights set on some summer vacation, this release also makes us wonder how many more of these Patch Tuesday cycles will we have?

Before diving into that, let’s take a look at the job at hand this month, starting with Microsoft. MS15-056 is a critical cumulative update for Internet Explorer addressing 24 CVEs. If you’re using IE, patch it now, please. We see a patch every month for this popular browser for a reason. The bad guys love to exploit it along with all of the other popular browsers like Firefox and Chrome, and in too many instances, they are successful. This month, attackers could force a remote code execution and gain the same rights as the affected user.

Second on your list of priorities should be MS15-059. Although rated as important, it impacts all shipping desktop versions of Microsoft Office. This bulletin addresses 3 vulnerabilities in Office which an attacker can use for remote code execution.

There are other Microsoft bulletins to deal with – including critical MS15-057 that impacts Windows Media Player and grants full user rights to the attacker when a malicious file is played – but you’ll also need to prioritize a vulnerability in Adobe Flash. APSB15-11 is the 8th update of Flash Player this year and updates 13 vulnerabilities that span across Windows and Mac desktops.

Microsoft has announced the release of Windows 10 as July 29, 2015. For a year, this upgrade will be available for free and will continue for the lifetime of any device you install it on – your PC, tablet, or phone. In other words, Windows 10 is reportedly the last splashy OS release we will see. From there, they will continually update your OS with new features and security updates without the fanfare of a new OS version number, without the costly endeavor of testing code and holding on to it until a pre-selected release date. In time, this should result in a simpler, safer computing experience. Until then, we have to deal with a transition of the massive install base of Windows 7 machines to this new Windows as a service.

So what about Patch Tuesday? The release of Windows 10 will change how you push security updates too, maybe. Microsoft has been clear as mud on this process question, to be honest. As described in a Microsoft FAQ , licensed Home users will see updates pushed automatically, as they are ready. This process should get the millions of home machines using Windows updated faster, and that’s a good thing, but what about the patches that fail? Are Home users the unfortunate testing ground? Only time will tell. And while enterprise users will have more choice on when to push updates, how that gets done has not yet been precisely defined.

In reviewing this month’s patch load from Microsoft, we see plenty of legacy software in need of updating. Another thing the new Windows Update for Business does not make clear is how will these systems be updated? Will organizations who choose to remain on older systems receive updates on the typical Patch Tuesday cycle? It isn’t clear yet but one thing remains true. If you can update, you should. Remember, Windows Server 2003 reaches end of life next month. Hopefully you are working your migration plan.

Posted By: Anonymous
05 Jun 2015

By Steve Brasen

EMA, Managing Research Director - Enterprise, Mobile & Endpoint Management

Here we go again. New releases of Microsoft’s flagship operating system are typically greeted with a combination of angst, curiosity, confusion, and dread in equal measure. It seems just as folks have gotten used to a particular Microsoft version, a new one is released with a completely different interface and requiring a whole new set of operational practices. Even worse, upgrading large numbers of desktops to the new edition in a large enterprise environment is a daunting task often avoided by IT operations teams until and unless it is absolutely necessary to perform a mass migration. More often, new OS platform adoption occurs due to device attrition (i.e., replacing old devices hosting old OS versions with new devices hosting the new OS version). The upcoming, late-July release of Windows 10 will likely be no exception to this.

Beyond natural device circulation, however, there are still compelling reasons to migrate to Windows 10 – usability being the most critical. Just as the initial adoption driver for Windows 7 was to get users off of Windows Vista, organizations that adopt Windows 10 early will principally do so to free their users from the challenges of Windows 8. In fact, while the Live Tiles interface has been retained, Windows 10 has a look and feel more akin to Windows 7 than Windows 8. Interface features like the traditional Start Menu and Taskbar have been reintroduced while the much reviled Charms menu has been retired. Perhaps the most important feature of Windows 10, however, is its ability to port applications from other environments (e.g., Linux, iOS, Android). This is particularly advantageous for mobile editions of Windows 10, as previous versions broadly lacked availability of key applications.

It should also be noted that roughly 15% of organizations still rely on the retired Windows XP OS to perform critical business tasks. XP was released way back in 2001 – when a “mobile device” referred to little more than a pen and paper. It is long past time to abandon XP, and, for many organizations, the release of Windows 10 provides the best opportunity to finally do so.

While Windows 10 was designed to unify the OS architecture across devices (i.e., to support common apps), Microsoft is actually releasing seven different versions of the platform: Home edition, Enterprise edition, Professional edition, Education edition, Mobile edition, Mobile Enterprise edition, and an Internet of Things (IOT) Core edition. The much-maligned Windows RT tablet environment has been retired. For existing Windows 7 and Windows 8.1 systems, the Windows 10 Home and Professional editions will be available as a free upgrade for one year, providing a strong incentive for early adoption.

Of course, the biggest challenge for organizations is to reliably transition a large number of PCs and mobile devices with minimal impact on business productivity. While Microsoft offers a migration tool for Windows 7 and Window 8 devices, Windows XP and Vista devices will require a full system installation. Either way, manually performing OS migrations on hundreds, thousands, or even millions of devices is simply not practical or cost-effective for most organizations. A much more effective approach is to adopt an automated OS deployment and migration solution that enables the centralized scheduling, configuration, and implementation of Windows 10 editions. Key features to look for when evaluating available solutions include:

  • Asset Management – Preparation for migration begins with a deep understanding of enterprise resources and requirements, so a full inventory of the support stack is essential and should include both hardware assets (e.g., system model, CPU, memory, devices, peripherals, etc.) and software assets (e.g., applications, drivers, and system tools). This information will be used to establish a baseline for identifying issues that will need to be addressed during the migration, and it helps prioritize which system, service, and task deployment activities should be performed first.
  • Role-Based Management – User profiles identifying permissions and configurations are grouped based on the user’s job function (e.g., accountants, marketing reps, IT support staff, etc.). Ideally, these user roles are imported for an enterprise IT listing service, such as Active Directory or LDAP, to ensure consistency across the enterprise.
  • Centralized System Packaging – With this feature, all OS, application, driver, and patch elements are packaged (as either a bundled deployment or an image) in order to meet specific requirements for the endpoint. Additionally, any configuration requirements (such as usage preferences and security settings) should be automated and included in a deployment package.
  • Deployment Multicasting and Scheduling – Multicasting allows multiple systems to be migrated simultaneously. While it is fast, this approach may also saturate a network that is also used to support production services. With deployment scheduling, migrations can be initiated during low-use hours (e.g., evenings and weekends) or can be spread out to minimize impacts to the network.
  • Reboot Management – Some OS, application, driver, and patch installation processes require a system restart to complete. With reboot management, solutions can ensure implementations are automatically tracked and managed through each phase of the installation without requiring administrator interaction.
  • Migration Process Monitoring – With a broad number of deployments happening simultaneously, it’s easy to overlook critical installation and configuration failures. The quicker migration difficulties are identified, the faster they can be remediated, reducing the number of occurrences of similar problems on other endpoints in the migration schedule.

With the proper automated migration tools in place, transitioning to Windows 10 can be eagerly embraced, rather than dreaded. The new OS’s improved application availability and standardized user interface across all devices will only increase user productivity while simplifying IT management. With change, there is always apprehension. But if wielded correctly, strategically planned change can provide a competitive edge at a time when both markets and organizational requirements are rapidly changing.

Posted By: Wendi Wolfgram
28 May 2015

Does your company consider itself a thought leader on the cutting edge of business and technology? As a customer of HEAT Software, we already know your company has the vision to seek out the world's only hybrid Service and Client Management platform provider, and therefore stands out as one of the few companies in your industry that maintains full service automation and automated client management services for cost-effective and efficient operations. So why not share both your industry insight and HEAT Software experience with others, and benefit in the process?

Our HEAT Insiders Program is a network of current customers, future customers, and industry media sources that fosters an exchange of ideas and insight. As a member of our HEAT Insiders Program, your company has the opportunity to speak with potential HEAT Software customers and members of the press to share not just your experience with HEAT Software, but all of the ways in which your company is innovative, efficient, and productive.

Specifically, our members can engage in press and analyst interviews, speaking engagements, networking calls, press releases, video testimonials, and networking calls. With these opportunities, HEAT Insiders can benefit in a number of ways:

1.) Promote your Brand

As you discuss your client and service management experiences with industry peers and members of the media, you'll be able to emphasize what it is about your company that makes it both unique and successful. As we know, positive publicity, especially when generated from third-parties like industry publications, is one of the most effective ways to gain notoriety and grow your customer base. Even informal conversations with peers can lead to increased visibility within industry circles. You've worked hard to manage a complex IT infrastructure and build a burgeoning enterprise, why not underscore that success by taking advantage of additional opportunities to talk about it?

2.) Network with Key Industry Players

Successful businesses understand growth is largely dependent upon building relationships, and our HEAT Insiders Program creates meaningful opportunities to do just that. Speak directly with other company leaders that specialize in related products, services, or industries, and build partnerships that could yield key partnerships and collaboration opportunities down the road.

3.) Gain Exclusive Access to HEAT Software Experts

As a valued member of our program, you'll also have exclusive access to our engineers and leaders, who are available to provide additional strategic assistance for your Hybrid IT platforms, as well as offer valuable insight regarding the latest trends in cloud, client, and service management. With this connection, you'll be able to reach out to us when in need of key advice and insight.

Learn more about the advantages of our HEAT Insiders Program today, or contact us for additional information or to sign up.

Posted By: Russ Ernst
12 May 2015

Rumors of the demise of Patch Tuesday have been squelched for now, with today’s release of 13 security bulletins from Microsoft. It’s May Patch Tuesday and while last week’s announcement of Windows Update for Business (WUB) makes it clear as mud whether or not Microsoft will in fact continue to provide monthly security patches for the enterprise as they have since 2003 on the second Tuesday of every month, one thing is certain today. IT departments everywhere will have their work cut out for them this month with 13 bulletins released from Microsoft. Of the 13, 3 are critical and 10 are important. In addition, we have new critical patches from Adobe for Reader, Acrobat and Flash Player as well as Apple, Mozilla and others.

Before diving into your May priorities, it’s important to understand what Microsoft announced – and what they didn’t – during last week’s Ignite Conference. Slated for release sometime this summer, the enterprise version of Windows 10 will ship with WUB. Using a ring approach, organizations can choose to immediately install the first ring of updates issued by Microsoft as they are ready or, to wait for the patches to be vetted and install them from a second or third ring. This new approach will allow for 24/7 updates for organizations that already have a well-established patch management process, and regularly scheduled patches for others.

While I’m optimistic about WUB, many people are wondering if the as-they-are-ready patch deployments will replace the traditional Patch Tuesday updates. At this point, we can only surmise as Microsoft has not clearly articulated their strategy. What we do know is WUB won’t be your cure-all. It won’t patch Windows 7 or 8 so if you plan to continue on either or those OS, you will be at risk. (Microsoft is offering Windows 10 for free to business to address this issue.) Nor will it solve the problem of third party application vulnerabilities. We know these continue to be a popular attack vector and Microsoft’s new updater will not address those.

Back to the job at hand, the May patches. First on the list for any organization using Internet Explorer should be MS15-043. This is a critical, cumulative update to Internet Explorer that impacts versions 6-11. This update patches 22 CVEs in all – the most serious of which could allow a remote code execution when a user visits a specially crafted webpage while using IE.

Second on your list of priorities this month is MS15-044. It resolves 2 CVEs in Microsoft Windows, .NET, Office, Lync and Silverlight. The most severe of the font driver vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage. This vulnerability has the highest exploitability index for both the latest platforms and application versions, as well as older versions. Given the broad scope of impacted software and the relative ease attackers could turn around exploit code, this update should be deployed quickly.

Also, pay particular attention to MS15-051, an elevation of privilege vulnerability in Windows Kernel Mode Driver. Even though Microsoft ranks this update as important, it’s the only bulletin that addresses an actively exploited vulnerability this month. In all, it addresses 6 CVEs.

Also in your queue for this month should be an update for Adobe Acrobat and Reader – the first we’ve seen since December. A total of 34 vulnerabilities, some of which could result in remote code execution, are updated with apsb15-10. Interestingly, 11 of these vulnerabilities were discovered by a single researcher and 21 were reported through the HP Zero Day initiative. While the pay for zero-day model is our unfortunate reality, it’s refreshing to see responsible vulnerability reporting working as designed.

Adobe Flash Player has also been updated again – this time for 18 CVEs. Already, Flash Player has been targeted 7 times this year, more often than IE if you’re counting. If you’re using it, patch it quickly.

Other May Patches:

  • MS15-045 Vulnerability in Windows Journal
  • MS15-046 Vulnerabilities in Microsoft Office
  • MS15-047 Vulnerabilities in Microsoft SharePoint Server
  • MS15-048 Vulnerabilities in .NET Framework
  • MS15-049 Vulnerability in Silverlight
  • MS15-050 Vulnerability in Service Control Manager
  • MS15-052 Vulnerability in Windows Kernel
  • MS15-053 Vulnerabilities in JScript and VBScript Scripting Engines
  • MS15-054 Vulnerability in Microsoft Management Console File Format
  • MS15-055 Vulnerability in Schannel

Organizations with well-established patch management processes in place should welcome Microsoft’s WUB announcement. It will likely lead to quicker security updates and should be able to mix these more continual updates into tiered deployments. For those that don’t, the news should be something of a call to action. If you aren’t conducting strategic patch management, which includes patching outside of Microsoft, you should start now.

Posted By: Anonymous
08 May 2015

By Dennis Drogseth
EMA, Vice President

In my last blog, I talked about “IT Cultural Transformation and the Elimination of Technology Silos.” That blog keyed on four key areas of advice, which also provide a useful foundation for the topic of “Governance and Optimization.” These key areas include:

1. Standing in the middle of the storm –This means looking at the interdependencies between process, technology, and organization/culture as they impact your particular objectives and environment. Too often these areas are dealt with separately, without appreciation for how technologies such as automation and analytics may impact process, for instance, or how process best practices may impact organization and culture.

2. Defining particular versus generic objectives – Too often IT initiatives are not well grounded in clear objectives that reflect meaningful priorities specific to the unique environment at hand. Governance and optimization can only be addressed once you have adequately addressed the question, “To do what, exactly?”

3. Defining objectives with an eye to your resources This area is the focus of our blog today. We’ll look at assessing priorities and applying meaningful metrics to your initiative.

4. Promoting dialog and communication – Nothing is more critical than good communication (including listening) with both stakeholders and executives. The set of metrics you decide on for governance should be a product of dialog, executive buy-in, and ongoing socialization.

Assessing Priorities for Governance and Optimization

One of the first things you should do—whatever your initiative—is to socialize your initial plan with the executive community, and then with stakeholders. This also means listening to and documenting their priorities. You will usually find that opinions differ, priorities don’t align, and perspectives on technology resources conflict.

For instance, in a single ITSM initiative, EMA documented the following priorities across multiple stakeholders:

  • Asset and configuration management
  • Application dependency mapping
  • Change management
  • Enterprise view/portal
  • Problem management
  • Release management
  • End-user experience
  • Patch management
  • Retiring assets
  • Security
  • Compliance
  • Portfolio management
  • Virtualization

Needless to say, there’s no way to create a workable first-phase plan with appropriate metrics and objectives around such a broad palette of processes and technologies. Establishing this type of list is in itself valuable—as it provides a snapshot of IT priorities. But it needs to be whittled down based on readiness and need, and even on the willingness and enthusiasm of critical first-phase stakeholders.

Creating Metrics for Governance

Too often metrics for IT initiatives evolve out of the “politics of pleasing” as opposed to well-grounded project directions. This invariably results in disappointment, disenchantment, and misdirection. It’s critical to set meaningful metrics based on your first-phase plan.

For instance, metrics associated with asset management might be associated with the following broader objectives:

  • Cost savings from improved compliance with SW licensing agreements
  • Savings on license, support, and maintenance contract costs for devices that no longer exist or need to be licensed/supported
  • Documented improvements in the level of accuracy for costing out services to customers
  • Improved ability to integrate and retire new assets in terms of time efficiency, cost efficiency, and service impact (downtime)
  • Number of assets mapped to appropriate security parameters
  • Completeness of mapping of assets to owners

Each of these metrics is, in reality, a departure point for more granular metrics based on expectations for improved processes and enhanced technology investments. Ideally, each detailed metric should have a stakeholder associated with it, either an individual or a team that has full buy-in and is committed to both the objective and outcome. One of my favorite examples of metrics involved telephone or Internet time spent in searching for the right CI owner by Level 1 service desk employees when unplanned incidents occurred. Once CI owners were mapped to critical CIs, this company saved nearly $100,000 in Level 1 search time, which they called “mean time to find someone” or “MTTFS.”

The following are a few examples of initial planning metrics for change management:

  • Reduction in number of unapproved changes detected
  • Reduction in number of change collisions
  • Reduction in number of failed changes and re-do’s
  • Reduced cycle time to review, approve, and implement changes
  • Reduction in time to deliver/provision new application services
  • Reduction in time to onboard new employees

How to Use, and Not Obsess about, ROI

All return-on-investment (ROI) values should include OpEx (team/time) costs and CapEx (technology) costs and should map these costs to achieved outcomes in terms of IT efficiencies, service availability, improved end-user productivity, and other business outcomes.

While ROI is often the first thing people like to use to highlight effective governance and optimization, the reality is that all ROI values should evolve out of solid dialog, planning, and project management. Doing the opposite—starting with a pie-in-the-sky ROI number and then trying to backfill a plan for getting there—is a sure recipe for failure.

Moreover, most ROI is not “pure.” If you are doing a change management initiative, you should expect to see improved service uptime, improved IT efficiencies, and possibly improved asset lifecycle management savings as critical IT assets are better identified and managed and unused assets become more visible. However, trying to pretend that your core change management team and its associated technology investments are responsible for ALL of these benefits is duplicitous at best. What you’ve really done is create a better foundation for your entire IT organization to perform more effectively—a bit like installing a transit system in a major metropolitan area. Trying to claim that your team did it all is bound to make you unpopular and may even discredit you as you plan your next-phase objectives.

To Sum Up

Governance and optimization go hand in hand, and they depend on dialog, socialization, prioritization, and metrics. Moreover, governance should not be approached as a generic exercise, but rather as a highly individualized set of processes, metrics, and communications based on the unique IT environment at hand. We at EMA have seen many IT initiatives go awry by ignoring these two key points. But once the right process gets underway, you’ll find benefits at every step—as the realities and potential of your own IT organization become more solidly defined, and your ladder for improvement becomes a reality.

Posted By: Eric Aarrestad
24 Apr 2015

Take a look at the online comments section for any review of the Apple Watch, or any smartwatch for that matter, and consumer objections are immediately apparent. They may say ‘it’s ugly, it’s too expensive, we don’t need smartwatches, I like my dumb watch, I hate Apple, I hate Android’. Indeed, from a business perspective, it’s all too easy to dismiss the watch as a luxury plaything, as many have already. However, there were naysayers for the smartphone too and even IBM didn’t believe there was a market for the PC, standing by to let Microsoft dominate the market for years to come. Needless to say, people can be wrong, and it would be hard to argue that these two devices haven’t had a profound impact on the way in which virtually every modern business operates today.

While enterprise adoption might initially be limited to simple field scenarios such as arranging meeting points, alerts, quick canned/tap email responses, as well as simple project tasks and conflict notifications. However, apps and extensions of current enterprise apps could one day enable more complex scenarios and revolutionize certain business tasks. I for one wouldn’t bet against the smartwatch for business any time soon.

It’s probably not an immediate concern for most IT teams, but the implications from a Unified Endpoint Management perspective are that, over time, smartwatches essentially represent an extension of BYOD. As such, they’ll similarly require some level of management, updates and security as part of a unified endpoint management solution. This will be especially important once these devices begin enabling more complex tasks, when the volume and type of data stored on smartwatches becomes increasingly valuable.

Posted By: Anonymous
22 Apr 2015

By Steve Brasen

EMA, Managing Research Director - Enterprise, Mobile & Endpoint Management

In a perfect world, all business processes would be automated and all work tasks would be accomplished with the click of a button. This idyllic work experience seems to be the realization of Plato’s utopia…or, if you prefer, the world of the Jetsons. Regrettably, however, we clearly do not live in a perfect world. Put simply, while any repeatable processes can be automated, not every process is repeatable, so automation is not a practical solution in all cases. This is particularly a problem for enterprises since business productivity is almost entirely dependent on the rapid and accurate performance of business processes.

To begin, it needs to be understood that business processes are not just utilized by IT administrators. In fact, business processes are used by every individual in a business ecosystem—from the CEO to middle management to task workers, even the enterprise customers. A business process can be defined as any series of tasks necessary to complete a common business requirement. These might include provisioning resources, completing a service request, initiating a sales contract, auditing for compliance, or performing any other chain of activities frequently employed in normal enterprise operations. Individual tasks that require the use of computing technology can often be automated. Automated tasks are completed faster and with greater accuracy than manual tasks, ensuring consistent results and improved user productivity. Naturally, it follows that the more tasks are automated, the more efficiently a business operates. Whole workflows, consisting of multiple tasks, can be automated to perform complex jobs from single point of execution.

Unfortunately, not all workflows or individual tasks within a workflow can be automated. The requisition process for a new desktop PC may automatically determine and provision the model, operating system, hardware configuration, and base applications for the new device based on the user roles, but other elements—such as approval for the installation of additional software—may require manual inputs from a third party. Similarly, a regulatory compliance audit can leverage automation to collect the bulk of information from software elements, but a physical inspection of the hardware and surrounding environment may be necessary to complete the audit process. Complex business processes typically require a mix of both manual and automated processes performed in a particular order to complete successfully.

Most commonly, complex business processes consisting of both automated and manual tasks need to be governed from initiation through completion, executing each individual task in a workflow in a methodical fashion. If steps are missed or performed in an incorrect order, the entire process may fail and/or result in business-impacting errors. Also, the time-consuming activity of monitoring and executing each step in a workflow can undermine the value of introducing automation in the first place.

To be effective, organizations must adopt business process management solutions that are able to govern both automated tasks and manual tasks. Upon initiation, the platform executes any initial automated elements before submitting a request for manual actions to a ticketing system, a change management platform, or to any other commonly utilized service support solution. Even just a simple alert or email can be used to engage individuals to perform manual tasks. Once the manual tasks are acknowledged as completed, the governing platform executes the next set of automated steps until another set of manual process needs to be performed. In this way, complex business processes are entirely managed through completion without requiring constant babysitting. Business users, therefore, are empowered to initiate a broad range of processes without needing to understand, or be aware of, all the technical and non-technical tasks that are subsequently performed behind the scenes. Now that’s a work environment in which I expect even George Jetson would feel comfortable.

Posted By: Kevin J Smith
16 Apr 2015

As demands for IT automation, self-service, and dynamic operations grow, effective service management becomes an increasingly important facet of a company's success; yet, many IT departments are struggling to meet these demands. It's for this reason we've developed the HEAT Service Management solution, an incredibly flexible application that makes all aspects of service management, including service requests, remediation, and authorization, far more efficient than traditional manual methods.

Cloud applications have dramatically changed our market. Cloud applications deliver exciting advantages, but on-premise applications can be best for some organizations. As always, choice is good. Because having only one option isn't an option! As companies consider launching our innovative HEAT Service Management application, they'll be faced with an important question: on-premise, cloud, or hybrid application deployment? A company's answer to this question can determine the extent to which cost and efficiency are optimized. Here are 8 key questions to consider.

1. Do you focus on year 1 costs or a long term TCO?
Cloud Preferred:
• Year 1 costs are lower with SaaS (50% to 75% less)
• Save money on servers
• Prefer annual subscription model
On-Premise Preferred:
• 3+ year TCO typically favors on-premise
• Overall consulting costs similar
• Prefer perpetual license model

2. What is the state of your IT resources?
Cloud Preferred:
• Lowers requirement for IT services
• Data and application moved offsite
• System administration needs are reduced
• Upgrades managed by vendor
On-Premise Preferred:
• Will require IT support
• Data and application are local
• Plan for local system administration
• Upgrades are do-it-yourself

3. What is the nature of your system integrations?
Cloud Preferred:
• Limited number of integrations
• Well defined and understood
• Typically static and one-way
On-Premise Preferred:
• Need a number of integrations to other applications
• Evolving and complex
• Typically dynamic and bi-directional

4. Does your organization have experience with Cloud?
Cloud Preferred:
• Other Cloud application(s) in place
• Cloud understood and accepted
• Executive support for SaaS
On-Premise Preferred:
• No Cloud application(s) in place
• CRM and ERP applications have been deployed on-premise
• Executive team see Cloud applications as a risk

5. What is your history with Application upgrades?
Cloud Preferred:
• Bad history with upgrades
• No current upgrade process
• Generally lacking in-house skills
On-Premise Preferred:
• Good history with upgrades
• Established upgrade process
• The right skills available

6. Rate your readiness for ‘out-of-the-box’?
Cloud Preferred:
• Organization is ready to embrace standard applications
• Business is more standardized
• Bad experience with custom applications
On-Premise Preferred:
• Applications tend to be more customized
• Business is highly unique
• Have aptitude to sustain customizations

7. How are your users distributed?
Cloud Preferred:
• Highly distributed user base
• More complex upgrade process
• Reliable internet access
On-Premise Preferred:
• Centralized with fewer locations
• Upgrades more localized
• High quality servers

8. Are Cap Ex or Op Ex budgets more favorable?
Cloud Preferred:
• Operating Expense budget preferred
• Smaller financial impact in year 1
• Annual subscription preferred
On-Premise Preferred:
• Capital Expense budget preferred
• Larger financial impact in year 1
Purchase of perpetual licenses

At HEAT Software, our HEAT Service Management application is available with flexible deployment options: On-Premise, Cloud, or as a Hybrid, which combines On-Premise and Cloud with the ability to move seamlessly from one to the other. Each company will need to thoroughly consider their own IT needs to determine which deployment option will work best, and our HEAT Software support staff is happy to discuss these options with you. Learn more about deployment solutions for HEAT Service Management by contacting us today.

Posted By: Jim Blayney
01 Apr 2015

Service automation refers to an approach to streamline operations via automated processes. While service automation has been widely sought by companies for its ability to reduce costs and increase productivity, this technology also makes corporations more secure. How? First, let’s consider how the discovery of a security threat would be handled by a company without service automation.

When handled manually, a security threat would first be reported by users to the company’s help desk. Then, a service analyst would spend time investigating and identifying the threat, and once confirmed the company’s IT team would be notified. The IT team would in turn spend additional time searching for the correct patch to block the threat, request approval to manually implement the patch across the company’s network, and add this latest patch information to the company’s management system. Once that was completed, the IT team would then inform the help desk, which would in turn update customer records and notify customers of the solution via email. If that sounds like a lengthy and tiresome process, we agree. There’s no telling how long a customer would need to wait for confirmation that a security breach was handled with manual service.

However, with service automation, managing security is far easier. For example, were the same security threat to be present, an automated system would instantly detect and identify the new threat and immediately download the proper patch to test. The patch would be pre-approved and logged into the system’s records, and the service desk would be automatically notified of these changes. The system would in turn quickly deploy the patch, update compliance policies, and configure all items. Users would then be immediately notified of this update to security.

It’s therefore easy to see why service automation is a better option for managing corporate security. Service automation reduces the number of channels necessary to enact a security update, and therefore reduces the amount of time a network is exposed to dangerous threats.

Learn more about how service automation can improve corporate security by viewing our infographic.

Pages