Trends and opinions for improved IT service management and client management

Posted By: Eric Aarrestad
28 Jul 2015

Last week, Microsoft issued an emergency patch in response to a critical flaw discovered by Google's Project Zero and FireEye. While critical flaws rarely have a silver lining, there’s a big one for Microsoft here. An emergency patch just a week after July’s Patch Tuesday is the perfect outlier for Windows Update for Business (WUB) and 24/7 patching, which will be introduced as part of the Windows 10 launch this week and rolled out to companies in the weeks and months ahead.

Back when Patch Tuesday was first introduced, monthly updates were revolutionary. Today however, as demonstrated by this critical flaw, Patch Tuesday is far from the be-all and end-all of patch management. Indeed, this kind of out-of-band patch illustrates the critical need to update patching practices and tools to provide more continuous patching for Microsoft and third-party apps.

Likewise, it also serves to highlight the immense value WUB represents to the enterprise, as well as how far the industry has shifted since Patch Tuesday first came onto the scene. While it’s been good that we’ve become conditioned to a regular cadence for patch, there remains the significant potential for vulnerabilities outside of fixed cycles. I don’t expect WUB to solve the problem of critical flaws, nor remove the need for emergency patches, but Microsoft and the software industry in general are certainly heading in the right direction.

If you will be moving to Windows 10 soon and have any questions regarding OS migration or what Windows Update for Business means for your company, the HEAT Software team is happy to help. Why not check out some of our recent blogs or get in touch by phone or email.

Posted By: Dennis Drogseth
27 Jul 2015

This is the first of a three-part series on change management. In this blog, I’ll try to answer the question, “What is change management?” from both a process and a benefits (or use-case) perspective. In the second installment, I’ll address best practices for both planning for and measuring the success of change management initiatives. I’ll also examine some of the issues that EMA has seen arise when IT organizations try to establish a more cohesive cross-domain approach to managing change. In part three, I’ll focus on the impacts of cloud, agile, and mobile, including the growing need for investments in automation and analytics to make change management more effective.

Change management processes

Like many words and concepts in English language, especially when applied to technology, “change management” carries with it a wide variety of associations. In terms of the processes established in the IT Infrastructure Library (ITIL), change management is best understood as a strategic approach to planning for change.

ITIL defines change management succinctly as, “ the process responsible for controlling the lifecycle of all changes, enabling beneficial changes to be made with minimum disruption to IT Services.” As such, change management is a logical system of governance that addresses a set of relevant questions, which include the following:

· Who requested the change?

· What is the reason for the change?

· What is the desired result of the change?

· What are the risks involved with making the change?

· What resources are required to deliver the change?

· Who is responsible for the build, test, and implementation of the change?

· What is the relationship between this change and other changes?

But this system of governance doesn’t stand alone. Actually implementing and managing changes requires attention to other ITIL processes. These include (but are not limited to):

  • Service asset and configuration management (SACM) – “ The process responsible for maintaining information about configuration items required to deliver an IT Service, including their relationships.” SACM addresses how IT hardware and software assets (including applications) have been configured and, even more critically, identifies the relationships and interdependencies affecting infrastructure and application assets.
  • Release and deployment management The process responsible for planning, scheduling and controlling the build, test and deployment of releases, and for delivering new functionality required by the business while protecting the integrity of existing services. ” As you can imagine, release management and automation should go hand in hand.

There are other ITIL processes relevant to managing change effectively, including capacity management, problem management, availability management, and continual service improvement, just to name a few. From just this brief snapshot, you might get the (correct) impression that change management in the “big picture” is at the very heart of effective IT operations. If done correctly, change management touches all of IT—including the service desk, operational teams, development, the executive suite, and even non-IT service consumers. This central position makes change management both an opportunity and a challenge.

Change management use cases

Probably the best way to understand the “change management opportunity” is to look at some of the use cases affiliated with it. Effective change management can empower a wide range of other initiatives, from lifecycle asset management to DevOps, service impact management, and improved service performance. EMA consultants have estimated that more than 60% of IT service disruptions come from the impacts of changes made across the application infrastructure—and this estimate is conservative compared to some of the other industry estimates I’ve seen. Having good change management processes and technologies in place is also a foundation for better automation, as well as for better optimization of both public and private cloud resources. And the list goes on.

Even the list below, derived in large part from “CMDB Systems: Making Change Work in the Age of Cloud and Agile ,” is a partial one, but it should provide a useful departure point for your planning—as you seek to prioritize the use case(s) most relevant to you.

  • Governance and compliance : Managing change to conform with critical industry, security, and asset-related requirements for compliance, while minimizing change-related disruptions. This, can provide significant financial benefits including OpEx savings, superior service availability, improved security and savings from avoiding the penalty costs incurred when changes are made poorly.

o Data center consolidation—mergers and acquisitions Planning new options for data center consolidation is definitely on the rise, and mergers and acquisitions often lead to data center consolidation initiatives. Effective change management can shorten consolidation time, minimize costs, and improve the quality of the outcome.

o Disaster recovery – Disaster recovery initiatives may be an extension of data center consolidation, or they may be independent. Automating change for disaster recovery is one of the more common drivers for a more systemic approach to change management.

o The proverbial “move to cloud” The stunning rise of virtualization and the persistent move to assimilate both internal and public cloud options make change impact management and effective change automation essential.

o Facilities management and Green IT This use case requires dynamic insights into both configuration and “performance”-related attributes for configuration items (CIs), both internal to IT (servers, switches, desktops, etc.) and external to traditional IT boundaries (facilities, power, etc.).

o Optimizing the end-user experience across heterogeneous endpoints – Meeting the challenges of unified endpoint management including mobile endpoints, requires a flexible adoption of change management best practices and automation. But the benefits of doing this can be significant—impacting asset management, security, and financial optimization, while increasing end-user satisfaction with IT services.

In the part two of our series on change management, we’ll look more closely at change management metrics, best practices, and some of the more prevalent pitfalls to consider before going proceeding with a change management initiative.

Posted By: Mareike Fondufe
24 Jul 2015

It's no secret that IT assets are incredibly valuable components of the corporate enterprise; yet, while many understand why acquiring these assets is essential, the value of effective asset lifecycle tracking often goes unrecognized. The reality is that corporate IT assets should never be "ignored" once deployed; rather, they must be understood and actively managed throughout their use.

  • When companies fail to track an IT asset throughout its lifecycle, they can:
  • Incur unnecessary additional expenses
  • Be challenged to scale resources easily
  • Weaken their level of customer service
  • Heighten their risk of security vulnerabilities
  • Overlook opportunities to optimize asset performance

However, given the rapid expansion of IT asset accumulation across industries, it's becoming increasingly difficult for companies to effectively track their assets.. For companies with small-to-mid-size IT departments, or even for companies with expansive IT departments, it's challenging to keep up with such a sprawling IT landscape.

It's for this reason that corporations benefit from our HEAT Discovery solution, which offers companies a comprehensive picture of their IT assets in a seamless and efficient fashion. With this knowledge, companies can more easily identify opportunities for optimization and efficiency.

The data generated from the HEAT Discovery solution helps companies maximize savings and expedite implementation, while affording greater peace of mind in knowing the system conducts automatic, ongoing inventory management. And did you know? Effectively tracking your IT assets can reduce hardware and software purchases by up to 50%.

Learn more about how your company can better track all of the assets within its expanding IT infrastructure by visiting our HEAT Discovery data sheet.

Posted By: Dennis Drogseth
17 Jul 2015

In my last blog, I discussed how IT service management (ITSM) roles (and rules) are becoming more operations-aware. The blog examined a number of key game-changers for ITSM, including a growing requirement for shared analytics; the rise (not the demise) of the CMDB/CMS and service modeling; cloud as both a catalyst for innovation and a resource to be managed; and support for enterprise services such as facilities and HR. I also discussed two topics, mobility and unified endpoint management, that I’d like to examine in more depth here.

Mobility is king

OK—you probably didn’t need me to tell you that mobility is critical, but let me place its growing criticality in a more specific ITSM context with a few numbers.

  • 62% of our 270 respondents viewed lifecycle mobile support as “significantly” or “completely” impacting ITSM directions.
  • Mobility is anything but one-dimensional. In fact when we got the data for how actual mobile endpoints are being used by end users and ITSM professionals, the charts looked almost identical.

o 48% of end users and 45% of IT professional usage includes tablets, iPhones, Androids, and other mobile devices.

o 26% of both end users and IT professionals are using a mix of iPhone, Android, or other similar mobile endpoints (but no tablets).

o Only 15% (of end users) and 17% (of IT professionals) say they are not yet focused on any mobile devices.

  • 63% are using mobile endpoints in support of ITSM professionals with the following top-ranked results:

1. Improved responsiveness to IT service consumers

2. Increased IT efficiencies and reduced OpEx costs

3. Improved collaboration between the service desk and operations

  • About two-thirds of our respondents allow end users to access corporate applications via mobile endpoints . And 50% of respondents offer their end users mobile access for ITSM-related requests and other interactions. Of these last, 78% saw “meaningful” or “dramatic” improvements in service delivery.

How unified is unified endpoint management?

Mobile is, of course, part of a bigger picture when it comes to endpoints. And here, our respondents generally favored integration and unified approaches. For instance, concerning mobile management, 58% preferred an integrated application that could support device management, configuration management, and enterprise mobility. Looking at endpoints more broadly, 82% viewed a unified console for managing mobile and traditional endpoints as “important” or “essential.”

When it came to unified endpoint management, the top seven functional priorities were:
1. Understanding software usage
2. License management
3. Software distribution
4. Operating system deployment
5. Patch management
6. Inventory management
7. Security

And the winners were…

So, how did the “extremely successful” map more specifically to questions of endpoint management and mobile empowerment? In my last blog , I mentioned that the extremely successful were twice as likely to leverage mobile for ITSM professionals, four times more likely to offer service consumers mobile support, and twice as likely to offer users access to corporate applications through mobile.

Here are a few additional data points regarding extremely successful priorities as opposed to those who were only somewhat successful, or unsuccessful:

Those who were extremely successful were:

  • Nearly eighteen times more likely to view lifecycle support for mobile users as “completely impacting” service desk operations
  • Three times more likely to have an overarching strategy for managing endpoints
  • Three times more likely to view managing and remediating endpoint issues at the service desk as critical
  • Four times more likely to prefer a single unified console for endpoints

So as you can see, the data here strongly suggests that a more progressive focus on both mobile and endpoint management helps to put ITSM teams in the winner’s circle.

Coming up next

I’d also like to take this opportunity to invite you to a webinar on August 4 entitled “How (and Why) is ITSM Evolving in the Digital Age?” The webinar will allow me to share a broader and more in-depth look at how the service desk and the ITSM team supporting it are changing—as viewed from multiple perspectives, such as different stakeholders across IT and from different company environments, and in the context of key catalysts such as cloud, agile, and more effective business alignment.

Click here to sign up for the webinar .

Posted By: Russ Ernst
14 Jul 2015

In the last Patch Tuesday before users may upgrade their Windows operating systems to Windows 10 on July 29 and subsequently enlist a changed patching process, we have 14 updates to deal with from Microsoft that address 59 total vulnerabilities. Equally as important however are the three 0-days in Adobe Flash Player and an impending 193 new fixes from Oracle, 25 of which will be for Java. Put your summer vacation on hold; it’s definitely a crazy month.

Last week’s hactivist attack on the Italian surveillance firm The Hacking Team, who reportedly sells exploits to anyone willing to pay for them, resulted in 400 GB of stolen data free for the taking. Unearthed in that data dump to-date was three 0-days in Adobe Flash Player. Consequently, first on your priority list this month should be the new update from Adobe, APSB15-18 . This covers off on the 2 newest 0-days in Flash, CVE-2015-5122 and CVE-2015-5213. Reportedly, one is under active attack. The third 0-day,CVE-2015-5119, was patched out-of-band late last week with APSB15-16.

Together, the three exploits impact Flash versions 9.0 through in Windows, Mac and Linux and brings Flash to its 11th update overall in 2015 alone. If you must use Flash, be sure you have the current version, which you can download here. The safer bet however is to uninstall the long-risky media player once and for all. If you use Firefox, you’ll see they blocked Flash entirely this week, in light of the three new 0-days.

Once you’ve updated Adobe, turn your attention to the 14 Microsoft updates, 4 of which are critical this month. If you use IE, MS15-065 should be first priority. Another cumulative update for IE, this patch updates 29 total CVEs in the popular browser. Some are saying one vulnerability, CVE-2015-2425, may come from the Hacking Team hack as well so overall, the release of that data has generally wreaked havoc on all of our systems this month. We will all have to diligently follow this story, continue to patch newly discovered vulnerabilities, and train the troops.

Second, take a look at MS15-070 which patches 8 CVEs in Office and SharePoint Server 2007, 2010 and 2013. One is under active exploit. MS15-077 is also an important one to address quickly because it too is under active exploit. This addresses a vulnerability in Adobe Type Manager.

Once you’ve worked through the Adobe updates and these first three from Microsoft, you should also take a look at Java. They are also dealing with a new 0-day thanks to the Hacking Team, their first since 2013. It involves a separate Windows vulnerability, CVE-2012-015, which Microsoft addressed in 2012 in bulletin MS12-027 . Oracle is planning to release updates today to Java JRE to address 25 total security vulnerabilities, 23 of which can be remotely exploitable.

Lastly, don’t forget July is the last month Microsoft will patch Windows Server 2003. If you look at the 14 bulletins from Microsoft, you’ll see 9 of them affect Server 2003. It’s time to migrate.

Posted By: Anonymous
19 Jun 2015

By Steve Brasen

EMA, Managing Research Director - Enterprise, Mobile & Endpoint Management

It’s time to take a serious look at Office 365. The cloud edition of Microsoft’s broadly adopted business productivity suite – which bundles such popular packages as Microsoft Word, Microsoft Excel, Microsoft PowerPoint, and Microsoft Outlook – has been both heavily praised and heavily criticized since its introduction in 2011. While the adoption rate of the traditional software edition of Microsoft Office is currently in no danger of being overtaken by its cloud-hosted cousin, recent adoption rates for Office 365 have substantially accelerated. Businesses, in particular, have shown increased interest in the cloud-based platform, and many are carefully considering whether to make the transition after existing Enterprise Agreement (EA) licenses expire.

Currently, Microsoft offers a variety of licensing plans for both home and business users of Office 365. However, all Office 365 plans are based on subscription pricing models (i.e., per user per month or per user per year) as opposed to the one-time perpetual licenses offered with Microsoft Office. In November 2014, Microsoft introduced free versions of Word, PowerPoint, and Excel apps for iOS and Android platforms independent of Office 365; however, the licensing agreement for these apps states that they can only be used for “non-commercial purposes” (though I’m really not sure how that could possibly be enforced). Clearly these free mobile editions were made in direct response to the increasing popularity of Google Docs in that particular market. It should also be noted that Microsoft offers a free package of web-based apps, Office Online, which is a lobotomized version of Office and should be avoided at all costs to retain your sanity.

While Microsoft has promoted a number of reasons to adopt Office 365, in my opinion there are only two that really matter: to support enterprise mobility and to reduce costs. Here’s a summary of the benefits of both:

  • Supporting Enterprise Mobility – A single user license for Office 365 will support up to 5 devices of any type. So, users can employ any combination of PC and mobile devices that would enable them to be most productive whenever and wherever they need to read, create, and/or edit documents. Additionally, for its Office 365 customers, Microsoft offers free and unlimited access to its cloud storage solution, OneDrive. While users can still store data on their local devices, any files stored on OneDrive will be accessible by any other devices they use. OneDrive also enables files to be shared with coworkers or to create collaboration environments.
  • Reducing the Cost of Operations – With Office 365, license costs are substantially reduced for users who employ multiple devices. Unlike Microsoft Office, which requires individual licenses to be purchased for every device, Office 365 requires only a single license for up to 5 devices. Additionally, this subscription pricing is more conducive for organizations with fixed budgets (particularly SMBs) and can be substantially cheaper for supporting short-term projects (i.e., those lasting less than two years).

All organizations are different, and a number of factors will need to be considered when deciding if transitioning from locally installed software to a cloud-based solution is right for you. Some of the factors include organization size, industry type, user requirements, regulatory compliance goals, budget restrictions, and the breadth of available IT support. Detractors of Office 365 primarily raise concerns about reliability and performance. For instance, organizations with heavy security or regulatory compliance requirements may be restricted from using applications that host data in multi-tenant environments. Also, while Microsoft claims 99.9% uptime on the hosting environment, unreliable internet and LAN network connectivity could impact the performance of the platform. To be clear, while Office 365 does not require persistent connectivity (as it runs locally on each device), it still requires periodic contact with the cloud-hosted environment and, of course, it is necessary for accessing any files stored on OneDrive. Synchronization issues with Outlook and SharePoint have also been frequently noted by users as challenges to the platforms reliability.

Organizations that do decide to make the leap to adopting Office 365 should be prepared to carefully manage the various licenses adopted for each user. For instance, since each user can assign their license to up to five devices, it is possible that multiple licenses could be assigned to a single device, which is obviously not cost-effective. Additionally, it’s important to know the type of license employed by each user, the length of the license term (monthly or annually), and when the term expires to prevent the business from being charged for any software that is no longer being used.

Taking all these pros and cons into consideration along with your own unique business requirements (and a measure of common sense) should provide ideal guidance on whether it’s time to transition to Office 365. One final note: Don’t be afraid of the cloud simply for fear of change. Cloud-hosted services are neither the ultimate solution nor the ultimate challenge. They simply represent another technology approach to be evaluated – another tool in the belt to be employed when it makes the most sense for your organization.

Posted By: Russ Ernst
09 Jun 2015

This June Patch Tuesday we have a slightly smaller patch load from Microsoft, taking us back to more historic average releases of 8 bulletins. We have just 2 critical patches to deal with and 6 important. While this is good news for those that have their sights set on some summer vacation, this release also makes us wonder how many more of these Patch Tuesday cycles will we have?

Before diving into that, let’s take a look at the job at hand this month, starting with Microsoft. MS15-056 is a critical cumulative update for Internet Explorer addressing 24 CVEs. If you’re using IE, patch it now, please. We see a patch every month for this popular browser for a reason. The bad guys love to exploit it along with all of the other popular browsers like Firefox and Chrome, and in too many instances, they are successful. This month, attackers could force a remote code execution and gain the same rights as the affected user.

Second on your list of priorities should be MS15-059. Although rated as important, it impacts all shipping desktop versions of Microsoft Office. This bulletin addresses 3 vulnerabilities in Office which an attacker can use for remote code execution.

There are other Microsoft bulletins to deal with – including critical MS15-057 that impacts Windows Media Player and grants full user rights to the attacker when a malicious file is played – but you’ll also need to prioritize a vulnerability in Adobe Flash. APSB15-11 is the 8th update of Flash Player this year and updates 13 vulnerabilities that span across Windows and Mac desktops.

Microsoft has announced the release of Windows 10 as July 29, 2015. For a year, this upgrade will be available for free and will continue for the lifetime of any device you install it on – your PC, tablet, or phone. In other words, Windows 10 is reportedly the last splashy OS release we will see. From there, they will continually update your OS with new features and security updates without the fanfare of a new OS version number, without the costly endeavor of testing code and holding on to it until a pre-selected release date. In time, this should result in a simpler, safer computing experience. Until then, we have to deal with a transition of the massive install base of Windows 7 machines to this new Windows as a service.

So what about Patch Tuesday? The release of Windows 10 will change how you push security updates too, maybe. Microsoft has been clear as mud on this process question, to be honest. As described in a Microsoft FAQ , licensed Home users will see updates pushed automatically, as they are ready. This process should get the millions of home machines using Windows updated faster, and that’s a good thing, but what about the patches that fail? Are Home users the unfortunate testing ground? Only time will tell. And while enterprise users will have more choice on when to push updates, how that gets done has not yet been precisely defined.

In reviewing this month’s patch load from Microsoft, we see plenty of legacy software in need of updating. Another thing the new Windows Update for Business does not make clear is how will these systems be updated? Will organizations who choose to remain on older systems receive updates on the typical Patch Tuesday cycle? It isn’t clear yet but one thing remains true. If you can update, you should. Remember, Windows Server 2003 reaches end of life next month. Hopefully you are working your migration plan.

Posted By: Anonymous
05 Jun 2015

By Steve Brasen

EMA, Managing Research Director - Enterprise, Mobile & Endpoint Management

Here we go again. New releases of Microsoft’s flagship operating system are typically greeted with a combination of angst, curiosity, confusion, and dread in equal measure. It seems just as folks have gotten used to a particular Microsoft version, a new one is released with a completely different interface and requiring a whole new set of operational practices. Even worse, upgrading large numbers of desktops to the new edition in a large enterprise environment is a daunting task often avoided by IT operations teams until and unless it is absolutely necessary to perform a mass migration. More often, new OS platform adoption occurs due to device attrition (i.e., replacing old devices hosting old OS versions with new devices hosting the new OS version). The upcoming, late-July release of Windows 10 will likely be no exception to this.

Beyond natural device circulation, however, there are still compelling reasons to migrate to Windows 10 – usability being the most critical. Just as the initial adoption driver for Windows 7 was to get users off of Windows Vista, organizations that adopt Windows 10 early will principally do so to free their users from the challenges of Windows 8. In fact, while the Live Tiles interface has been retained, Windows 10 has a look and feel more akin to Windows 7 than Windows 8. Interface features like the traditional Start Menu and Taskbar have been reintroduced while the much reviled Charms menu has been retired. Perhaps the most important feature of Windows 10, however, is its ability to port applications from other environments (e.g., Linux, iOS, Android). This is particularly advantageous for mobile editions of Windows 10, as previous versions broadly lacked availability of key applications.

It should also be noted that roughly 15% of organizations still rely on the retired Windows XP OS to perform critical business tasks. XP was released way back in 2001 – when a “mobile device” referred to little more than a pen and paper. It is long past time to abandon XP, and, for many organizations, the release of Windows 10 provides the best opportunity to finally do so.

While Windows 10 was designed to unify the OS architecture across devices (i.e., to support common apps), Microsoft is actually releasing seven different versions of the platform: Home edition, Enterprise edition, Professional edition, Education edition, Mobile edition, Mobile Enterprise edition, and an Internet of Things (IOT) Core edition. The much-maligned Windows RT tablet environment has been retired. For existing Windows 7 and Windows 8.1 systems, the Windows 10 Home and Professional editions will be available as a free upgrade for one year, providing a strong incentive for early adoption.

Of course, the biggest challenge for organizations is to reliably transition a large number of PCs and mobile devices with minimal impact on business productivity. While Microsoft offers a migration tool for Windows 7 and Window 8 devices, Windows XP and Vista devices will require a full system installation. Either way, manually performing OS migrations on hundreds, thousands, or even millions of devices is simply not practical or cost-effective for most organizations. A much more effective approach is to adopt an automated OS deployment and migration solution that enables the centralized scheduling, configuration, and implementation of Windows 10 editions. Key features to look for when evaluating available solutions include:

  • Asset Management – Preparation for migration begins with a deep understanding of enterprise resources and requirements, so a full inventory of the support stack is essential and should include both hardware assets (e.g., system model, CPU, memory, devices, peripherals, etc.) and software assets (e.g., applications, drivers, and system tools). This information will be used to establish a baseline for identifying issues that will need to be addressed during the migration, and it helps prioritize which system, service, and task deployment activities should be performed first.
  • Role-Based Management – User profiles identifying permissions and configurations are grouped based on the user’s job function (e.g., accountants, marketing reps, IT support staff, etc.). Ideally, these user roles are imported for an enterprise IT listing service, such as Active Directory or LDAP, to ensure consistency across the enterprise.
  • Centralized System Packaging – With this feature, all OS, application, driver, and patch elements are packaged (as either a bundled deployment or an image) in order to meet specific requirements for the endpoint. Additionally, any configuration requirements (such as usage preferences and security settings) should be automated and included in a deployment package.
  • Deployment Multicasting and Scheduling – Multicasting allows multiple systems to be migrated simultaneously. While it is fast, this approach may also saturate a network that is also used to support production services. With deployment scheduling, migrations can be initiated during low-use hours (e.g., evenings and weekends) or can be spread out to minimize impacts to the network.
  • Reboot Management – Some OS, application, driver, and patch installation processes require a system restart to complete. With reboot management, solutions can ensure implementations are automatically tracked and managed through each phase of the installation without requiring administrator interaction.
  • Migration Process Monitoring – With a broad number of deployments happening simultaneously, it’s easy to overlook critical installation and configuration failures. The quicker migration difficulties are identified, the faster they can be remediated, reducing the number of occurrences of similar problems on other endpoints in the migration schedule.

With the proper automated migration tools in place, transitioning to Windows 10 can be eagerly embraced, rather than dreaded. The new OS’s improved application availability and standardized user interface across all devices will only increase user productivity while simplifying IT management. With change, there is always apprehension. But if wielded correctly, strategically planned change can provide a competitive edge at a time when both markets and organizational requirements are rapidly changing.

Posted By: Wendi Wolfgram
28 May 2015

Does your company consider itself a thought leader on the cutting edge of business and technology? As a customer of HEAT Software, we already know your company has the vision to seek out the world's only hybrid Service and Client Management platform provider, and therefore stands out as one of the few companies in your industry that maintains full service automation and automated client management services for cost-effective and efficient operations. So why not share both your industry insight and HEAT Software experience with others, and benefit in the process?

Our HEAT Insiders Program is a network of current customers, future customers, and industry media sources that fosters an exchange of ideas and insight. As a member of our HEAT Insiders Program, your company has the opportunity to speak with potential HEAT Software customers and members of the press to share not just your experience with HEAT Software, but all of the ways in which your company is innovative, efficient, and productive.

Specifically, our members can engage in press and analyst interviews, speaking engagements, networking calls, press releases, video testimonials, and networking calls. With these opportunities, HEAT Insiders can benefit in a number of ways:

1.) Promote your Brand

As you discuss your client and service management experiences with industry peers and members of the media, you'll be able to emphasize what it is about your company that makes it both unique and successful. As we know, positive publicity, especially when generated from third-parties like industry publications, is one of the most effective ways to gain notoriety and grow your customer base. Even informal conversations with peers can lead to increased visibility within industry circles. You've worked hard to manage a complex IT infrastructure and build a burgeoning enterprise, why not underscore that success by taking advantage of additional opportunities to talk about it?

2.) Network with Key Industry Players

Successful businesses understand growth is largely dependent upon building relationships, and our HEAT Insiders Program creates meaningful opportunities to do just that. Speak directly with other company leaders that specialize in related products, services, or industries, and build partnerships that could yield key partnerships and collaboration opportunities down the road.

3.) Gain Exclusive Access to HEAT Software Experts

As a valued member of our program, you'll also have exclusive access to our engineers and leaders, who are available to provide additional strategic assistance for your Hybrid IT platforms, as well as offer valuable insight regarding the latest trends in cloud, client, and service management. With this connection, you'll be able to reach out to us when in need of key advice and insight.

Learn more about the advantages of our HEAT Insiders Program today, or contact us for additional information or to sign up.

Posted By: Russ Ernst
12 May 2015

Rumors of the demise of Patch Tuesday have been squelched for now, with today’s release of 13 security bulletins from Microsoft. It’s May Patch Tuesday and while last week’s announcement of Windows Update for Business (WUB) makes it clear as mud whether or not Microsoft will in fact continue to provide monthly security patches for the enterprise as they have since 2003 on the second Tuesday of every month, one thing is certain today. IT departments everywhere will have their work cut out for them this month with 13 bulletins released from Microsoft. Of the 13, 3 are critical and 10 are important. In addition, we have new critical patches from Adobe for Reader, Acrobat and Flash Player as well as Apple, Mozilla and others.

Before diving into your May priorities, it’s important to understand what Microsoft announced – and what they didn’t – during last week’s Ignite Conference. Slated for release sometime this summer, the enterprise version of Windows 10 will ship with WUB. Using a ring approach, organizations can choose to immediately install the first ring of updates issued by Microsoft as they are ready or, to wait for the patches to be vetted and install them from a second or third ring. This new approach will allow for 24/7 updates for organizations that already have a well-established patch management process, and regularly scheduled patches for others.

While I’m optimistic about WUB, many people are wondering if the as-they-are-ready patch deployments will replace the traditional Patch Tuesday updates. At this point, we can only surmise as Microsoft has not clearly articulated their strategy. What we do know is WUB won’t be your cure-all. It won’t patch Windows 7 or 8 so if you plan to continue on either or those OS, you will be at risk. (Microsoft is offering Windows 10 for free to business to address this issue.) Nor will it solve the problem of third party application vulnerabilities. We know these continue to be a popular attack vector and Microsoft’s new updater will not address those.

Back to the job at hand, the May patches. First on the list for any organization using Internet Explorer should be MS15-043. This is a critical, cumulative update to Internet Explorer that impacts versions 6-11. This update patches 22 CVEs in all – the most serious of which could allow a remote code execution when a user visits a specially crafted webpage while using IE.

Second on your list of priorities this month is MS15-044. It resolves 2 CVEs in Microsoft Windows, .NET, Office, Lync and Silverlight. The most severe of the font driver vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage. This vulnerability has the highest exploitability index for both the latest platforms and application versions, as well as older versions. Given the broad scope of impacted software and the relative ease attackers could turn around exploit code, this update should be deployed quickly.

Also, pay particular attention to MS15-051, an elevation of privilege vulnerability in Windows Kernel Mode Driver. Even though Microsoft ranks this update as important, it’s the only bulletin that addresses an actively exploited vulnerability this month. In all, it addresses 6 CVEs.

Also in your queue for this month should be an update for Adobe Acrobat and Reader – the first we’ve seen since December. A total of 34 vulnerabilities, some of which could result in remote code execution, are updated with apsb15-10. Interestingly, 11 of these vulnerabilities were discovered by a single researcher and 21 were reported through the HP Zero Day initiative. While the pay for zero-day model is our unfortunate reality, it’s refreshing to see responsible vulnerability reporting working as designed.

Adobe Flash Player has also been updated again – this time for 18 CVEs. Already, Flash Player has been targeted 7 times this year, more often than IE if you’re counting. If you’re using it, patch it quickly.

Other May Patches:

  • MS15-045 Vulnerability in Windows Journal
  • MS15-046 Vulnerabilities in Microsoft Office
  • MS15-047 Vulnerabilities in Microsoft SharePoint Server
  • MS15-048 Vulnerabilities in .NET Framework
  • MS15-049 Vulnerability in Silverlight
  • MS15-050 Vulnerability in Service Control Manager
  • MS15-052 Vulnerability in Windows Kernel
  • MS15-053 Vulnerabilities in JScript and VBScript Scripting Engines
  • MS15-054 Vulnerability in Microsoft Management Console File Format
  • MS15-055 Vulnerability in Schannel

Organizations with well-established patch management processes in place should welcome Microsoft’s WUB announcement. It will likely lead to quicker security updates and should be able to mix these more continual updates into tiered deployments. For those that don’t, the news should be something of a call to action. If you aren’t conducting strategic patch management, which includes patching outside of Microsoft, you should start now.