Blog

Trends and opinions for improved IT service management and client management

Posted By: Kevin J Smith
12 Aug 2015

Both the “rules” and the “roles” governing IT service management (ITSM) are evolving to support a far-broader need for inclusiveness across IT, and between IT and its service consumers. Recent EMA research, “What Is the Future of IT Service Management?” (March 2015), exposed a number of shifting trends that might surprise many in the industry.

In our research, we approached ITSM not only as a set of service management processes, but we also viewed it in the context of recent trends in technology adoption and evolving organizational models. The research spanned 270 respondents in North America and Europe—in roles ranging from executives, to service desk professionals, to operations, and even development personnel—all of whom were actively engaged in ITSM in some way. Company/organizational size was a good mix, as well, ranging in size from 500 employees to more than 20,000 employees. Nearly 50% of those surveyed indicated that their ITSM teams were slated for growth. Another 35% were remaining the same, and only 15% were shrinking in size.

Probably the first thing that stood out in the survey responses was that there is a growing need to more fully integrate the service desk with operations beyond traditional trouble ticketing. This requirement is changing both the roles and the rules of ITSM, especially among the more successful ITSM teams, where dialog between service management professionals and core operations experts is becoming more multifaceted and more service-aware than in the past. In many cases, the more effective ITSM teams are increasingly helping to coordinate and focus operational experts in support of business needs.

Our data showed that the top three strategic priorities for ITSM teams were the following:

1. Improved user experience for internal service consumers (end users)

2. Improved operations-to–service desk integrations for incident and problem management

3. Improved operations-to–service desk integrations for configuration and change management

All three data points call out for stronger operations-to-ITSM integrations—in terms of workflow, analytics, and automation, as well as effective role-aware visualization. As an added confirmation, 55% of our respondents felt that “big data analytics for IT” belong equally to ITSM and operations, and 14% believed that big data was primarily the province of the ITSM team. Another surprising finding that supports integrated operations was that, for the first time ever, “performance-related service impact” was the dominant use case for CMDB/CMS deployments—followed by asset and change management—once again emphasizing the need to optimize the delivery of critical IT application services and, hence, improve the end-user experience.

Other research highlights show the following trends in rules and roles:

  • Cloud continues to be a game changer . ITSM teams are playing a more dynamic and service-aware role in managing cloud investments through a growing focus on such things as higher levels of automation and more attention to DevOps. ITSM teams are also integrating cloud services into their service catalogs—with SaaS (internal cloud) services, IaaS (internal cloud) services, and SaaS and IaaS services in public cloud tied for third.
  • The move to support enterprise services is also changing ITSM rules and roles. Only 89% of respondents had plans to consolidate IT and non-IT customer service—up from just two years ago when only 75% had plans to consolidate.
  • Mobility is seriously changing the ITSM gamein terms of both improved IT efficiencies and end-user outreach. 85% of our respondents had mobile support for end users, often across heterogeneous environments (tablets, iPhones, and Android phones, as examples). And 50% allowed end users to make ITSM-related service requests via these devices, making ITSM teams, and IT as a whole, considerably more consumer-friendly.
  • In parallel, the demand for more unified and effective endpoint management is expanding the requirements for role-based expertise. The leading requirements/skills here include capturing software usage, software license management, software distribution, operating system deployment, and patch management—across a fully heterogeneous set of endpoint options.

We also looked at success rates in an attempt to understand the chemistry of the most successful ITSM teams. To do this, we contrasted the 18% of respondents who viewed their ITSM initiative as “extremely successful” with the 12% who felt they were only “somewhat successful” or were “largely unsuccessful.” Those who were “extremely successful” were also:

  • Four times more likely to have integrated their IT and non-IT service desks
  • Twice as likely to have a CMDB/CMS-related technology deployed
  • Dramatically more likely to support cloud in service catalogs
  • Twice as likely to be leveraging mobile for ITSM professionals
  • Nearly four times more likely to offer service consumers mobile support for ITSM-related actions
  • Twice as likely to offer users access to corporate applications through mobile
  • More than twice as likely to be slated for growth

Overall, the news seems encouraging for ITSM teams willing to reach out and embrace a growing set of technologies and responsibilities. This means being ready to support new roles and expertise, while promoting more informed dialog, both between enterprise end-users and the service desk and between ITSM teams and the rest of IT—including operations and development. The news is probably not so good for the fainthearted seeking to cling to traditional ways of working in an “ITSM silo.” In other words, both the need and the opportunity for ITSM leadership awaits you—and our data suggests that the time to engage is now.

Posted By: Russ Ernst
11 Aug 2015

Despite the launch of Windows 10 and all the talk about mandatory updates, today is still Patch Tuesday. And this month, everyone should pay attention. Microsoft shared a vulnerability smorgasbord today – offering a little something for everyone. From office and browser applications to desktops and servers, Microsoft covered them all with 14 bulletins. Some are for Windows 10, but the majority are for legacy versions of the OS, as expected. Regardless of the Windows version you are using, it’s time to patch. Again.

Of the 14 bulletins this month, 4 are considered critical. The August patch load addresses 58 CVEs in all although 6 of those are shared across multiple bulletins. If you are a Windows 10 user, Microsoft rolled all 6 of their fixes into a single Cumulative Update (KB3081436).

First on your list of priorities should be MS15-081. This critical update addresses 8 CVEs in Office 2007, 2010 and 2013 and exploits are being detected in the wild now.

Second on your list should be MS15-079, a critical, cumulative update to Internet Explorer that addresses 13 CVEs in all. With user interaction, attackers could successfully pull off a remote code execution could result in the attacker gaining full user rights.

And speaking of web browsers, if you’re using Windows 10, Microsoft has also updated their new browser, Edge. Said to be the new IE, this new browser is already under attack and critical-ranked MS15-091 addresses 4 CVEs. And, for all the Adobe Flash users out there, you will want to update with APSB15-19. Published today, this update fixes 34 vulnerabilities in Flash Player, including fixes for Flash Player for Edge. There are no active exploits known at this time but it of course won’t be long.

For those using all legacy versions of Windows, MS15-080 should be third on your list of priorities. It is another critical patch that addresses 16 vulnerabilities across .NET, Office, Lync and Silverlight in all legacy versions of Windows and Windows 10.

And lastly, another zero-day is addressed with MS15-085 and should also be high on your list of priorities, even though Microsoft ranks it as important. This update addresses CVE 2015-1769 in Mount Manager that could allow an elevation of privilege. To accomplish it, attackers need to insert a malicious USB.

Since the launch of Windows 10 on July 29, the mandatory update policy is giving many users heartburn. Update KB3081424 released last week reportedly has problems. Forum users report it reaches various percentages of installation before failing, causing the machine to continually reboot. If you’re using the new OS, proceed with caution. With the Windows 10 cumulative update approach, be sure to thoroughly test in your environment before applying this all or nothing update.

According to StatCounter, in the week August 3-9, Windows 10 accounted for 3.55% of desktop operating systems. In addition, there was a combined 2.27% dip among Windows 7 to 8.1. Are you using Windows 10? If not, is it in plan?

Posted By: Russ Ernst
07 Aug 2015

As of August 1, ComputerWorld reported Windows 10 global usage had climbed to 2.5%. Not too shabby for the OS that was launched just three days earlier on July 29. Those numbers easily beat early adoption rates for Windows 8.1 but, I wonder how those users are faring? A quick read of headlines shows a lot of headaches ranging from overall privacy concerns to unwanted update files being delivered to networked machines still running Windows 7 or 8.1.

And speaking of updates, we’ve seen a lot of those too. Already. This week, Microsoft pushed (and re-pushed) all kinds of updates, both security and non. Much to the ire of sys admins everywhere.

The last week is best understood by first outlining the 5 new (English) OS editions which are: Windows 10 Home; Professional; Education; Enterprise and Enterprise Long Term Service Branch or LTSB. As John Savill explains in this WindowsITPro article:

The LTSB is similar to how versions are delivered today with a new one delivered every couple of years and in between each new version Microsoft will provide security updates, bug fixes and so on. Alternatively, customers can choose to use the [Current Branch] CB method which provides security updates, bug fixes, and new features every few months.

Since the July 29 launch day, Microsoft has pushed out 2 cumulative updates. The first came on July 29 and was a ‘cumulative security update’ ( KB3074683) that was actually released, for some reason, only to Windows Update (targeting Home, Professional and Education editions). Those machines managed with WSUS (such as Enterprise and LTSB versions) didn’t receive the update until August 4 – leaving those enterprise managed machines vulnerable 5 extra days.

On August 5, Microsoft released a cumulative update (KB3081424). This monster update was flagged for Enterprise and LTSB, superseding the previous one and including all the security updates it had plus all the non-security updates as well. Microsoft previously said LTSB would only receive security updates when in fact, this week anyway, it has received all of them, like it or not. And I’ve read several not-like-it reports.

Despite headlines to the contrary yesterday and today, there is no official documentation from Microsoft calling anything a ‘service release.’ Instead, they talk about Windows-as-a-service. In reality, what has happened this week is they bundled patches originally released to some editions, combined them with other updates and rolled out a cumulative update to all editions, regardless of what IT was expecting from the content.

My guess is Microsoft has yet to work out the kinks in their new system. Not only can’t they articulate it for us, they aren’t sure who gets what, when. The confusion is frustrating for sure.

As all good sys admins realize, next Tuesday (08/11) is August Patch Tuesday. We assume Microsoft will push out security updates for users of Windows 7 and 8.1 but at this point, who really knows? There has been so much confusion created out of Redmond lately, we’ll just have to wait and see. And then hope they don’t change their minds. Watch for another post and as always, recommendations for how to proceed, next week.

Posted By: Eric Aarrestad
28 Jul 2015

Last week, Microsoft issued an emergency patch in response to a critical flaw discovered by Google's Project Zero and FireEye. While critical flaws rarely have a silver lining, there’s a big one for Microsoft here. An emergency patch just a week after July’s Patch Tuesday is the perfect outlier for Windows Update for Business (WUB) and 24/7 patching, which will be introduced as part of the Windows 10 launch this week and rolled out to companies in the weeks and months ahead.

Back when Patch Tuesday was first introduced, monthly updates were revolutionary. Today however, as demonstrated by this critical flaw, Patch Tuesday is far from the be-all and end-all of patch management. Indeed, this kind of out-of-band patch illustrates the critical need to update patching practices and tools to provide more continuous patching for Microsoft and third-party apps.

Likewise, it also serves to highlight the immense value WUB represents to the enterprise, as well as how far the industry has shifted since Patch Tuesday first came onto the scene. While it’s been good that we’ve become conditioned to a regular cadence for patch, there remains the significant potential for vulnerabilities outside of fixed cycles. I don’t expect WUB to solve the problem of critical flaws, nor remove the need for emergency patches, but Microsoft and the software industry in general are certainly heading in the right direction.

If you will be moving to Windows 10 soon and have any questions regarding OS migration or what Windows Update for Business means for your company, the HEAT Software team is happy to help. Why not check out some of our recent blogs or get in touch by phone or email.

Posted By: Dennis Drogseth
27 Jul 2015

This is the first of a three-part series on change management. In this blog, I’ll try to answer the question, “What is change management?” from both a process and a benefits (or use-case) perspective. In the second installment, I’ll address best practices for both planning for and measuring the success of change management initiatives. I’ll also examine some of the issues that EMA has seen arise when IT organizations try to establish a more cohesive cross-domain approach to managing change. In part three, I’ll focus on the impacts of cloud, agile, and mobile, including the growing need for investments in automation and analytics to make change management more effective.

Change management processes

Like many words and concepts in English language, especially when applied to technology, “change management” carries with it a wide variety of associations. In terms of the processes established in the IT Infrastructure Library (ITIL), change management is best understood as a strategic approach to planning for change.

ITIL defines change management succinctly as, “ the process responsible for controlling the lifecycle of all changes, enabling beneficial changes to be made with minimum disruption to IT Services.” As such, change management is a logical system of governance that addresses a set of relevant questions, which include the following:

· Who requested the change?

· What is the reason for the change?

· What is the desired result of the change?

· What are the risks involved with making the change?

· What resources are required to deliver the change?

· Who is responsible for the build, test, and implementation of the change?

· What is the relationship between this change and other changes?

But this system of governance doesn’t stand alone. Actually implementing and managing changes requires attention to other ITIL processes. These include (but are not limited to):

  • Service asset and configuration management (SACM) – “ The process responsible for maintaining information about configuration items required to deliver an IT Service, including their relationships.” SACM addresses how IT hardware and software assets (including applications) have been configured and, even more critically, identifies the relationships and interdependencies affecting infrastructure and application assets.
  • Release and deployment management The process responsible for planning, scheduling and controlling the build, test and deployment of releases, and for delivering new functionality required by the business while protecting the integrity of existing services. ” As you can imagine, release management and automation should go hand in hand.

There are other ITIL processes relevant to managing change effectively, including capacity management, problem management, availability management, and continual service improvement, just to name a few. From just this brief snapshot, you might get the (correct) impression that change management in the “big picture” is at the very heart of effective IT operations. If done correctly, change management touches all of IT—including the service desk, operational teams, development, the executive suite, and even non-IT service consumers. This central position makes change management both an opportunity and a challenge.

Change management use cases

Probably the best way to understand the “change management opportunity” is to look at some of the use cases affiliated with it. Effective change management can empower a wide range of other initiatives, from lifecycle asset management to DevOps, service impact management, and improved service performance. EMA consultants have estimated that more than 60% of IT service disruptions come from the impacts of changes made across the application infrastructure—and this estimate is conservative compared to some of the other industry estimates I’ve seen. Having good change management processes and technologies in place is also a foundation for better automation, as well as for better optimization of both public and private cloud resources. And the list goes on.

Even the list below, derived in large part from “CMDB Systems: Making Change Work in the Age of Cloud and Agile ,” is a partial one, but it should provide a useful departure point for your planning—as you seek to prioritize the use case(s) most relevant to you.

  • Governance and compliance : Managing change to conform with critical industry, security, and asset-related requirements for compliance, while minimizing change-related disruptions. This, can provide significant financial benefits including OpEx savings, superior service availability, improved security and savings from avoiding the penalty costs incurred when changes are made poorly.

o Data center consolidation—mergers and acquisitions Planning new options for data center consolidation is definitely on the rise, and mergers and acquisitions often lead to data center consolidation initiatives. Effective change management can shorten consolidation time, minimize costs, and improve the quality of the outcome.

o Disaster recovery – Disaster recovery initiatives may be an extension of data center consolidation, or they may be independent. Automating change for disaster recovery is one of the more common drivers for a more systemic approach to change management.

o The proverbial “move to cloud” The stunning rise of virtualization and the persistent move to assimilate both internal and public cloud options make change impact management and effective change automation essential.

o Facilities management and Green IT This use case requires dynamic insights into both configuration and “performance”-related attributes for configuration items (CIs), both internal to IT (servers, switches, desktops, etc.) and external to traditional IT boundaries (facilities, power, etc.).

o Optimizing the end-user experience across heterogeneous endpoints – Meeting the challenges of unified endpoint management including mobile endpoints, requires a flexible adoption of change management best practices and automation. But the benefits of doing this can be significant—impacting asset management, security, and financial optimization, while increasing end-user satisfaction with IT services.

In the part two of our series on change management, we’ll look more closely at change management metrics, best practices, and some of the more prevalent pitfalls to consider before going proceeding with a change management initiative.

Posted By: Mareike Fondufe
24 Jul 2015

It's no secret that IT assets are incredibly valuable components of the corporate enterprise; yet, while many understand why acquiring these assets is essential, the value of effective asset lifecycle tracking often goes unrecognized. The reality is that corporate IT assets should never be "ignored" once deployed; rather, they must be understood and actively managed throughout their use.

  • When companies fail to track an IT asset throughout its lifecycle, they can:
  • Incur unnecessary additional expenses
  • Be challenged to scale resources easily
  • Weaken their level of customer service
  • Heighten their risk of security vulnerabilities
  • Overlook opportunities to optimize asset performance

However, given the rapid expansion of IT asset accumulation across industries, it's becoming increasingly difficult for companies to effectively track their assets.. For companies with small-to-mid-size IT departments, or even for companies with expansive IT departments, it's challenging to keep up with such a sprawling IT landscape.

It's for this reason that corporations benefit from our HEAT Discovery solution, which offers companies a comprehensive picture of their IT assets in a seamless and efficient fashion. With this knowledge, companies can more easily identify opportunities for optimization and efficiency.

The data generated from the HEAT Discovery solution helps companies maximize savings and expedite implementation, while affording greater peace of mind in knowing the system conducts automatic, ongoing inventory management. And did you know? Effectively tracking your IT assets can reduce hardware and software purchases by up to 50%.

Learn more about how your company can better track all of the assets within its expanding IT infrastructure by visiting our HEAT Discovery data sheet.

Posted By: Dennis Drogseth
17 Jul 2015

In my last blog, I discussed how IT service management (ITSM) roles (and rules) are becoming more operations-aware. The blog examined a number of key game-changers for ITSM, including a growing requirement for shared analytics; the rise (not the demise) of the CMDB/CMS and service modeling; cloud as both a catalyst for innovation and a resource to be managed; and support for enterprise services such as facilities and HR. I also discussed two topics, mobility and unified endpoint management, that I’d like to examine in more depth here.

Mobility is king

OK—you probably didn’t need me to tell you that mobility is critical, but let me place its growing criticality in a more specific ITSM context with a few numbers.

  • 62% of our 270 respondents viewed lifecycle mobile support as “significantly” or “completely” impacting ITSM directions.
  • Mobility is anything but one-dimensional. In fact when we got the data for how actual mobile endpoints are being used by end users and ITSM professionals, the charts looked almost identical.

o 48% of end users and 45% of IT professional usage includes tablets, iPhones, Androids, and other mobile devices.

o 26% of both end users and IT professionals are using a mix of iPhone, Android, or other similar mobile endpoints (but no tablets).

o Only 15% (of end users) and 17% (of IT professionals) say they are not yet focused on any mobile devices.

  • 63% are using mobile endpoints in support of ITSM professionals with the following top-ranked results:

1. Improved responsiveness to IT service consumers

2. Increased IT efficiencies and reduced OpEx costs

3. Improved collaboration between the service desk and operations

  • About two-thirds of our respondents allow end users to access corporate applications via mobile endpoints . And 50% of respondents offer their end users mobile access for ITSM-related requests and other interactions. Of these last, 78% saw “meaningful” or “dramatic” improvements in service delivery.

How unified is unified endpoint management?

Mobile is, of course, part of a bigger picture when it comes to endpoints. And here, our respondents generally favored integration and unified approaches. For instance, concerning mobile management, 58% preferred an integrated application that could support device management, configuration management, and enterprise mobility. Looking at endpoints more broadly, 82% viewed a unified console for managing mobile and traditional endpoints as “important” or “essential.”

When it came to unified endpoint management, the top seven functional priorities were:
1. Understanding software usage
2. License management
3. Software distribution
4. Operating system deployment
5. Patch management
6. Inventory management
7. Security

And the winners were…

So, how did the “extremely successful” map more specifically to questions of endpoint management and mobile empowerment? In my last blog , I mentioned that the extremely successful were twice as likely to leverage mobile for ITSM professionals, four times more likely to offer service consumers mobile support, and twice as likely to offer users access to corporate applications through mobile.

Here are a few additional data points regarding extremely successful priorities as opposed to those who were only somewhat successful, or unsuccessful:

Those who were extremely successful were:

  • Nearly eighteen times more likely to view lifecycle support for mobile users as “completely impacting” service desk operations
  • Three times more likely to have an overarching strategy for managing endpoints
  • Three times more likely to view managing and remediating endpoint issues at the service desk as critical
  • Four times more likely to prefer a single unified console for endpoints

So as you can see, the data here strongly suggests that a more progressive focus on both mobile and endpoint management helps to put ITSM teams in the winner’s circle.

Coming up next

I’d also like to take this opportunity to invite you to a webinar on August 4 entitled “How (and Why) is ITSM Evolving in the Digital Age?” The webinar will allow me to share a broader and more in-depth look at how the service desk and the ITSM team supporting it are changing—as viewed from multiple perspectives, such as different stakeholders across IT and from different company environments, and in the context of key catalysts such as cloud, agile, and more effective business alignment.

Click here to sign up for the webinar .

Posted By: Russ Ernst
14 Jul 2015

In the last Patch Tuesday before users may upgrade their Windows operating systems to Windows 10 on July 29 and subsequently enlist a changed patching process, we have 14 updates to deal with from Microsoft that address 59 total vulnerabilities. Equally as important however are the three 0-days in Adobe Flash Player and an impending 193 new fixes from Oracle, 25 of which will be for Java. Put your summer vacation on hold; it’s definitely a crazy month.

Last week’s hactivist attack on the Italian surveillance firm The Hacking Team, who reportedly sells exploits to anyone willing to pay for them, resulted in 400 GB of stolen data free for the taking. Unearthed in that data dump to-date was three 0-days in Adobe Flash Player. Consequently, first on your priority list this month should be the new update from Adobe, APSB15-18 . This covers off on the 2 newest 0-days in Flash, CVE-2015-5122 and CVE-2015-5213. Reportedly, one is under active attack. The third 0-day,CVE-2015-5119, was patched out-of-band late last week with APSB15-16.

Together, the three exploits impact Flash versions 9.0 through 18.0.0.204 in Windows, Mac and Linux and brings Flash to its 11th update overall in 2015 alone. If you must use Flash, be sure you have the current version, which you can download here. The safer bet however is to uninstall the long-risky media player once and for all. If you use Firefox, you’ll see they blocked Flash entirely this week, in light of the three new 0-days.

Once you’ve updated Adobe, turn your attention to the 14 Microsoft updates, 4 of which are critical this month. If you use IE, MS15-065 should be first priority. Another cumulative update for IE, this patch updates 29 total CVEs in the popular browser. Some are saying one vulnerability, CVE-2015-2425, may come from the Hacking Team hack as well so overall, the release of that data has generally wreaked havoc on all of our systems this month. We will all have to diligently follow this story, continue to patch newly discovered vulnerabilities, and train the troops.

Second, take a look at MS15-070 which patches 8 CVEs in Office and SharePoint Server 2007, 2010 and 2013. One is under active exploit. MS15-077 is also an important one to address quickly because it too is under active exploit. This addresses a vulnerability in Adobe Type Manager.

Once you’ve worked through the Adobe updates and these first three from Microsoft, you should also take a look at Java. They are also dealing with a new 0-day thanks to the Hacking Team, their first since 2013. It involves a separate Windows vulnerability, CVE-2012-015, which Microsoft addressed in 2012 in bulletin MS12-027 . Oracle is planning to release updates today to Java JRE to address 25 total security vulnerabilities, 23 of which can be remotely exploitable.

Lastly, don’t forget July is the last month Microsoft will patch Windows Server 2003. If you look at the 14 bulletins from Microsoft, you’ll see 9 of them affect Server 2003. It’s time to migrate.

Posted By: Anonymous
19 Jun 2015

By Steve Brasen

EMA, Managing Research Director - Enterprise, Mobile & Endpoint Management

It’s time to take a serious look at Office 365. The cloud edition of Microsoft’s broadly adopted business productivity suite – which bundles such popular packages as Microsoft Word, Microsoft Excel, Microsoft PowerPoint, and Microsoft Outlook – has been both heavily praised and heavily criticized since its introduction in 2011. While the adoption rate of the traditional software edition of Microsoft Office is currently in no danger of being overtaken by its cloud-hosted cousin, recent adoption rates for Office 365 have substantially accelerated. Businesses, in particular, have shown increased interest in the cloud-based platform, and many are carefully considering whether to make the transition after existing Enterprise Agreement (EA) licenses expire.

Currently, Microsoft offers a variety of licensing plans for both home and business users of Office 365. However, all Office 365 plans are based on subscription pricing models (i.e., per user per month or per user per year) as opposed to the one-time perpetual licenses offered with Microsoft Office. In November 2014, Microsoft introduced free versions of Word, PowerPoint, and Excel apps for iOS and Android platforms independent of Office 365; however, the licensing agreement for these apps states that they can only be used for “non-commercial purposes” (though I’m really not sure how that could possibly be enforced). Clearly these free mobile editions were made in direct response to the increasing popularity of Google Docs in that particular market. It should also be noted that Microsoft offers a free package of web-based apps, Office Online, which is a lobotomized version of Office and should be avoided at all costs to retain your sanity.

While Microsoft has promoted a number of reasons to adopt Office 365, in my opinion there are only two that really matter: to support enterprise mobility and to reduce costs. Here’s a summary of the benefits of both:

  • Supporting Enterprise Mobility – A single user license for Office 365 will support up to 5 devices of any type. So, users can employ any combination of PC and mobile devices that would enable them to be most productive whenever and wherever they need to read, create, and/or edit documents. Additionally, for its Office 365 customers, Microsoft offers free and unlimited access to its cloud storage solution, OneDrive. While users can still store data on their local devices, any files stored on OneDrive will be accessible by any other devices they use. OneDrive also enables files to be shared with coworkers or to create collaboration environments.
  • Reducing the Cost of Operations – With Office 365, license costs are substantially reduced for users who employ multiple devices. Unlike Microsoft Office, which requires individual licenses to be purchased for every device, Office 365 requires only a single license for up to 5 devices. Additionally, this subscription pricing is more conducive for organizations with fixed budgets (particularly SMBs) and can be substantially cheaper for supporting short-term projects (i.e., those lasting less than two years).

All organizations are different, and a number of factors will need to be considered when deciding if transitioning from locally installed software to a cloud-based solution is right for you. Some of the factors include organization size, industry type, user requirements, regulatory compliance goals, budget restrictions, and the breadth of available IT support. Detractors of Office 365 primarily raise concerns about reliability and performance. For instance, organizations with heavy security or regulatory compliance requirements may be restricted from using applications that host data in multi-tenant environments. Also, while Microsoft claims 99.9% uptime on the hosting environment, unreliable internet and LAN network connectivity could impact the performance of the platform. To be clear, while Office 365 does not require persistent connectivity (as it runs locally on each device), it still requires periodic contact with the cloud-hosted environment and, of course, it is necessary for accessing any files stored on OneDrive. Synchronization issues with Outlook and SharePoint have also been frequently noted by users as challenges to the platforms reliability.

Organizations that do decide to make the leap to adopting Office 365 should be prepared to carefully manage the various licenses adopted for each user. For instance, since each user can assign their license to up to five devices, it is possible that multiple licenses could be assigned to a single device, which is obviously not cost-effective. Additionally, it’s important to know the type of license employed by each user, the length of the license term (monthly or annually), and when the term expires to prevent the business from being charged for any software that is no longer being used.

Taking all these pros and cons into consideration along with your own unique business requirements (and a measure of common sense) should provide ideal guidance on whether it’s time to transition to Office 365. One final note: Don’t be afraid of the cloud simply for fear of change. Cloud-hosted services are neither the ultimate solution nor the ultimate challenge. They simply represent another technology approach to be evaluated – another tool in the belt to be employed when it makes the most sense for your organization.

Posted By: Russ Ernst
09 Jun 2015

This June Patch Tuesday we have a slightly smaller patch load from Microsoft, taking us back to more historic average releases of 8 bulletins. We have just 2 critical patches to deal with and 6 important. While this is good news for those that have their sights set on some summer vacation, this release also makes us wonder how many more of these Patch Tuesday cycles will we have?

Before diving into that, let’s take a look at the job at hand this month, starting with Microsoft. MS15-056 is a critical cumulative update for Internet Explorer addressing 24 CVEs. If you’re using IE, patch it now, please. We see a patch every month for this popular browser for a reason. The bad guys love to exploit it along with all of the other popular browsers like Firefox and Chrome, and in too many instances, they are successful. This month, attackers could force a remote code execution and gain the same rights as the affected user.

Second on your list of priorities should be MS15-059. Although rated as important, it impacts all shipping desktop versions of Microsoft Office. This bulletin addresses 3 vulnerabilities in Office which an attacker can use for remote code execution.

There are other Microsoft bulletins to deal with – including critical MS15-057 that impacts Windows Media Player and grants full user rights to the attacker when a malicious file is played – but you’ll also need to prioritize a vulnerability in Adobe Flash. APSB15-11 is the 8th update of Flash Player this year and updates 13 vulnerabilities that span across Windows and Mac desktops.

Microsoft has announced the release of Windows 10 as July 29, 2015. For a year, this upgrade will be available for free and will continue for the lifetime of any device you install it on – your PC, tablet, or phone. In other words, Windows 10 is reportedly the last splashy OS release we will see. From there, they will continually update your OS with new features and security updates without the fanfare of a new OS version number, without the costly endeavor of testing code and holding on to it until a pre-selected release date. In time, this should result in a simpler, safer computing experience. Until then, we have to deal with a transition of the massive install base of Windows 7 machines to this new Windows as a service.

So what about Patch Tuesday? The release of Windows 10 will change how you push security updates too, maybe. Microsoft has been clear as mud on this process question, to be honest. As described in a Microsoft FAQ , licensed Home users will see updates pushed automatically, as they are ready. This process should get the millions of home machines using Windows updated faster, and that’s a good thing, but what about the patches that fail? Are Home users the unfortunate testing ground? Only time will tell. And while enterprise users will have more choice on when to push updates, how that gets done has not yet been precisely defined.

In reviewing this month’s patch load from Microsoft, we see plenty of legacy software in need of updating. Another thing the new Windows Update for Business does not make clear is how will these systems be updated? Will organizations who choose to remain on older systems receive updates on the typical Patch Tuesday cycle? It isn’t clear yet but one thing remains true. If you can update, you should. Remember, Windows Server 2003 reaches end of life next month. Hopefully you are working your migration plan.

Pages