SysAid Blog

Blog Home
Welcome to the SysAid Blog - the place to go to find out where the IT industry is going, and what is SysAid’s role in it.

What’s the Point of Configuration Management?

Posted by on May 20, 2014 in ITIL
Configuration Management – How to do it right! I have been working with a customer who wants to improve their service transition processes, and I came across a situation which I’ve seen too often in the past. The configuration manager was working very hard to maintain information in the service management tool. There were regular updates whenever changes happened, lots of auditing and verifying the accuracy of records, and regular reports showing how well configuration management was working, but nobody I spoke to was making any use of the configuration information. I spoke to a wide range of people in the IT organization, asking them what configuration information they used, and how they accessed it, and they all told me that they didn’t use any of the official configuration information because they didn’t trust it to be accurate, they couldn’t use the tool, and anyway it never had the information they actually needed.
This company had implemented what I sometimes call a "write only database”. They were investing time and money in creating and maintaining configuration information but getting absolutely no value whatsoever from their investment. It is situations like this that result in the bad reputation that ITIL and ITSM sometimes have in IT organizations. People see lots of bureaucratic work but no value coming from it, and they naturally rebel against this. If nothing is done about it then this can result in people starting to lose respect for other service management processes, because they perceive them all to be very similar. It would be easy to mock this situation, but I have seen many similar things in other IT organizations. It’s too easy to get into a position where we focus on the process and the tool, instead of thinking about customers and service outcomes. This is particularly true if a lot of time and money have been invested in the tool and the supporting processes. So how can this situation be remedied? One suggestion was that they improve the process to increase the amount of configuration information that was stored, and make sure it was more accurate. I pointed out that this would make no difference at all. People had given up on using the configuration information, they wouldn’t trust it any more after these increased efforts, and they still wouldn’t be able to use the tool effectively. The improvement plan that I suggested was to:
  • Identify the stakeholders that could be getting value from configuration information
  • Talk to those stakeholders about how they work, and what configuration information would help them to work more effectively and efficiently
  • Document use cases showing how configuration information could be used to create real value for the IT organization and for their customers
  • Use these use cases as a basis for a complete rewrite of the configuration management policy, ensuring that configuration management focusses on how it should be creating value
  • Redesign the process, based on the new policy and the documented use cases
  • Ensure that the tool supports the required use cases, and document how it should be used to implement these
  • Design a communication and training program, based on the use cases, to help people understand how they could use configuration management to help them work better
  • Implement monitoring and reporting, again based on the documented use cases, to find out what value the new process is creating
How confident are you that your configuration information is creating value for your organization? Why not go and talk to the people you think should be using it and get them to show you how they work; you might be shocked by what you find. If you do discover a situation similar to this one then you really do need to stop what you have been doing and start again. Think about outcomes and value creation rather than about populating a CMDB, and you will get much more value from your investment in configuration management. When did you last review your configuration management process to ensure it is creating real value for you and your customers? Image credit

Like this article? You may also like: Continual Service Improvement (CSI) - The Most Important Service Management Process.

Please share your thoughts in the comments or on Twitter, Google+, or Facebook where we are always listening.
Continue reading

If You Don’t Have an SLA, You’re Delivering Bad Service

Posted by on May 13, 2014 in Service Desk
Delivering good service requires an SLA Seems like everybody's talking about Service Level Agreements these days. What's the big deal? Can't we just deliver good service, and not waste all this time with Service Level Agreements? Not if you want to give good service!

Simple Human Nature

Human nature is a funny thing. Remember back to Economics 101 with supply and demand, and all that jazz? One thing I remember very well: human wants are unlimited. Customers always want more. It’s how it works. In economics, it's counter balanced with limited supply, and the tension in the middle sets the price that the market will tolerate. It’s an agreement, if you will. It's no different in delivering IT Services. Did you ever hear that customers want it all, and they want it all for free? Left to their own devices, customers will always want more than IT is able to deliver. It comes down to this - you will never have satisfied customers until you:
  1. Have clarity of what the service is (and is not!)
  2. Agree on Service Level Requirements
  3. Monitor and Report delivery against requirements
This is the basis of a Service Level Agreement (SLA). Keep reading to find out why you have to have an SLA to have good service.

Clearly Define Services

We all know about assumptions. About how, well, you know, how they're not good, and breed misunderstandings? Good service starts with a clear understanding of the service to be delivered. Without clarity, you're fighting human nature to want more than you can deliver. Start with developing a service description by talking with your customers. What do they need? What are the critical requirements? It's a great opportunity to see IT Services through their eyes. You might be surprised what you find out. The goal is to have a straightforward description in plain language. It needn't be lengthy, but should be easy for both customers and IT to understand. Be on the lookout for unstated assumptions. It's important to include enough detail where there's the potential for misunderstandings. There a bit of an art to this. You don't want to come to the customer with a blank page, but you also don't want to come with a jargon-laden document written in legalese.

Agree on Service Level Requirements

Once you have a solid service description, it's time to reach an agreement on the required performance. An SLA must have measurable targets for service levels. Some questions to ask when creating requirements:
  • If the service meets the stated requirements, will the business needs be met?
  • Are there any unstated/assumed requirements?
  • Are there circumstances where requirements may be different than stated (i.e. end of month, holiday season)?
  • Can the requirements be measured?
  • Is the description clear to both the business and IT? (Does it use terms that have different meaning to either?)
With solid service descriptions and agreed service level requirements, you now have a basic SLA!

Monitor and Report

Service metrics are how we know if the service is meeting the agreed-to level of service. Sadly, far too often they are little more than a running history of numbers achieved. Things like:
  • Provisioned and delivered 213 new PCs last month
  • Service Desk took 2,794 calls
  • Average time to create new accounts was 10 business hours (down from 18 last month)
While these are interesting, they do nothing to demonstrate whether services are performing as agreed. What you want instead are metrics that directly address the service requirements in the SLA. Things like:
  • Number and percentage of PCs delivered within 3 business days
  • Number and percentage of calls answered within 2 minutes wait time
These types of metrics show actual performance compared against established targets (i.e. “less than 3 business days”). They directly address what was spelled out clearly and agreed to in the SLA. Keep in mind that business requirements change over time. Just because you are meeting established targets doesn't mean it always will. Don't hold tight to ‘we're meeting the SLA,’ as that's a relationship killer, and a sure way to make very unhappy customers!

Bringing It Together

Here’s a quick example to pull these ideas all together. The business states that they need 90% of all incidents resolved within 4 business hours. A service description is created that describes what services are supported, contact information, and hours of operation. Add a service level requirement to have >90% of incidents resolved in 4 business hours, and you have a basic SLA. Once agreed, service metrics are defined that measure how many incidents are resolved within 4 hours. (It might also be good to show the average resolution time.) At the monthly customer review, the conversation goes something like this: This month 98% of incidents were resolved within the SLA target, with an average resolution of 3 hours (down from 3.5 hours last month.) Well within target; excellent service! Unfortunately, the conversation goes on: “But what about the ABC outage? We were down all day on the last day of the month, and it kept us from making our monthly sales goals! I don't care what your numbers say, you failed us (again).” The stated goal was achieved. So, why isn't the customer happy? Because while most incidents were resolved in target, the most important one - the one that had the highest business impact - did not. The customer assumed we were talking about the important ones, because, to them, it's just common sense. It never occurred to them that we would average high impact outages along with minor PC problems. Rather than standing behind ‘we met the SLA,’ which only infuriates the customer, go back and take a closer look. Where are we lacking in clarity? In this case, it's obvious that some incidents are more important than others. Sound familiar? By defining and getting agreement for an incident priority process, each incident can be given a priority based on business urgency and impact. Metrics can now report resolution by priority, and we get closer to what the business actually wants: All high priority incidents must be resolved in 4 business hours. In our example, the resolution rate drops to 50% for high priority incidents. Now we're not looking so good, but we're seeing it the way the customer does. We can now start having discussions around what we can do to improve. Bottom line is that the business sees we understand what they need, and are working to meet it. What's not to like?

Good SLAs Make Good Service

Without a clear understanding of what the service is, and what level of service is required, you can never make customers completely happy. They will always want more. To give good service:
  • Talk with your customers
  • Clearly define what they need in a service description
  • Establish and agree to service level requirements
  • Measure and report service level performance
  • Continually improve services not meeting requirements
  • Look for changing service level requirements
You need to leverage human nature. Use SLAs to build clarity with your customers. Customers who know what to expect, and consistently get it are happy customers!
Please share your thoughts in the comments or on Twitter, Google+, or Facebook where we are always listening.
Continue reading

It’s All About You – A Huge Thank You to Our Customers

Posted by on May 8, 2014 in SysAid
Customers at the Service Desk and IT Support Show Last week we attended the Service Desk and IT Support Show (SITS) in London, and by far the best thing about the entire event was getting to catch up with so many of our customers at our booth. We were also incredibly fortunate that many of them joined us for dinner in Kensington on the evening of Tuesday 29th April. Whilst other vendors were out partying with the SITS organizers (standard protocol for exhibitors the first night of SITS) we were spending time with those that really matter – our customers.

A Huge Success

The evening was a great success and one that we hope to replicate across the globe in the near future. The informal setting, the drinks flowing, the delicious food, the incredible passion for ITSM bustling round the tables – it was a brilliant night. What I love most about spending time on a personal level with customers is listening to them talk about the challenges they are facing and getting to know what real day-to-day IT looks like. When we understand that, then we can do everything possible to improve their lives. SysAid customers from Guardian and OMNI ISG

Thanks Also to Our Friends

We don’t exist without our customers (nobody in business does), but it’s also important for us to remember who our friends in the industry are and how they help contribute to our success. Whether it be people who simply actively share our articles and insights on social media, people who contribute to our content, or those who just openly share feedback and advice with us – they all make a difference. I therefore personally want to extend my thanks to James Finister and Andrea Kis (TCS), Stuart Rance (Optimal Service Management), and Glenn Thompson (ITSM Review) for taking time out of their busy schedules to join us for a delightful evening with our customers. Service Desk and IT Support Show Dinner

Do You Want to Spend Time With Us Too?

We shall be aiming to arrange evenings similar to this whenever the opportunity arises to do so, but in the meantime don’t forget about SysAid On The Road. Want me to spend the day with you in your offices to ensure that you’re getting the most out of our technology and services? Then please let us know – I would be delighted to come visit you (no associated costs) wherever in the world you may be. At the end of the month, we’re excited to be visiting a customer in Mexico. Next month, in June, we’re heading back to London to visit more customers and then we’re off to Canada and the USA, where we have scheduled visits in Connecticut, Rhode Island, New York and Florida. Then in October, we’ll be in Washington DC, Boston, and Upstate New York. It’s a journey around the world and we love it! Once again, thank you to all our customers – those who saw us at SITS or attended the dinner, as well as all of you across the globe. Remember SysAid loves you. Thanks for being a part of our family. Selfie with Bacardi! SysAid Customer/Friends Dinner at the Kensington Marriott Swag for SysAid friends and customers SysAid Customer/Friends Dinner at the Kensington Marriott
Please share your thoughts in the comments or on Twitter, Google+, or Facebook where we are always listening.
Continue reading

Like a Virgin – ITSM for the Very First Time

Posted by on May 7, 2014 in ITSM
Joe and Dena – Service Desk Show Well I’m finally back in the real world after the whirlwind experience that was the Service Desk and IT Support Show in London (SITS14) last week in London. Whilst it wasn’t the first time that SysAid was exhibiting, it was personally my first visit to the show, and I’m pleased to say that it lived up to the hype. The great thing about SITS is that its free, so even with travel costs from outside of the UK you're likely to find that it's a more cost-effective option for you to attend than other high profile ITSM events. If you haven’t got yourself to an event like this yet, get talking to your manager. The learning experience and opportunity to interact with peers and industry superstars (including Joe the IT Guy of course) is priceless.

Let’s Start With a Low and End With a High

First of all, I need to highlight one downside to this particular event. The busy exhibition hall made it incredibly noisy in the speaker rooms, which meant that it was often very hard to hear the presentations if you didn't get the right seat. Everybody had told me that I was not to miss Patrick Bolger’s session on Reimagining the Role of IT, but unfortunately I did - not because I wasn’t in his session, but because I was sitting off on the side and could hardly hear anything he said. The event is obviously first and foremost an exhibition, and the content comes second, but the content (what I saw of it) is really good – it seems a shame to ruin it by having it drowned out by the likes of us noisy vendors on the showroom floor. I can only hope that this will change as the event moves to a new venue next year.

Key Takeaways

It's hard to provide an overview of all the “ITSM Goodness” (I might need to check if that term is copyrighted by the ITSM Contributor of the Year – Barclay Rae – congratulations by the way) in one article without it turning into an essay, but I’ll do my best to sum up with a few snippets of advice from two of my favorite sessions. Service Desks: Step Up Your Game – Dave Jones, Pink Elephant
  • Officially there are four P’s (People, Product, Process and Partners) but it will serve you well to remember that there is also a fifth – Performance.
  • ITSM must always remember to ask “are we making a difference?”
  • In order to make improvements you need to know what you’re doing now and where you want to be. Only then will you be able to find a quick resolution in the shortest amount of time.
  • Metrics are of course critical to improvement in ITSM, but you need to measure more than just the technical. Do you measure people and performance?
  • When it comes to customer satisfaction rates it will always vary from one company to another, but if your rates are below 70% then alarm bells should be ringing.
Is ITIL Ready for a DevOps Approach? – Kaimar Karu, AXELOS
  • Remember that DevOps is most definitely NOT:
    • A process
    • A job description
    • A piece of software
  • Common goals between ITIL and DevOps are:
    • To increase business value
    • To remove silos that separate the different arts of the organization
    • To enable business to work with IT
  • Key takeways to be gained from this approach:
    • Get rid of silos
    • Get rid of blame
    • Bring pain forward, meaning involving the managers and operations, e.g. if the CIO is on pager duty and gets woken up in the middle of the night, it’s unlikely that he is going to allow that same issue to happen again
  • Cloud benefits:
    • Flexibility
    • Scalability
    • Focus on non-commodity
Kaimar's final words of wisdom were to "automate everything" but that this comes with a caveat - only automate the stuff that it actually makes sense to automate.

The Wonderful Sarah Lahav and Joe The IT Guy

Of course it goes without saying that the best presentation was delivered by SysAid! Sarah and Joe gave practical advice on how to adjust your service desk to BYOD. Rather than provide you with an inadequate overview that won’t do the double act justice, I suggest we wait for the live video that we will be publishing in the coming weeks. Stay tuned! SysAid Dream Team at Service Desk and IT Support Show

We Had a Blast

The event was a huge success for SysAid, and in particular I personally loved my time working at the booth. Nothing in the world of ITSM beats talking with IT professionals about their challenges, goals, aspirations, etc, regardless of whether or not they are interested in our technology. It was also an absolute delight to finally meet some of my ITSM heroes in person, like the lovable and effervescent Andrea Kis, her funny and smart colleague from Tata James Finister, fellow Yankee with a twang Daniel Breston, the always stylish Kaimar Karu, the seasoned moderator and creator of ITSM Goodness Barclay Rae, the most awesome guy in India (and maybe the whole world) with the biggest smile Suresh GP, and of course the man I most adore besides my husband ;) who truly knows how to explain ITSM and ITIL simply and logically - Stuart Rance (always a pleasure, sir!) To the entire SITS team (and in particular Laura Venables – we are so sad that you are leaving) thank you for putting on a brilliant event. I’m already working on my bribery plan to ensure that the SysAid team brings me along next year (the weather in the UK should be better in June right?). Save the date now for next year’s event. It's on 3-4 June 2015 at Olympia, London.
Please share your thoughts in the comments or on Twitter, Google+, or Facebook where we are always listening.
Continue reading

How to Take Your Help Desk Career to the Next Level

Posted by on May 5, 2014 in Service Desk
How to Take Your Help Desk Career to the Next Level Did you know that the recruitment of skilled labor in specialized areas like information technology has become highly competitive? According to a recent CareerBuilder study, IT is one of the fastest-growing and highest-paying jobs this year. For rookie IT workers, the help desk can be a launching pad for a rewarding career in IT. Help desk employees must balance customer service skills with technical know-how, and learn business processes and crisis management alongside technical hardware and software skills.
This unique combination makes the help desk a true roadmap to a promising career, teaching inexperienced IT professionals the diverse skills they will need as they advance in their careers. Below are a few of the skills you’ll need to perfect in order to make the transition from help desk to senior-level IT:
  • Customer service aptitude: The help desk teaches soft skills such as patience, communication, conflict resolution, and leadership as well as hard skills such as troubleshooting, applications, and operating systems. These skills are a requirement for almost every job a help desk technician might advance to down the road.
  • Tech Savviness: As a help desk technician you learn an array of valuable technical skills, such as opening and closing tickets, tracking and organizing customer issues, and utilizing Web-based tools. However, in order to take your career to the next level you have to continue your training and earn certifications and credentials. For example, finish off your CompTIA A+ certification
  • Crisis management abilities: People often call the help desk in a panic, and count on technicians to calm them down and walk them through resolving the issue. Learning to keep your cool in tough situations is a skill that will undoubtedly serve you throughout your career.
As with any entry-level position, your experience working the help desk is what you make of it. Savvy help desk employees leverage their position to gain knowledge, skills, and credibility that will help them advance up the ladder to senior help desk positions, management, or other areas of IT. Best of luck in climbing the corporate ladder!
Please share your thoughts in the comments or on Twitter, Google+, or Facebook where we are always listening.
Continue reading

Defining Metrics for Change Management

Posted by on April 28, 2014 in ITIL
Ideas of change management KPIs I was working with a customer recently and they asked me what key performance indicators (KPIs) they should use to measure IT change management. After thinking about this for a while I offered them some suggestions, and I’m going to share them here, because the ideas may be useful to other people. Please don’t just copy the KPIs that I suggested for this customer, but look at the way we derived them and think about what you need to measure. The first thing to do when you are thinking about KPIs is to decide what they are for. Who are the stakeholders for any reports that you will generate? In this case we wanted to measure the effect of process improvements that we were planning. The reports will be used by the change manager, the IT operations manager, the project management office (PMO) and the service level managers.
We spoke to the various stakeholders, to understand what was important to them and identified four critical success factors (CSFs) for change management. These CSFs were:
  1. Protect the business from the adverse impact of IT change
  2. Facilitate the rate of change that the business needs
  3. Provide knowledge and information about new and changed services needed by IT and business staff
  4. Make efficient use of IT resources
Your critical success factors may be very different to these, but you should be able to come up with a list that works for your stakeholders. Another good starting place to help you think about CSFs is the examples in the ITIL Service Transition book (but don’t copy these either). The CSFs don’t have to be directly measureable, it is more important that they are words that the stakeholders agree with, and that summarize the outcomes they want from the IT change management process. The next step is to identify up to 3 KPIs that could help to demonstrate that you have achieved each CSF. The KPIs won’t “prove” that you achieved the CSF, but they will help to indicate how well you are doing against that CSF. It’s quite acceptable to have the same KPI for multiple CSFs, and it’s important not to define too many. While we were thinking about change management KPIs we realized that we needed better data about change success. Every change was being marked as successful unless it had been backed out, but this didn’t give us the information we were going to need to establish our CSFs. We decided to evaluate each change based on:
  • Was the changed fully implemented, without needing to be backed out?
  • Did change implementation use the time and resources that were predicted?
  • Did the change cause any incidents?
  • Did the change deliver the results that the customer expected?
This resulted in us defining a number of change closure codes, to distinguish between changes that fully succeeded and those that had one or more issues. We also added a new incident closure code to indicate when an incident was caused by a change. We could now define KPIs to support our CSFs. CSF1 - Protect the business from the adverse impact of IT change
  • Reduced number and percentage of changes that cause incidents
  • Reduced total business impact of incidents caused by changes
CSF2 - Facilitate the rate of change that the business needs
  • Increased number and percentage of changes that used the predicted time and resources
  • Increased number and percentage of changes that delivered the results the customer expected
  • Increased satisfaction rating for change management from PMO and from end customers
CSF3 - Provide knowledge and information about new and changed services needed by IT and business staff
  • Increased percentage of changes that provided knowledge articles for the service desk
  • Increased satisfaction rating for change management from IT staff and from end customers
CSF4 - Make efficient use of IT resources
  • Increased number and percentage of changes that used the predicted time and resources
  • Reduced number and percentage of urgent and emergency changes
This resulted in a fairly small number of KPIs to measure and report, which were focused on what the stakeholders cared about, and could be used to help us understand the effect of process improvements that we were planning. When did you last review the KPIs you use for change management? Why not review your change management KPIs and reporting and make them more valuable for you and your stakeholders? [Image credit]

Like this article? You may also like: Defining Metrics for Problem Management.

Please share your thoughts in the comments or on Twitter, Google+, or Facebook where we are always listening.
Continue reading

What Is SysAid’s Service Level Agreement?

Posted by on April 23, 2014 in SysAid
SysAid’s SLA: Bronze, Silver, and Gold Support Lineup My customers ask me this question all the time – what is SysAid’s SLA? Up until recently my answer was always, “We don't have an official SLA but we strive to reply within 24 hours." Today, I am thrilled to change my answer because now SysAid does have an official SLA!!! Countless hours have been spent in meetings, planning, rethinking our work processes, changing the way we answer phone calls and chats, fixing replies to emails, creating new routing and escalation rules, adding new functionalities by using the new Email Rules feature, and much more. All our investment in this reform was done in order to bring a better service experience to our customers.

Introducing SysAid’s Bronze, Silver, and Gold Support Lineup

We divided our customers into three SLAs: Bronze, Silver, and Gold. The customer's SLA is determined by their license value, including the SysAid edition, number of admins, and number of assets. Internally, within Customer Relations, we completely reorganized the department according to the new SLA, and now we have four separate teams: Bronze, Silver, and Gold who are dedicated to service the customers in their respective SLA, plus the Cloud Infrastructure team of course. We’ve been working within the new structure for a few months already, learning and adjusting the work process all the time. From this experience, we came up with the following:
  • Bronze customers usually need more tech support than account management so that is why we decided to allocate to all Bronze customers a team of support engineers to provide quick and effective support. With the help of Professional Services, we developed a round-robin mechanism that assigns the new SR to the next available support engineer at any given point in time.
  • Silver and Gold customers will have a dedicated account manager who will be in charge of all aspects of the account: tech support, administrative issues, coordinating activities with Professional Services if needed, and basically cater to all the customer needs from the beginning. This means help with the initial setup, implementing different modules, and providing support advice when needed.Gold account managers will have half the number of accounts to manage than a Silver account manager giving them the ability to provide a much more personal service…I would allow myself to even say - an intimate relationship with each customer.
  • SysAid Panic Button - App for Gold customers only. We asked one of our mobile developers to write an app for iOS and Android devices that will allow you to alert your account manager (or someone from the team) 24x7, when you have a Priority 1 crisis. SysAid Panic Button app
  • We added the ability for customers to self-escalate the priority of submitted SRs. On the new SR notification that you receive (each time you send an email), if the SR is not already in Priority 1 then you’ll get a link that allows you to escalate the priority to Priority 1.Note: We have a very precise definition to Priority 1, so using this new feature does not automatically mean that the SLA for Priority 1 will be enforced. What is Priority 1 is detailed in the SysAid SLA.
With this new SLA all our customers are winners :-).

UPDATE July 7, 2014: SysAid Support got even better with the new Business Services team. Read all about it here.

Please share your thoughts in the comments or on Twitter, Google+, or Facebook where we are always listening.
Continue reading

How to Manage a Tech-Savvy Workforce

Posted by on April 22, 2014 in General IT
Managing millennials in the workforce Look out baby boomers, the millennial generation is taking over the workforce. In fact, millennials will make up 75 percent of the global workforce by 2025. These are the individuals born between 1982 and 1993 who love technology so much that they would rather have access to social media than a bigger paycheck. Having grown up learning about technology, millennials quickly adapt to new trends and emerging technology – something that is quite beneficial for businesses that want to remain on the cutting edge.
Millennials have vastly different expectations for the workplace compared to baby boomers, so it’s important to meet their unique needs and create a workplace environment in which they can flourish. Below are some tips on how to do this:
  • Implement collaboration tools: Millennials are social by nature, meaning they prefer collaborating with others to get tasks done. Encourage collaboration by implementing tech tools such as instant messaging, videoconferencing, Skype, and Google Hangouts.
  • Let employees choose what device they use: Allowing millennials to work with the devices they are most familiar with will help improve productivity and increase engagement. In fact, research states that employees are more comfortable with their personal device, which in turn makes them more productive. So you can see how enabling a BYOD (bring your own device) environment can be valuable to your organization.
  • Ask for input and listen: Millennials tend to keep a finger on the pulse of the latest innovations. Take advantage of their knowledge and ask for their input on the best ways to implement new technology.For example, Evernote – a very popular business app these days that allows employees to store everything from photos to web pages to notes, PDF files, and audio clips – could be beneficial for employees that need to access important documents while on the go or at a tradeshow.
  • Institute a flexible work schedule: A structured workplace doesn't sit well with millennials. Give them flexibility they want by employing technology, such as remote desktop, that allows them to work anywhere, anytime from any device. Or give them the option of working remotely two to three times per week.
It’s clear to see that this new generation of tech-savvy employees needs a different managerial style. Now it's up to you to decide what works best for your company. Tell us… how do you manage your millennial employees?
Please share your thoughts in the comments or on Twitter, Google+, or Facebook where we are always listening.
Continue reading

9 Ways ITAM Can Empower IT

Posted by on April 16, 2014 in Asset Management
ITAM is the trusted advisor, whispering in the CIO’s ear. IT Asset Management (ITAM) is the discipline of managing IT assets throughout their lifecycle. If IT Service Management (ITSM) is primarily concerned with efficient delivery of services, then ITAM is primarily concerned with managing the costs and risks of using the IT assets that underpin services. Like ITSM, ITAM should be considered an on-going commitment and practice rather than a short-term project. It is important for the disciplines of ITAM and ITSM to be aligned within the IT department since most lifecycle stages of an asset are delivered or in some way interact with the Service Desk. ITSM is the source of asset changes; by working close together with ITAM the organization can ensure the risks associated with changes can be proactively managed.
A good ITAM practice enables IT departments to make smarter decisions, demonstrate value, and help reduce nasty surprises. In this article we explore 9 key ways ITAM can empower the IT department: 1. Smarter Decision Making ITAM is the trusted advisor, whispering in the CIO’s ear. Better knowledge about what is being used, what is being spent, and what risks exist can allow IT decision makers to make informed decisions based on facts. For example, at the highest level, if the CIO has to manage the merger of two IT departments during an acquisition, good data from ITAM allows the CIO to take stock and make decisions based on fact – not fiction. 2. Efficient IT Spend Are we using our IT spend efficiently:
  • How much did we spend on IT last year? Did we spend it wisely?
  • Are we making best use of everything we own?
  • How much money are we spending with each supplier? Are they the right suppliers?
  • Where are the machines located that have come to the end of their lease?
  • What assets are associated with this maintenance contract that is due for renewal? Do we need to renew it?
  • How much will we spend on IT this year? Are we getting the best bang for our buck?
ITAM provides the answers to these questions and much more. 3. Preparation Prevents Poor Performance (PPPP) Trustworthy ITAM data can underpin the preparation and delivery of new IT projects and upgrades. Operating system migrations, new application deployments, and hardware refreshes can all benefit by good real time data about current configurations and asset status. For example, preparing a move to Windows 8 can be a lot easier if we can see which machines are ‘capable’ of using Windows 8 in our environment before we even begin the project. 4. Forensics and Proactive Security Monitoring A well-maintained repository of IT assets allows organizations to track installs, moves, and changes and see if they agree with scheduled changes and IT policies. A good asset repository will also allow you to keep a history of changes for future reference. Security teams can harness ITAM data to support other security practices and identify unwanted behaviour, unwanted applications, or unwanted users on the network. 5. Supercharged Support Desk This one is a no-brainer. In simple terms - the more we know about the user and their IT assets, the quicker we can resolve their issue, period. IT support staff can resolve support calls quicker when they have up to date information regarding IT assets (not based on ancient spreadsheets) and accurate data to support their diagnostic processes. 6. Lower the Risk in Change Management Good ITAM data can be called upon to reduce risks and mistakes in the change management process. For example, a request for change to a server might be approved from a delivery of service, security, and configuration management point of view – but will that change trigger an enormous licensing cost that will severely impact budgets? 7. Streamlined Service Request Process If a service request portal for end users is the shop window for IT, then ITAM data is the inventory and stock management for the shop. The ITAM repository should be unified with service requests to ensure costs are contained, stock is managed efficiently, and users are supplied with the correct software and services. 8. Proactive Problem Management If service desk administrators identify an issue being caused by a specific configuration, they can make use of ITAM data to identify users or devices that have a similar configuration and take proactive steps before the user even knows they have an issue. This is especially useful for users and devices that fall out of the scope of high-end services and systems likely to be managed in a CMDB. For example, if a user experiences issues with using an application due to a service pack being applied – support staff can quickly identify who else has had that service pack applied and take proactive steps to reduce service issues. 9. Avoiding Nasty Surprises – Containing Compliance Risk Finally, last but by no means least – ITAM helps us contain our compliance risks. Any hardware, software, or services we introduce into the business come loaded with regulations, use rights, and contractual terms. Even freeware and open source software has limitations to use and legal obligations to manage. All these items should be treated as assets and managed throughout their time in the business – from initial request through to retirement, destruction or transfer of ownership. Mismanagement of IT assets can lead to poor delivery of services, wasted budget, fines, and bad press. For example, even the simple act of buying a desktop PC for a business carries risk – the worst-case scenario is that the desktop PC ends up in a landfill site carrying company data – a loaded gun of compliance risk triggering data protection, information security, green waste regulation, and so on.

The Foundation of Good IT Management

ITAM practices allow you to understand what you have, where it is, who uses it, how it is configured, how it is used, and the value it is providing to the business. Start practicing ITAM principles today and gain control of costs, reduce risk, and enable smarter decision-making. Image credit
Please share your thoughts in the comments or on Twitter, Google+, or Facebook where we are always listening.
Continue reading

CVE-2014-0160

Posted by on April 10, 2014 in General IT
Heartbleed Security The last few days have been all about the OpenSSL Heartbleed vulnerability, officially called CVE-2014-0160. Many of you surely heard about it, read about it, and talked about it, but did you really understand what all the noise is about? TechCrunch published: Massive Security Bug In OpenSSL Could Affect A Huge Chunk Of The Internet, and IT News reported on a serious issue at the Canada Revenue Agency. Why is this specific security breach getting so much exposure compared to others? Well, to get a better understanding of what exactly we’re talking about I believe it’s first important to understand what is OpenSSL - as most of you probably have no clue what is it or you believe you don’t use it.

So what is OpenSSL?

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.

Are you using OpenSSL?

Good question. Are you using Nginx? Apache? VPN? SMTP/POP/IMAP? Network Appliances? XMPP? Even if you aren’t using OpenSSL directly, each of these services could be using the OpenSSL library, and this makes you exposed. Now what’s all the noise about Heartbleed? Well, the Heartbleed bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows the stealing of information, which is protected under normal conditions by the SSL/TLS encryption that is used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM), and some virtual private networks (VPNs). The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users, and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users, and to impersonate services and users.

Why is this vulnerability getting so much exposure?

Well the nature of most vulnerabilities is that a trace is left somewhere along the way allowing you to recognize whether you’ve been exploited or not. Heartbleed leaves no traces of anything abnormal happening thus making it impossible to detect exploited systems, which is why it’s so dangerous.

So what should you do?

  1. Make sure your system is patched to the latest version of OpenSSL.
  2. Since you can never know whether you’ve been exploited by Heartbleed, a good recommendation is to regenerate your private key and certificate, thus information encrypted using this new key will not be de-encrypted using your old stolen key.
And for those of you using SysAid cloud services, you can sleep quietly at night knowing we already did both!
Please share your thoughts in the comments or on Twitter, Google+, or Facebook where we are always listening.
Continue reading
Subscribe
Watch & learn from industry experts about ITSM and help desk hot topics!