Even in the best of times, getting the most out of overworked and understaffed IT departments is a challenge. Now that we live in a period of economic uncertainty,
IT departments face the more arduous challenge of having to do more with less.
Symantec’s 2010 State of the Data Center
study provides some insight into how IT is coping. This survey of nearly 1,800 data center managers found that staffing and budgets remain tight, with half of all enterprises reporting they are “somewhat” or “extremely” understaffed. Finding budget and qualified applicants are the biggest recruiting issues. According to the survey, 76% of enterprises have the same or more job requisitions open this year.
On top of that, data center managers are deeply concerned about increased complexity and the need to support too many applications. Most enterprises have 10 or more data center initiatives rated as “somewhat” or “absolutely” important, and 50% expect “significant” changes to their data centers this year.
What’s more, half of all enterprises say applications are growing, and half are finding it difficult and costly to meet service level agreements. One-third of all enterprises say staff productivity is hampered by too many applications.
What does all that mean for IT organizations? For one thing, it means they can ill afford to waste precious staff resources on relatively mundane tasks.
All too often, IT organizations find themselves caught up in a reactive cycle of service and support that is anything but efficient. And what is becoming increasingly clear is that this ad hoc (or “fire drill”) approach to IT support more often than not leads to an IT staff that is demoralized from having to perform the same mundane tasks over and over. There has to be a better way.
This article looks at an approach to delivering IT services that relies heavily on process automation to proactively solve problems and resolve issues before they result in a trouble ticket that can impact end user productivity.
Here’s a statistic to contemplate: Symantec estimates that 90% of data loss incidents could have been prevented if patches had been deployed promptly.¹ You read that correctly. All those data breaches were exploited by vulnerabilities for which patches were already available.
That’s just one reason why Symantec recommends that organizations automate as many IT processes as possible, with an eye towards creating a set of processes for managing core technology assets that frees members of the IT staff to concentrate on more strategic activities that add more value to the business.
In today’s increasingly networked environment, the failure to deploy patches promptly or correctly can cripple an organization, causing mass outages and security breaches. The devastation and costs that can result from an attack on vulnerable systems have made many enterprises realize that they need to gain better control over their approach to patch management.
Of course, there is nothing new about the need to patch software. Software inherently contains bugs that need to be fixed, and software vendors have issued patches for decades in response. But the original intent—to correct program flaws—has been eclipsed in recent years by a torrent of urgent patches to address vulnerabilities that malicious code might exploit.
And the seriousness of this shift can’t be over-emphasized. As the latest edition of the Symantec Internet Security Threat Report
observed, applying security patches continues to be a challenge for many users. The report found that “maintaining a secure, patched system became more challenging than ever” last year. Moreover, many users are failing to patch even very old vulnerabilities.
For example, the Microsoft Internet Explorer ADODB.Stream Object File Installation Weakness was published on August 23, 2003, and fixes have been available since July 2, 2004, yet it was the second-most-attacked Web-based vulnerability in 2009.
The inability to efficiently manage software updates and automate patch distribution can leave an organization vulnerable in other ways as well. IT organizations risk being out of compliance with software license agreements. The potential for an audit of all installations is real if the company cannot accurately account for all software products being used. In the absence of effective license inventory capabilities, IT staff can only guess at what is installed and risk major penalties if an audit turns up more products in use than have been licensed.
Organizations looking to get better value from their IT staff by reducing the complexity and effort required to perform day-to-day endpoint management tasks should consider other areas as well.
For example, helpdesk technicians are routinely required to troubleshoot and remediate problems for end users in dispersed locations. The costs and travel time associated with office visits, technician travel time, and manual installation of applications can be significant. Providing helpdesk workers with remote diagnostics and control and assistance capabilities would enable them to fix client systems without having to visit their desks or disrupt business processes.
With the automation capabilities built into Altiris IT Management Suite from Symantec, administrators can assume a more strategic business role in their organization. IT Management Suite provides complete visibility into IT assets, automates processes, and produces accurate license reports for permanent cost savings and easy vendor audits and compliance.
Symantec customers have automated many time-consuming IT tasks with the automation tools in IT Management Suite. One example is employee on-boarding and termination. Ordinarily, IT has a manual checklist of procedures to follow when a new employee starts, such as issuing and provisioning new assets like a computer. Approvals from managers in various departments usually need to be in place before the process can begin. IT Management Suite automates those steps and the approval process, ensuring reliability, consistency, and speed. When an employee is terminated, IT Management Suite automates the asset reclamation process in accordance with company policies.
So what kind of real cost savings can be realized through automation? Research by The Alchemy Solutions Group has pinpointed some specific areas where automation has helped IT organizations realize business value.
For example, at one U.S. telecommunications company, software patch management, recovery of data from crashed computers, deployment of new software, and imaging of new and rebuilt computers were all time-consuming, manual processes. Altiris Asset Management Solution (part of Altiris Client Management Suite) reduced the amount of time the IT team spends on application and operating system patch management from approximately 40 hours per week for one full-time employee to just four hours per month. The Alchemy Solutions Group projected that Altiris Client Management Suite would generate labor productivity gains of more than $150,000 in just under two years.
At a major healthcare provider based in Houston, the software patch management process is critical to keeping the hospital system’s data center servers and client devices current with updated software and security patches. Since deploying Altiris Client Management Suite and Altiris Server Management Suite in August 2004, the provider has reduced the time spent on patch management for new and re-imaged data center servers from two full-time employees working 20 hours monthly to one employee working one day. This equates to an annual productivity gain of 383 hours.
Similar gains have been realized for PC workstation and laptop patch management, which has been reduced from three full-time employees spending 120 hours monthly to one employee spending 24 hours monthly, for an annual hourly productivity gain of 1,152 hours. The Alchemy Solutions Group projects the improvement in patch management to generate labor productivity gains of nearly $300,000 in just over five years.
At no time in recent history have IT organizations been under greater pressure than they are today. Not only do they have to do more with less, but they must constantly drive down the costs of managing their large, heterogeneous IT environments. More than ever before, IT decision makers need the tools that enable them to make better, faster, and smarter decisions.
In this environment of increasing technical complexity and ever-tightening budgets, IT organizations should seriously consider centralizing and automating mundane tasks that consume valuable resources. At the same time, they must maintain acceptable levels of software and hardware support to protect those assets and ensure internal customer and end-user satisfaction. Ultimately, businesses need to make IT workers more productive by freeing them from low-level functions and enabling them to focus on higher-level activities that help the business grow.
¹ Symantec Internet Security Threat Report, vol. XV