Ivanti Blog: Posts by

The Rise of Experience-Level Agreements (XLAs) in Practice: A Deep Dive into ITSM Transformation

Fri, 21 Nov 2025 15:17:59 Z

For decades, the backbone of IT Service Management (ITSM) has been the Service-Level Agreement (SLA). While effective for tracking the nuts and bolts of IT delivery, SLAs have one critical blind spot: they say little about how users actually feel about their IT experiences.

This is where Experience-Level Agreements (XLAs) and Digital Employee Experience (DEX) fill in the rest of the picture. They provide a new paradigm that's rapidly gaining traction, promising to transform ITSM by focusing on the human experience behind the numbers.

But what exactly are XLAs and how do they differ from traditional SLAs? Moreover, how does Digital Employee Experience factor into successful XLAs?

What are XLAs?

Experience-Level Agreements are a set of metrics and commitments designed to ensure that the end-user experience is consistently positive and meets (or exceeds) expectations.

While you should use XLAs and traditional SLAs in tandem, the latter focuses on technical performance and uptime. XLAs prioritize the user's overall experience, including factors like ease of use, responsiveness and emotional satisfaction.

By focusing on the user's perspective, XLAs help organizations align their services with user needs, driving satisfaction and loyalty.

Understanding how SLA, XLA and DEX work together

XLAs, SLAs and DEX work in tandem to provide you with a 360-degree view of your technical and user experience metrics.

	Description	Example metrics
Service-Level Agreements (SLAs)	A contractual agreement between service providers and customers that define the expected service quality, availability and responsiveness. SLAs focus on technical metrics.	Uptimes. Response times. Resolution rates. Etc.
Experience-Level Agreements (XLAs)	A contractual agreement between providers and customers that focuses on end-user experience, measuring the quality of service from the user's perspective. XLAs include not just technical performance, but also factors like usability, accessibility and overall satisfaction.	End user satisfaction score. Net promotor score (NPS). Digital experience score (DEX).

Unlike SLAs and XLAs, Digital Employee Experience (DEX) is not another type of agreement. DEX refers to the quality of digital experiences employees have while performing their job functions. It encompasses the technology, tools and digital environments they interact with daily.

Based on their experiences across these tools and environments, a DEX score is created (which is measured as part of the XLA). A positive DEX is crucial for employee productivity, engagement and overall job satisfaction.

How DEX enables successful XLAs

Digital experience analytics are an important metric in the success of XLA's. By ensuring that employees have a positive digital experience, organizations:

Improve productivity — When employees can work efficiently and effectively, they're more likely to deliver excellent service to customers.
Enhance customer experience — A positive DEX often translates to a better customer experience, as employees are better equipped to meet customer needs.
Drive business outcomes — By focusing on DEX, organizations can drive business outcomes, such as increased revenue, reduced costs and improved competitiveness.

Best practices for implementing XLAs

Implementing XLAs requires a careful, strategic approach to ensure that you not only measure user satisfaction effectively, but also drive meaningful improvements in service delivery.

By following the best practices below, organizations can successfully integrate XLAs into their operations and foster a culture centered on positive user experiences.

Define clear user experience metrics: Identify the key metrics that you will use to measure user experience. These should be specific, measurable, and aligned with business goals.
Leverage technology: Use advanced analytics, AI and machine learning to gather and analyze user data. These tools can help identify trends and areas for improvement. DEX tools enable you to gather and measure your IT experience across devices, users and the organization.
Engage users: Regularly collect feedback from users through surveys, feedback forms and testing. This provides valuable insights into their needs and preferences. Ensure that surveys utilize AI to identify and highlight sentiment.
Train and empower IT teams: Train your IT teams in user experience principles and give them the autonomy to make decisions that improve the user experience.
Continuous improvement: Treat XLAs as a living document. Review it regularly and update it based on user feedback and changing business needs.

Challenges and lessons learned

Implementing XLAs isn’t just about new tools — it's a mindset/cultural change. Common hurdles include:

Defining experience — What counts as a “good” experience? It can be subjective and varies across roles.
Cultural buy-in — XLAs need sponsorship from leadership and buy-in from front-line IT teams.
Continuous improvement — XLAs aren’t static. They require regular review and recalibration as user needs evolve.
More than surveys — Surveys are just one method of measurement. Ensure that DEX tools are enabled to capture real technology metrics.

Organizations leading the XLA charge invest in regular feedback loops, co-design goals with business units and link experience outcomes directly to ITSM performance reviews.

The future: Why XLAs matter

In practice, XLAs and DEX are more than buzzwords — they’re the next evolution of service management. As technology becomes ever more entwined with business success, experience is the product. IT teams empowered by XLAs move beyond “keeping the lights on" to driving employee engagement, customer loyalty and strategic differentiation.

For any organization focused on ITSM transformation, embracing XLAs means listening harder, acting faster and thinking bigger about the real purpose of technology: enabling people to do their best work.

Read the Digital Experience Report to understand how DEX impacts productivity, satisfaction and retention.

Is Your ITSM Environment Ready for Agentic AI? Probably Not (Yet)

Wed, 16 Jul 2025 16:01:36 Z

Agentic AI is making waves across various industries, and its potential to transform ITSM is undeniable. With all the talk about agentic AI capabilities, you are probably daydreaming about streamlining ITSM processes through automated incident management, automated change risk analysis, improved efficiency through service desk automation, or enhanced service quality with predictive maintenance. But you also may start to wonder: How real is all of this? Is my organization truly ready for agentic AI?

I would suggest that for most organizations, the answer is no!

Don't get me wrong; organizations are listening to the conversation and are keen on the potential long-term benefits. And some may indeed be ready for to implement agentic AI properly.

Ambitious, but underprepared: why most organizations aren’t ready for agentic AI

The reason I doubt that organizations are adequately prepared is that for agentic AI to function optimally, you require good clean data, seamlessly automated workflows that are well defined, and comprehensive flexible integration across all systems intended for agentic AI operations.

We see the importance of clean, integrated data in the acquisition of data management companies by other tech vendors, notably Salesforce and Informatica. Reconciled, normalized data gives AI agents the best possible intelligence to work with so they can provide the best outcomes and most accurate information.

You should always consider: How will AI agents benefit you and your organization? Can your journey to autonomous work be achieved through workflows? Even Anthropic, a leader in the AI space talks about using the simplest solution possible and only implementing AI agents for complex requirements. In some cases, agents are not only more costly but also less efficient than pre-built workflows.

Preparation today, agentic AI tomorrow

As you consider pursuing agentic AI, there are several factors to examine. With planning and preparation, you can be successful, and this checklist will help guide you on your journey.

Planning

When you start your journey to agentic AI, clearly outline your goals for introducing agentic AI into your service management environment while ensuring that they align with your overall organization's goals. Some common objectives are:

Reduce the workload on IT staff by automating repetitive and time-consuming tasks.
Improve the speed and accuracy of incident resolution.
Enhance the end-user experience with seamless automated request fulfillment.

With your goals defined, what does success look like, and how will you measure it? These will vary based on your expectations and defined goals, but some common metrics could be:

% of tasks successfully automated by AI.
Decrease in errors within tasks handled by AI compared to manual tasks.
User satisfaction score (CSAT).
% of users opting for AI-driven self-service solutions.
Reduction in the average cost of resolving a ticket with AI.
% of incidents escalated to human agents after AI intervention.

Related content: AITSM: How AI Is Redefining IT Service Desk Automation, part of Ivanti’s Digital Employee Experience Research Report Series

Data preparation

Within the context of service management, there are many sources of data that may be required, including sources that are purely ITSM-related, such as a CMDB or asset repository. As you move towards the wider enterprise, you may also need data from CRM, HR, facilities, finance or other departments.

Regardless of where you are getting the data from, you need to consider the following:

Is your data quality reliable? Is the data consistent? How accurate is the information? Is there a more trusted source (or master) that should be considered as the default? Often data is inconsistent across multiple systems, making it harder for an AI agent to make well-informed decisions.
How accessible is your data? How many different data sources are there, and will integration via APIs be required? Are the data sources up to date?
Is your CMDB ready to be used by agentic AI? Do you have critical CIs in your CMDB, and more importantly, how up to date are the relationships and the information?
Are you required to adhere to data privacy compliance? Do you need to adhere to data protection regulations such as GDPR, CCPA or others? It is possible that regulations may demand that you anonymize sensitive data and keep it within country.

Defined workflows and automation

Not only is having high-quality data vital, but having good, functioning workflows to drive tasks is a critical component of successful agentic AI. In some cases, your existing workflows can be repurposed for use within an agentic AI process; however, some workflows will need to be modified to meet the request/response requirements of an AI agent.

Some things to consider for workflows:

Are your workflows able to be used by AI agents? Your existing workflows may not be structured in the most effective way for AI agents to utilize the entire workflow to deliver accurate results.
Will the workflows only be working with data within your organizations, or will it need to access external data sources? When accessing external data sources, what security measures are in place to ensure the security and accuracy of the data within the responses?
Ensure all agent AI and related workflows have audit trails enabled, so you can log and monitor AI actions and decisions. This ensures the correctness of the AI and can be used in the event of compliance or security issues.

Governance and compliance

Earlier we discussed compliance requirements for data and the need to meet regulatory or statutory requirements. Governance and compliance must also apply to the entire AI ecosystem within your organization to deliver responsible, secure and trusted responses and actions.

Here are a few things to consider:

Define policies for how AI is to be used within your organization and assign people or teams who are accountable for protecting the data and evaluating ethical considerations.
Ensure that regulatory or statutory compliance standards are understood across the entire AI workflow and met. For example, if an AI agent requires access to health-related data and data collected from European users, then you would need to consider both HIPAA and GDPR.
Identify potential risks throughout your environment and meticulously mitigate those linked with the AI deployment.

Testing and validation

Start your journey to agentic AI in a controlled environment. Set up a pilot program to test the functionality, ensuring you measure against your goals and gather feedback from users. It is important to have a continuous improvement program in place for adjustments and enhancements. Be patient, as good results may take time as the AI learns and adjusts. Always monitor and adjust as required and define a process for handling issues or failures.

Agentic AI is an evolution, not a revolution

Discussion around AI is everywhere, and while there is a lot of interest from organizations, many are still rightly cautious about how to proceed and what is best for their organization. As we have seen over the last few years, AI has progressed very quickly from generative to agentic. Keeping up with emerging technologies and planning for future enhancements is vital.

Ivanti is well positioned with AI capabilities that can enable you to grow. Find out more about what Ivanti can offer for your AI journey.

3 Keys to Evolving Toward Enterprise Service Management

Mon, 02 Dec 2024 21:58:37 Z

With businesses scaling up operations amid the increase in remote work, extending IT services across business units to HR, Facilities and beyond is essential.

Enter enterprise service management (ESM), extending the proven principles of IT service management (ITSM) across various departments and functions within an organization.

The benefits of ITSM

Ivanti’s experience with ITSM offers clues to the benefits that ESM can spread across an organization.

30%

faster ticket resolution with automation and improved workflows.

20%

improvement in resolving issues on the first contact.

50%

reduction in tickets by empowering users with self-service options.

Properly managed ITSM creates efficient standardization and commonalities within processes and assets. These can include the IT services catalog, knowledge management repository, forms, reviews and approvals and self-service portals.

Why evolve to ESM?

With the success of ITSM, it makes perfect sense to extend its benefits to other parts of the organization. ESM goals are very similar, if not identical, to those of ITSM:

Simplify access to services: Improve operational efficiency using simplified workflows and streamline access to services and support by removing complexity.
Engage employees anywhere: Streamline self-service to enable employees across any digital experience and remove barriers for employee engagement.
Support hybrid work: Enable support for employees regardless of location. Automate and simplify processes to facilitate work from the home, office or remote location.

Begin with a solid ITSM foundation

To evolve toward ESM, start with a firm foundation in ITSM best practices. Only once you’ve optimized core processes can you be sure you can explore expanding that success into other business areas.

It's not effective to promise solutions to other units if the IT department is known for not delivering on time or if users encounter constant digital employee experience (DEX) issues. Additionally, some employees are simply reluctant to change their processes, especially if they believe their current methods are working well. They might not see a need to seek external help; sometimes, it's easier for them to do nothing.

Is ESM really needed?

When looking at a specific organizational unit, are you positive they need ESM?

To answer that question if you’re an IT manager, ask yourself: How do you currently interact with the department(s) in question, such as HR or Facilities? Do they have multiple locations? Are interactions only via email? How long do they take? How much visibility is there into processes? And in dealing with them, how does it make you feel?

Some complimentary questions that should be asked on the line of business (LOB) side: How does a manager know a team’s workload? How is work prioritized? Are communications recorded and audited? What workflows are automated? How do teams conduct handovers? How is service delivery measured?

Answers to these questions will tell you if you should move forward with ESM.

Keys to ESM adoption

If ESM implementation is warranted, observe these key steps:

Start simple

New ESM users within a different department might have to be gradually acclimated to the new tools being provided, so begin with these foundational functions:

Segregate email intake: Make emails automatically generate a case or query; this is readily accomplished using a full-featured ESM solution.
Build reporting and dashboards: This not only provides visibility into processes so users can identify and address issues, but also lets them track performance against KPIs to justify expanding services and promoting ESM adoption to other units.
Knowledge management and policies: This is the stage where it makes sense to put the right systems in place to record (and share) how issues are remediated and what best practices should be followed.

Evolve ESM capabilities

Once ESM has proven its value and gained traction with its new users, then:

Implement self-service: “Shift left” is eminently desirable in ESM, too, so provide tools such as a self-service portal where everyone in that unit or department can access a knowledge base that’s specific to their group or submit requests.
Automate: Automating basic or oft-repeated responses will cut costs, minimize errors and accelerate remediation. Analyze incidents within each business unit to find its specific common cases that should be automated: HR and Facilities, for instance, won’t have the same issues.
Set up chat: Users should be able to request a chat session with a live analyst via the self-service portal.
Establish SLAs: In extending ESM to different business units, establish SLAs specific to that unit so there are clear expectations, service standards and objectives.

Integrate

Integration is key, especially when it comes to seamlessly aligning HR, Facilities and IT systems. A good ITSM/ESM solution should offer integration platform as a service (iPaaS) tools that make it easy to connect with enterprise systems that include:

HRMS
Payroll management
Employee onboarding
Other LOB systems

Use their terminology

Understanding the unique terminology and requirements of different business units is vital. Don’t throw IT jargon at them; use language they’re familiar with. An HR staffer might want to open a “case,” while a Facilities worker will think in terms of a “work order.”

Tailoring communication fosters better buy-in and engagement and helps prevent the wrong lingo from confusingly popping up in their forms and processes.

Know their services

To help them enable better service delivery, it's crucial to wrap your head around their service offerings. One action you’ll need to take is to build a service catalog that contains a centralized list of all ESM services available to employees of that business unit, clearly organized and presented.

Prioritize the services listing so the most important or commonly requested services are first and users won’t have to search for them.

A strategic move: Begin with HR and Facilities

These departments typically have a wide variety of service needs that can benefit from ESM. Each deals with a diverse assortment of needs that provide excellent use cases that can demonstrate tangible benefits to support broader ESM initiatives.

HR pain points

Reducing the time to fill open positions by streamlining recruitment, improving candidate tracking and accelerating hiring processes.
Improving employee experiences through proactive HR services, self-service options and transparent communication.
Reducing employee turnover through proactive employee engagement strategies and improved talent management.

Facilities challenges

Reducing maintenance costs via preventive maintenance and efficient work order management.
Improving space utilization by optimizing space allocation and tracking space usage.
Enhancing occupant satisfaction by addressing comfort and safety concerns promptly.

Overcoming resistance

Transitioning from ITSM to ESM is not without challenges. Common hurdles include resistance to change, budget constraints and the need for IT departments to earn credibility.

By focusing on delivering a better employee experience and showcasing the value of ESM through tangible metrics, you can drive successful ESM adoption.

Beyond initial implementation

As organizations navigate toward wider ESM adoption, continuous improvement and collaboration are in order. Regular check-ins and metrics tracking will help monitor progress and refine strategies over time and further prove ESM’s value.

By empowering business units with visibility, reporting and efficient workflows, ESM can be a catalyst for organizational growth and innovation. This journey from ITSM to ESM is really a strategic evolution of an organization’s operational DNA, resulting in a business that’s more agile and responsive across the board.

The Critical Role of the CMDB in Security and Vulnerability Management

Tue, 23 Jul 2024 07:00:00 Z

Effective security and vulnerability management is crucial to safeguard organizations from ever-evolving cyber threats. At the core of these practices lies the Configuration Management Database (CMDB), a powerful resource that offers a centralized view of an organization's IT infrastructure.

The CMDB plays a pivotal role in upholding robust security and vulnerability management strategies – empowering organizations to proactively identify, evaluate and address risks to their IT systems and data.

What is a CMDB and why is it important?

The CMDB is a vital resource for organizations aiming to fortify their security stance and manage vulnerabilities with confidence. The CMDB serves as a central repository for all pertinent data on an organization's IT assets and the intricate web of relationships among them, empowering sound decision-making and a more effective approach to vulnerability management.

The CMDB meticulously tracks all IT configuration items – from software to hardware and network components – to ensure a thorough grasp of your IT environment. With clear asset relationships, you have a firm understanding of each asset's criticality and its impact on business services. This insight also enables the identification of assets frequently associated with vulnerabilities, empowering IT to deploy effective remediation strategies.

The CMDB also helps to provide visibility into an organization's security and compliance posture. Through comprehensive reporting and customizable dashboards, key stakeholders can see the organization's security and compliance posture clearly and concisely. With this knowledge, decision-makers can quickly identify gaps in security controls or compliance requirements, then take action to protect the organization from cyber threats and potential compliance violations.

Security and vulnerability management challenges

Organizations everywhere are struggling to manage cybersecurity effectively. The relentless growth of assets combined with the discovery of new vulnerabilities leaves even the most capable teams with critical security gaps.

Security teams receive an overwhelming number of findings each day, making it difficult to ensure vulnerabilities and security events are appropriately triaged and ranked based on their potential impact and criticality. Oversights can lead to critical vulnerabilities being overlooked.

Understanding the relationships between assets and vulnerabilities presents significant challenges, making effective vulnerability management even more difficult. It is crucial to comprehend the relationships, dependencies and connectivity among assets to accurately evaluate the potential consequences of vulnerabilities. This knowledge enables organizations to prioritize, respond to and mitigate vulnerabilities effectively. Without this understanding, organizations risk overlooking critical, widespread and exploitable vulnerabilities.

Using the CMDB to enhance cybersecurity

The CMDB is a critical component of vulnerability management. It provides a single source of truth for information about IT assets, their relationships and their configurations. This information can be used to identify assets that are vulnerable to specific threats, prioritize vulnerabilities based on their potential impact and track the status of vulnerability remediation efforts.

Although a vulnerability management tool provides a list of known vulnerabilities, their severity and their risk rating against assets, it can't identify the actual impact to the business without a CMDB.

Let’s look at two examples:

Vulnerability management identifies a finding that affects SQL Server databases. This vulnerability may be due to its high severity and critical risk rating. While the vulnerability management tool knows that all SQL Server assets need to be remediated, it does not specify which ones should be prioritized. If there are hundreds of databases, remediating the most critical ones should be the top priority.

In this example, the CMDB becomes crucial for decision-making because of the relationships it uncovers. It can identify which SQL Server databases affect critical production systems. These can then be prioritized over test and development environments. While it is essential to remediate across all environments, identifying and prioritizing production systems should always be considered critical.
A hacker has discovered an API with improper security configurations, enabling unauthorized entry to SQL Server databases across a network. Given the potential for stored personally identifiable information and even credit card information, it's clear API security and token management demand immediate attention to prevent the exposure of sensitive data and protect customers.

In this instance, the CMDB becomes an essential tool for pinpointing the specific business applications affected by the SQL Server API exposure. Given that the CMDB captures relationships with compliance and controls, the organization can swiftly notify the appropriate authorities – ensuring a seamless and efficient response across the board.

The CMDB serves as a robust tool within the cybersecurity framework, fortifying an organization's security posture and mitigating the likelihood of security breaches. By establishing a centralized and trustworthy repository of IT asset information, the CMDB empowers organizations to make informed decisions in protecting their assets from vulnerabilities and align with defined policies and controls that might be required to meet an organization’s governance, risk and compliance requirements.

Bringing IT and Security together through the CMDB

Seamlessly integrating the CMDB with security tools brings IT and Security into a single, centralized view – a strategic move that elevates an organization's cybersecurity posture

The CMDB is a critical foundation of an IT service management solution that supports best practices and processes such as incident, problem, change, knowledge, security events and security incidents, among others. These processes define and execute workflows across the business, as well as maintain and use the records within the CMDB.

The CMDB's capability to map assets and connections provides a powerful tool to anticipate potential disruptions. Moreover, it is an invaluable resource in identifying patterns and behaviors. From security events to patches, the CMDB's linkage of data allows for the recognition of systemic issues or vulnerabilities within assets.

Building a robust CMDB requires integration across multiple tools to enable a centralized and single view of IT assets and relationships.

Asset discovery: This is the fundamental requirement from which both an asset repository and CMDB are built. The discovery solution must retrieve assets across software and hardware and be able to incorporate new inventory when it's discovered or identified. Best practice typically involves a combination of agent-based and agentless discovery, actively and passively, to ensure that known and unknown assets are identified.
Service mapping: Often called relationship discovery or application dependency mapping, this discovery capability uses agentless discovery techniques to identify both infrastructure relationships and application relationships. This allows the CMDB to be populated with the necessary relationships to understand the impacts of security events and vulnerabilities.
Security information and event management (SIEM): The integration of the CMDB with Security Information and Event Management solutions offers organizations real-time threat monitoring capabilities. SIEM solutions collect and analyze data from various sources to identify potential security threats and their potential impact to business systems.
Patch management: Integrating with patch management, organizations can gain insight into which patches have been recently deployed. This information can be valuable in identifying potential issues that may arise because of a recent patch. Furthermore, integration with patch management enables change management teams to approve and control the deployment of patches to production systems.
Vulnerability management: The CMDB plays a crucial role in enhancing vulnerability scanning and assessment processes. By integrating the CMDB with vulnerability scanning tools, organizations can efficiently identify and prioritize vulnerabilities that pose risks to their business systems. Additionally, the CMDB assists in tracking the progress of vulnerability assessments, guaranteeing timely remediation and minimizing the likelihood of exploitation.
Security events: The CMDB serves as a central point for security event management. By correlating data from the CMDB and security tools, organizations can quickly identify and investigate security incidents. This centralized approach streamlines incident response, reduces the impact of security breaches and enables proactive security measures.
Governance, Risk and Compliance (GRC): GRC is not a direct security solution, but it is essential for ensuring an organization’s adherence to internal policies, statutory requirements and regulatory controls. Many of these standards require specific protocols for handling security incidents, vulnerabilities and software patching. By integrating GRC with the assets stored in the CMDB, we can not only understand these requirements but also document our efforts to address and remediate them.

Breaking down barriers with the CMDB

The CMDB facilitates the breakdown of barriers between IT and Security teams by providing critical insights across IT assets. This enables organizations to reduce security risks, ensure compliance with industry standards and regulations, improve their security posture, protect sensitive data and enhance their preparedness to address the evolving cybersecurity landscape.

Find out more about how Ivanti solutions can enable your organization to break down barriers between IT and Security so Everywhere Work can thrive.

AI Knowledge Management: How to Use Generative AI for Knowledge Bases

Mon, 10 Jun 2024 20:33:57 Z

Interest in generative AI has skyrocketed since the release of tools like ChatGPT, Google Gemini, Microsoft Copilot and others. Along with the hype comes concerns about privacy, personal identifiable information (PII), security and accuracy.

Organizations are treading cautiously with generative AI tools despite seeing them as a game changer. Many seek the “sweet spot” – enabling benefits right now while identifying more strategic future uses, all without compromising security.

One area in which gains can be immediate: Knowledge management, which has traditionally been challenging for many organizations. However, AI-based knowledge management can deliver outstanding benefits – especially for IT teams mired in manually maintaining knowledge bases.

How generative AI and knowledge management intersect

Generative AI refers to a type of artificial intelligence that can create new content, such as images, video, text or music, based on existing data. It uses machine learning algorithms to analyze and learn from large datasets, then uses that to generate new content.

Knowledge management is the process of capturing, organizing and sharing knowledge within an organization. It involves collecting information from various sources, storing it in a centralized database and making it easily accessible to employees as needed.

Many organizations carry out knowledge management manually, resulting in out-of-date or poorly written content. By automating knowledge management processes, generative AI can improve their efficiency and effectiveness.

Generative AI knowledge management benefits

Here are some of the specific ways generative AI can achieve these ends:

Automate creation of knowledge articles

Generative AI can automatically draft knowledge articles from existing data sources like product documentation, customer support tickets and employee training materials. This frees IT professionals for more strategic tasks, such as developing new knowledge management initiatives and improving existing articles.

With 56% of IT workers saying that helpdesk ticket volume is up, and 78% blaming hybrid/remote work for the jump, enhancing a knowledge base can enable quicker and more effective issue resolution and free teams to address more strategic tasks.

Create more personalized and engaging content

Generative AI can personalize content for each user to improve his or her experience. Knowledge articles, particularly for HR, can be personalized by region or language. Being able to generate content unique to an employee persona will enhance that employee’s usage and experience.

Improve the quality of knowledge

Generative AI can identify and correct errors, add context and additional information to knowledge articles and archive outdated information. So, employees will only access accurate and up-to-date information.

Generate new ideas and insights

Generative AI can combine existing knowledge in new ways. For example, HR, Facilities and IT might all have articles about onboarding and offboarding employees. Generative AI can use these to produce a merged knowledge article that covers all three departments, so an employee won’t have to search through multiple articles.

Solve problems quicker

Generative AI can rapidly solve problems by identifying data patterns to help improve decision-making and performance. For instance, it might examine IT incidents over a given period and identify a common resolution for similar issues. It can then generate a knowledge article for service desk agents on how to expedite resolutions, or for employees on how to do so via self-service.

Improve search accuracy

Generative AI can improve search accuracy by personalizing knowledge delivery based on each employee’s needs and preferences. Since an average worker spends 3.6 hours a day searching for information, any time savings here is a win that enhances their digital experience.

Enhance automation

Generative AI can help automate routine tasks, even those not directly related to creating knowledge management articles. Spiraling workloads are why 92% of IT workers see automation as “necessary” or “very necessary,” so identifying new ways of streamlining processes can free them from routine tasks to tackle other work while cutting costs.

Generative AI knowledge management drawbacks

Generative AI for knowledge management has the potential to revolutionize many industries and fields – but it’s not without issues that are important to address in implementation.

Security and privacy

AI knowledge management systems might contain sensitive or confidential information, so it's crucial to ensure they’re secured against cyberthreats. Also, there may be privacy concerns if the AI is generating content using personal or identifying information.

Quality and accuracy

While generative AI models can produce impressive outputs, quality and accuracy can vary widely depending on the quality of input data and task complexity.

Risk of misinformation

Generative AI can potentially produce incorrect or misleading information, leading to serious consequences for IT – for example, by introducing malware or incorrectly recommending turning off functionality used to secure the IT environment against malicious actors. Say a user is trying to install a printer driver and asks AI for help. Among its instructions, AI might tell the user to disable antivirus software or a firewall, providing a window for malware to be installed.

Dependence on AI-generated content

Companies that are too reliant on this may not prioritize human-generated content or critical thinking skills, potentially leading to lost expertise. Human oversight is still essential in validating and approving AI-generated outputs.

Data bias

Generative AI models can inadvertently reflect biases present in their training data, leading to skewed or inaccurate results. This can be an issue in knowledge management, where accuracy is critical. If an AI knowledge management model is trained on data predominantly from the United States, for instance, it may generate outputs less relevant to people in other countries.

Ethical concerns

These include potential bias in AI knowledge management training data, perpetuating existing inequalities.

Get the Interactive Report: AITSM: How AI is Redefining IT Service Desk Automation

Making AI knowledge management work

Despite the concerns, generative AI knowledge management can be a powerful tool. By carefully considering potential drawbacks and taking steps to mitigate them, organizations can make good use of generative AI in knowledge management.

Here are five things to consider when deploying AI knowledge management:

Identify data types used to train the generative AI model: Identification of data types will help to ensure that the data used is accurate and reliable. Are you going to use existing knowledge articles, incident data, problem data or a combination of types?

Ensure identified data is accurate, complete and up to date: Generative AI is only as good as the data it's trained on; “garbage in, garbage out” still applies.

Monitor the output of your generative AI knowledge management model: Check it for bias, misinformation, completeness and accuracy to ensure the information being generated is reliable.

Develop policies and procedures to manage risks: This is crucial to address issues such as data security, privacy, and ethical considerations in using generative AI for knowledge management.

Put an approval process in place: Review and authorization must happen before any generated outputs are shared publicly.

Implementation tips for generative AI knowledge management

There’s no doubt that generative AI knowledge management can be a valuable tool – or that there’s still much to be learned about both its benefits and possible pitfalls.

An organization must evaluate the potential impacts and pick an AI knowledge management solution that satisfies its distinct needs for privacy, accuracy, and security.

That said, there are a few more best practices to support successful adoption:

Start small and scale up: It's best to start with a small generative AI knowledge management pilot project, then scale up as you gain experience.

Get buy-in from stakeholders: It's important to get stakeholder buy-in before deploying generative AI to assure it's used effectively and its outputs are trusted.

Continuously improve the model: It's vital to continuously enhance your AI knowledge management model by retraining it on new data and addressing any potential problems that might crop up.

How to Simplify ITSM Integrations with iPaaS

Thu, 29 Feb 2024 18:03:46 Z

Integration is a crucial aspect of modern IT service management. By linking their ITSM platform with external applications, businesses can simplify their IT operations, enhance efficiency and flexibility, and provide better customer service. Real-time integration allows businesses to quickly adapt to changing circumstances and ensure that IT services align with business requirements.

However, ITSM integration can be complex and difficult. Traditional integration methods often involve custom development and integration work, which can be costly and time-consuming. iPaaS offers a solution to these challenges and makes ITSM integration more manageable.

What is iPaaS?

iPaaS stands for Integration Platform as a Service. It's a cloud-based service that provides a set of tools and services that make it easy to connect applications and automate workflows. iPaaS can be used to integrate ITSM tools and applications with other business systems, such as CRM, ERP and HR systems. This can help to improve efficiency, reduce costs and improve customer service.

iPaaS works by providing a central platform that allows businesses to connect applications and automate workflows. This platform provides several features and services that make it easy to integrate applications, including:

Pre-built connectors: IPaaS platforms offer a library of pre-built connectors that simplify the process of connecting to commonly used applications. These connectors are designed for applications like Salesforce, Oracle, SAP and Workday.
Data transformation: iPaaS platforms are essential for converting data between various applications to maintain consistency and accuracy during integration across multiple systems.
Workflow automation: IPaaS platforms can automate workflows between applications, improving efficiency and reducing the need for manual intervention.

How iPaaS makes ITSM integration easy

IPaaS simplifies ITSM integration by providing a centralized platform with built-in connectors and templates, eliminating the need for complicated point-to-point connections. This saves time and effort when connecting multiple systems, without requiring advanced coding or technical expertise.

With IPaaS, data can be synchronized in real-time between ITSM tools and other business systems. This ensures that all systems have the most up-to-date information. Real-time integration improves the accuracy and efficiency of ITSM processes, allowing businesses to quickly and effectively address customer requests and problems.

Moreover, iPaaS offers scalability and flexibility for ITSM integrations. As businesses grow and their IT needs change, they can easily add or remove ITSM tools and applications without disrupting existing integrations. This enables companies to adapt their ITSM integrations as needed, maintaining efficient processes.

Common use cases for iPaaS within ITSM

Common integration-centric use cases that are good applications for iPaaS within ITSM include:

eBonding/ticket forwarding: This facilitates two-way integration with other ITSM or ticketing systems – internally and externally. This is common for service providers who need the ability to directly integrate their service management platform with a customer's platform. This typically involves bidirectional incident integration, but it can also include changes and assets/CIs, depending on the agreement between the customer and service provider. Typically, this type of integration would be between Ivanti Neurons for ITSM and ServiceNow or BMC Helix.
Procurement: To streamline service requests, service fulfillment, and asset lifecycle workflows, it may be necessary to integrate with a procurement system like SAP or a similar solution. Additionally, integration with external providers like Dell or CDW can facilitate procurement requests with vendors.
Onboarding: When bringing a new employee into your organization, it's important to involve not just HR, but also IT, payroll, facilities and any other necessary departments. Streamlining the onboarding process across all these areas can be achieved through automation, regardless of the specific applications being used (such as Workday, SAP, Ivanti Neurons for ITSM, or ADP). This allows for seamless integration and handling of all necessary tasks.
DevOps: Streamlining development processes is crucial for the success of the DevOps/DevSecOps process. Automation is essential for achieving a streamlined and efficient process throughout application development (using tools such as Jira and Azure DevOps); deployment (with GitHub and Jenkins); operations (using ITSM); and security (with tools like ASOC and BlackDuck).
Communication/collaboration: Many organizations use various collaboration tools such as Microsoft Teams or Slack for instant messaging, and virtual agents like Espressive and Moveworks. When these tools can communicate with one another, that allows employees to use their preferred tool and improves their overall experience. It also ensures that no communication is lost. It is important to enable these tools to automatically integrate and communicate with service management, as it is a crucial capability.
Operations management: Many organizations use multiple solutions to monitor their operational environment. These solutions often cover network, server, application and security monitoring. It is crucial to ensure that these tools are communicating with service management to provide accurate and timely information to the appropriate teams. Integration with these solutions should allow for updates to be shared in both directions, ensuring consistency across all environments.
Request fulfillment: Expand the scope of request fulfillment beyond ITSM to include external third-party solutions for processes such as approvals and procurement, and external vendor systems such as CDW, Lenovo or Dell. Create a smooth workflow that spans various external systems to improve the efficiency of your request fulfillment process.

Ivanti Neurons iPaaS makes integration easy

Ivanti Neurons iPaaS, powered by Workato, is a cost-effective, efficient, agile, scalable and secure integration platform for Ivanti Neurons for ITSM (SaaS), enabling integration across ITSM, ITAM and Line of Business applications. It’s seamlessly integrated into the ITSM admin experience to make development, monitoring and troubleshooting extremely easy in the context of ITSM, ITAM or Enterprise Service Management use cases. By leveraging Ivanti Neurons iPaaS, businesses can streamline their IT operations, improve service delivery and gain a competitive advantage in today's dynamic technology environment.

The Ivanti Neurons for ITSM platform will continue to support industry standard open APIs such as REST API, SOAP and Webhooks. Ivanti Neurons iPaaS extends and enhances your API and integration capabilities.

Learn more about how Ivanti Neurons iPaaS can transform your ITSM integration approach.

How to Accelerate Deployment with an ITSM-GitHub Integration

Fri, 03 Nov 2023 17:04:45 Z

GitHub is one of the most popular version control systems used today, allowing developers to collaborate on projects and quickly deploy their code. However, deploying code through GitHub can also be time-consuming and risky if not done properly.

In this blog, we’ll cover how IT teams can reach across the aisle to your colleagues in development to accelerate and protect their GitHub deployment by integrating with the service management software you already use.

The basics of GitHub deployment

If you work in IT, you’ve probably heard of GitHub — but unless you have a background in development, you might be less familiar with what it does.

GitHub is a popular web-based version control system for software development. It gives developers a platform to collaborate on projects, store code and deploy changes more easily. Developers can keep track of changes made to their codebase and discuss and review changes before they are integrated into the codebase.

Version control systems like GitHub are essentially a way to store all versions of a project in one place. Every time a new change is made to the project (e.g., code added or deleted), a new version is created and stored alongside the old versions so that if any issues arise due to a recent change, these can be reverted quickly without having to manually re-enter all the previous work. This makes debugging easier and helps speed up development cycles overall.

GitHub makes it easy for developers to deploy their code quickly and reliably in various environments such as production servers or staging environments without having to manually deploy every time there are updates or bug fixes needed in the app or website they are working on.

This helps save time and effort while ensuring that deployment goes smoothly with no unexpected errors appearing along the way due to manual mistakes in copying over files incorrectly or omitting certain files during deployment processes.

Why automate DevOps processes using ITSM?

GitHub deployment is a crucial part of the software development process, and automating and protecting it can make the difference between success and failure.

Automation streamlines the entire deployment process. By taking care of mundane tasks like pushing out updates or checking for bugs, automation lets you do more complex work, faster. It also eliminates the risk of human error, which can lead to costly mistakes down the line.

Automation also makes it easier to track changes over time so you can identify issues quickly and get ahead of potential problems.

Best practices in change management tools like Ivanti Neurons for ITSM can ensure that all changes are tracked and logged for improved compliance and oversight. With these tools at hand, businesses have more confidence knowing their systems are secure against malicious actors or unintended changes throughout their development cycle.

Integrating GitHub and Ivanti Neurons for ITSM

Ivanti Neurons for ITSM helps automate the deployment process through change management, which allows IT to keep track of the deployment’s history, approvals, and rejections.

In a traditional application development environment, application development would manage the release process through ITSM manually by creating a change request within ITSM. Since this is a manual process, it doesn't guarantee a change request is created whenever a deployment request is raised or the change is approved before the deployment is initiated, which may result in unauthorized or incorrect deployments.

By extending ITSM’s automated change approval process to DevOps, application development teams can work at speed, without unnecessary bottlenecks and frustrations.

The integration between GitHub and Ivanti Neurons for ITSM uses GitHub’s custom deployment protection rules and Ivanti Neurons for ITSM webhooks to automate processes.

Custom deployment protection rules are powered by GitHub Apps and run based on webhooks and callbacks. The custom apps subscribe to the deployment protection rule event, which is emitted when a deployment is triggered for a particular environment, based on which they are configured to emit certain events. These events can be forwarded to a webhook, which will integrate with Ivanti Neurons for ITSM.

Once you have created a custom deployment protection rule and installed it on your repository, the custom deployment protection rule will automatically be available for all environments in the repository.

Once a change is created within Ivanti Neurons for ITSM, it'll go through the change approval process. If the change is approved, the integration automatically notifies GitHub of the approval and changes the status of the GitHub package to allow the deployment to automatically proceed.

The data flow between GitHub and Ivanti Neurons for ITSM in an automated change management process.

Unlock the potential of an ITSM and GitHub integration

Service management tools like Ivanti Neurons for ITSM can be invaluable for GitHub deployments. Automation and protection are essential for stability, reliability and efficiency, and these tools provide the features needed to ensure your deployment is secure and successful.

With Ivanti Neurons for ITSM, businesses can create a complete audit trail that records every change made to the codebase. This feature helps with debugging any errors in the code as well as pinpointing potential security vulnerabilities.

Ivanti Neurons for ITSM is designed for automating changes across multiple systems in a unified platform. It allows users to quickly identify changes needed in their system and track progress on those changes from start to finish. This reduces complexity while also ensuring that all deployments are compliant with company policies and standards before they go live.

Ivanti Neurons for ITSM can also automate your end-to-end DevSecOps process from identification and prioritization of a vulnerability, managing the vulnerability across development, operations or security teams — automatically integrating with development tools such as Jira or Azure DevOps and automating the change management process and approvals before deployment.

Using Ivanti Neurons for ITSM gives businesses more confidence in their GitHub deployment process — whether they're deploying new code directly or using specialized CI/CD pipelines by providing automation, protection and visibility into processes and reporting capabilities. Additionally, these solutions offer auditing capabilities that help maintain compliance with industry regulations such as GDPR or HIPAA.

Unlock the full potential of your service management tools like Ivanti Neurons for ITSM and take your

Unlock the full potential of your service management tools like Ivanti Neurons for ITSM and take your GitHub deployment process from good to great!

The Need for Enterprise Service Management

Wed, 15 Mar 2023 14:42:49 Z

Key takeaways

ESM is the practice of managing technology services to ensure that they meet the needs of the organization and its employees.
It ensures services are delivered consistently, efficiently and cost-effectively – while meeting the needs of the business and customers.
The benefits of Enterprise Service Management (ESM) include increased employee satisfaction, boosted employee engagement, reduced costs, increased efficiency and improved compliance.
Comprehensive processes and automation help ensure your organization provides the highest quality of service to customers while optimizing available resources.
There are four key components of an effective ESM strategy: clear goals and objectives, comprehensive processes, automation and monitoring and feedback.

Organizations today are becoming more reliant on technology to provide quality services to their employees. As a result, there is an increased need for Enterprise Service Management (ESM).

What is Enterprise Service Management?

Enterprise Service Management is a set of processes and practices used for managing the delivery of an organization’s technology services. ESM ensures services are delivered consistently, efficiently and cost-effectively – while meeting the needs of the organization and customers.

Employees expect a similar experience in their day-to-day business life, whether they engage with IT or any of the many other service providers in a company. This includes human resources (HR), Legal, Facilities, project management, security, sales, marketing, R&D and finance departments.

Benefits of Enterprise Service Management

The benefits of Enterprise Service Management are numerous. Some of the most important include:

1. Improved employee satisfaction

ESM looks at how technology helps or hinders employees when doing the work they need to do - when they need to do it. ESM ensures services are delivered consistently and efficiently, leading to improved employee productivity and satisfaction. By providing clear expectations, enhancing communication and creating a sense of ownership, ESM enables employees to feel more engaged with the teams who are delivering the services they have requested.

For example, if an employee can see the status of a request, they know what stage it is in and when it can be expected to be finished This allows employees and business departments to focus more on providing business value and ensuring that IT boosts productivity versus hindering employee efficiency.

2. Boosted employee engagement

Delivering an omnichannel experience across a self-service portal, Microsoft Teams, virtual agent, and email allows employees to choose the way they work that best fits their needs and preferences, increasing their engagement by providing an easy way to find and request information and services across a variety of modes.

3. Reduced costs

ESM can help reduce costs significantly by streamlining processes and eliminating unnecessary complexity. Automation is key here; ticket classification, assignment and flexible workflows can be automated, ensuring the right team is handling the ticket from the beginning. This not only reduces costs but leads to improved efficiency and customer satisfaction.

4. Increased efficiency

ESM helps increase efficiency and reduce errors by ensuring services are delivered on time and meet the organization's priorities. This can be achieved through standardized workflows, documented processes, automated assignments and interconnected systems, resulting in higher quality services across the organization.

5. Improved compliance

ESM enables organizations to meet industry regulations and standards. Through detailed auditing and reporting, organizations can ensure their compliance with service levels, security protocols and other regulations. This helps organizations protect their data and assets and gain

a competitive advantage in the market by ensuring compliance with relevant regulations.

Features of an effective Enterprise Service Management strategy

Employees expect easy and instant access to IT and non-IT services and automatic fulfilling of their requests.

While the IT service desk or help desk are top of mind when discussing service management, this is only one element for an ESM strategy. Some other key capabilities, which are an opportunity for introducing Enterprise Service Management to non-IT services, include:

Self-service portal.
Easy knowledge access.
Ticket automation.
Case management.

An effective ESM strategy must have four key components:

1. Clear goals and objectives

It is essential to have a comprehensive understanding of an organization's goals and objectives when it comes to ESM. This could begin with Human Resources (HR) or Facilities having an explicit idea of advantages.

To start small, if email is the normal form of communication, it would make sense to incorporate automated email creation into the new ESM platform and implement the self-service portal or virtual agent as a second step.

However, it is even more important to enhance the backend processes by utilizing automation and workflow technology. This will allow for streamlined operations and more efficient processes, resulting in greater productivity.

Additionally, having a well-defined ESM strategy helps ensure the organization keeps up with the ever-changing needs of the customer base and offers high-quality service all the time.

2. Comprehensive processes

From the initial design to the final delivery, ESM processes should be comprehensive and detailed, encompassing a wide range of service delivery stages. It is important to document and outline the services and processes that your organization plans to offer. These services and processes may be limited at first, but they will inevitably expand as your organization matures.

Additionally, it is essential to identify the most significant processes that will give the best employee satisfaction and the highest efficiencies. Having comprehensive processes in place helps ensure your organization can provide the highest quality of service to the customers while optimizing the resources available.

3. Automation

Enabling automation in your organization will streamline processes and reduce errors. Automatically assigning work to the right team will significantly reduce response and resolution time and improve turnaround time for customer requests. Workflows that automatically manage approvals, tasks and notifications help maintain high levels of accuracy and quality.

Combining automation with existing manual steps will significantly improve the speed, accuracy and quality of organizational operations and improve the employee experience.

4. Monitoring and feedback

It is important to monitor the performance of ESM processes and provide feedback to ensure that they are meeting the organization's goals and objectives. To do this effectively, it is necessary to put in place dashboards, analytics and other reporting tools that will provide visibility into the team's workload and identify any imbalances or inconsistencies.

Monitoring will help you observe any trends or changes in workload, and measure how well service level targets are being met. This helps ensure that all organizational goals and objectives are achieved. Additionally, it gives managers the ability to make better decisions on how to adjust and prioritize resources accordingly.

The need for Enterprise Service Management (ESM) is becoming increasingly important as organizations become more reliant on technology to provide quality services to their employees.

ESM can help to reduce costs, improve employee satisfaction, and increase efficiency, while also ensuring that an organization is compliant with industry regulations and standards. An effective ESM strategy must include clear goals and objectives, comprehensive processes, automation, monitoring and feedback.

From improving employee satisfaction to significantly reducing cost, implementing an effective ESM strategy helps your organization stay productive and efficient in this new era of Everywhere Work. As IT’s responsibility for managing non-IT assets grows, ESM will help IT teams broaden their influence and deliver business value to the organization. Learn more about how Ivanti can help with your Enterprise Service Management strategy.

What Is DevSecOps? How Great Developers Shift Left for Security

Thu, 05 May 2022 16:04:20 Z

In the alphabet soup of IT buzzwords, DevSecOps is one of the more confusing abbreviations.

Is DevSecOps just a fancy name for a specific tool?
Is there a DevSecOps process or best practice?
Should DevSecOps be an internal IT department priority, or a broader company philosophy?
If a company already leverages DevOps processes and tech stacks, then should it upgrade to DevSecOps – or would that simply complicate an already overburdened process?

More than just a trendy buzzword, DevSecOps is the mature organization’s next evolution in comprehensive development processes.

The natural evolution of DevOps from traditional software development lifecycles

For context, DevOps – Development-Operations – as an integrated process philosophy gained momentum around 2008.

Traditionally, software development lifecycles (SDLC) followed a structured waterfall approach. Reliance on completion of one section led to bottlenecks, resulting in slower delivery of applications, fixes and changes.

To meet market demand and internal deadlines, IT operations and software development needed to get code out the door faster. Products needed quick implementation without major roadblocks.

With this increased need for speed, the new Agile Development Methodology gained popularity. This development process involved sprints with smaller more frequent releases as teams developed and tested features in tandem.

These faster deliveries led to a continuous development process through collaboration and automation, leading to today’s integrated DevOps process.

Why DevOps must shift left for security

The speed and automation of a modern DevOps process, however, can produce increased risk and more vulnerabilities and weaknesses.

In a traditional DevOps process, security assessments come at the end of the development process. This security-for-last approach:

Slows down the development lifecycle with its reactive, obligatory approach to security.
Leads to developers’ distrust and frustration with the security team, since they’ll need to rework almost-shipped code to fix security issues that could have been identified and resolved sooner.

So, organizations have begun to shift left – that is, proactively introduce security into the development lifecycle itself, rather than as a last-minute addition.

Despite its universally recognized importance, developers are understandably reluctant to take on security, as this added responsibility would impact their ability to push out new code.

Besides, developers are not security specialists. How can they know which vulnerability should take priority? Why should they be responsible for interpreting possible security risks of data without context?

Development isn’t the only process requiring increased security integration, either. The operations team must also be included in the new security prioritization, since operating systems, databases, web servers and other parts of the technology infrastructure frequently host many potential vulnerabilities and weaknesses.

Ultimately, DevSecOps is a fine balance between allowing development agility and speed, while maintaining a secure application and operational environment. This comprehensive, collaborative process requires awareness and automation between all three teams: development, operations and security.

Developers need to recognize the importance of security – rather than treating it as an anchor weighing down their productivity – and proactively include risk assessments and repairs within the development lifecycle itself.
Security and operations together must ensure and facilitate the continuous development lifecycle through efficiencies and prioritization of vulnerabilities and weaknesses.

There is no universal DevSecOps tool

Frankly, no one tool or solution will address the many diverse needs within a continuous integration/continuous delivery (CI/CD) pipeline.

DevSecOps covers too many different specialties and potential challenges to have a single technology or application that can cover all areas. As part of an effective DevSecOps protocol, an organization must implement:

Infrastructure scans.
Dynamic application and code scans.
Automated penetration tests.
API fuzzing.

Of course, this list is just the tip of the technology requirements iceberg.

Let’s not forget the many other sources of vulnerability information which must be synthesized, consolidated and acted upon. Inevitably, multiple data sources can cloud a clear understanding of urgency, impact and priority – if reconciled manually, or by a single application.

Prioritizing the DevSecOps philosophy without adding extra work

Ultimately, DevSecOps is not about a one-off tool or single point within the development process, but about automation, collaboration and integration.

After all, shift left is not just a term used to describe the process of developers alone thinking about security. Shifting left requires the entire team to consider potential vulnerabilities and weaknesses and risks from the very start of a project.

This shift requires scanning the code while it is in development and fixing issues as they arise as a regular, integrated part of the overall operation. Automated security testing should be executed in parallel with software development, incorporated during code review and added to acceptance testing criteria.

And, if security is to be included as part of general operations and development processes directly, then aggregation and prioritization of vulnerability and weakness data becomes vitally important. Developers and process managers should not need to become security experts to understand what’s important to fix, at which point in the development process.

Likewise, security experts shouldn’t need to know how to code the latest improvements to be able to communicate possible weaknesses within the code currently in review.

That’s where an organization’s tools and applications can greatly ease many of these implementation road blocks.

The mature DevSecOps program’s automated, integrated tech stack

While DevSecOps has no one tool to cover every part of the process, organizations must have a strong tool set to track the work across teams and coordinate critical tasks to eliminate security weaknesses in code before they become public.

Development tends to use specific tools – such as Jira or Azure DevOps – to manage their workload. On the other hand, the operations team is more likely to use and reference a service management solution, such as Ivanti Neurons for ITSM. Security teams often have an entirely different suite of tools altogether, which may or may not integrate with their counterparts’ tech stacks.

For the organization seeking to bridge these different programs into a unified DevSecOps process, modern algorithms and tools offer all three teams an unparalleled ability to automate:

Raw data collection.
Risk prioritization based on the organization’s unique exploitability factors.
Targeted focus on top security priorities based on current ransomware trends, exploitable vulnerabilities and weaknesses, remote code execution and privilege escalation.

Many organizations implementing their DevSecOps process find that automating and centralizing this information into a universally accessible and integrated hub empowers all teams – development, operations, and security alike – to work on the right task at the right time while enabling cross-departmental measurement and reporting against key KPIs.

Empowering development cycles through DevSecOps

Finally, DevSecOps is about empowering collaboration across development, security and operations teams. For an integrated, shifted left process and lifecycle, all teams must understand the expectations across the board, with common reporting and KPIs.

Developers and operations staff must also receive training on security awareness, with the tools and processes in place to facilitate an early security focus. This transparency is key for a successful DevSecOps process implementation.

By empowering the teams to take responsibility for security through the DevOps lifecycle, DevSecOps allows development, security and operations teams to find and remediate security issues faster.

Why IT Asset Management is Like Building a Jigsaw Puzzle

Wed, 23 Feb 2022 16:57:02 Z

Think about the process of building a jigsaw puzzle. After placing every piece on the table in front of you, different colors and types, you don’t really know how they’ll form a complete picture—and you certainly don’t know if any are missing. You have little choice but to sort through everything to understand what you have and how each piece relates to another. You can see where you need to go, but nothing looks like what’s displayed on the box.

Doesn’t that sound a little a bit like your IT asset management journey? You know what you’d like to accomplish, but there’s no clear understanding of how and where to start. This blog will provide clarity.

Discovery

Discovery answers the first question: “What do I have?”

Within asset management, understanding what you have is the critical starting point. At Ivanti, we have found that many organizations are unaware of up to 30% of their asset landscape. So, like our jigsaw puzzle example, the first thing these organizations must do is tip everything out on a table so they can sort and classify the pieces, with the edge pieces being the most important.

In IT asset management, this means identifying your laptops, desktops, servers, network devices, phones, tablets and software, and then sorting to understand what is most important. What constitutes your “edge pieces” can vary depending on your organizational goals. For example, if you’re undergoing a software audit, you would prioritize the sorting of software. On the other hand, if you’re looking to update desktops, sorting through laptop and desktop hardware is most important.

Reconciliation

In any organization, there is no one repository of data that will give you all your information, and it is normal to get asset information from multiple different data sources. In fact, we have found most organizations have 12 or more discovery sources. Typical data sources are Microsoft Endpoint Configuration Manager (SCCM), CSV file, Microsoft Active Directory, Intune, Workspace One (AirWatch) or Ivanti Discovery.

With so many data sources, you don’t want to end up with multiple duplicate assets. This is where reconciliation comes into play. The right solution, such as Ivanti Neurons, enables you to have one trusted record for each asset, with data gathered from multiple, easily addable or removable data sources.

Normalization

We are up to the third step of the process, having discovered and reconciled assets. Now, we need to normalize the data. This step is extremely important for software assets because there is no standard for names, applications, and versions of software. The name variations can be minor, like a version number, or maybe the company name. For example, I have a system that returns two records:

Vendor Name = Mozilla Corporation, Software Name = Thunderbird and Version = 78.10

Vendor Name = Mozilla, Software Name = Mozilla Thunderbird 78.10.2 and Version = 78.10

These titles come back looking slightly different from discovery but are in fact the exact same software. Using the Software Identification Database, the Ivanti Neurons solution will normalize this data so that we have one record of the software. You can now use this normalized data for a complete understanding of your software licensing costs.

Visibility

Now that we have discovered, reconciled and normalized our assets, we can be confident in having accurate visibility into the information across hardware and software.

Without doing any more work and with integration into Ivanti Neurons for ITAM, you can instantly visualize the asset data and start to answer questions you were wanting to understand. For example, how many routers and types do I have? How many Dell laptops are out there? Where are these assets located? And which department owns them?

You can expand this out to include other types of specialized assets such as in the medical field and bring in X-ray machines, MRI, etc. This can be done by adding Ivanti Neurons for Healthcare as a data source to discovery.

Analyzing your assets for optimization

Asset managers love this visibility of their assets and can now look to optimize costs across hardware and software. Utilizing connectors into warranty vendor information, and Ivanti Neurons for Spend Intelligence, an asset manager can analyze the data, and understand more complex questions like:

What devices are out of warranty, or about to be out of warranty?
What devices do we have in stock that are supported and we can reallocate?
What software is approaching or has already reached end-of-life?
What software are we licensed for and not actually using?
Is there software out there that we can upgrade to the latest release?

Streamlining the asset management lifecycle process

Once you have discovered, reconciled and normalized, you are in a better position to manage your asset management lifecycle processes. Streamlining and automating the asset management lifecycle enables an organization to gain efficiencies within IT and provide an employee with better experiences. You can identify software that is available and automatically deploy it to the end user or redeploy existing hardware assets to an employee without the long procurement process.

Using the data available and the workflows built into Ivanti Neurons for ITAM, the asset management workflow process is streamlined and optimized.

Gaining control over your IT investments

Gaining control of your IT Investments can only be achieved by having an asset management journey in place to discover, visualize, optimize and automate the process.

Want to learn more? View this video of the key capabilities of the solutions discussed in this blog.

I’ve Been Everywhere, and the Risks it Can Bring to your Workplace

Mon, 15 Nov 2021 21:57:25 Z

The song “I’ve Been Everywhere” was written by an Australian country singer, Geoff Mack, back in 1959, where he sang about all the towns he visited across Australia. It became famous in the US in 1962 by the country singer Hank Snow where the song hit number one. He of course did make some changes as the names of the towns were now all based in the US. And since then, many versions have been created.

You will by now be wondering what has this to do with an Ivanti blog?

At Ivanti we talk about the Everywhere Workplace, and when I think about my work journey over the past 9 years I have worked from a lot of different locations, across hotel lobbies, cafes, airport lounges, offices, the back of an Uber, and of more recent times from home. In many ways I think of myself as a pioneer in the working-from-everywhere workplace as that is what I have been doing for 9 years now. Other than my home and the office, I was always thinking about how and what should I connect to, and how much of a risk is there to my laptop, and the business files that I had in my device.

Balancing Risk and Security with the Employee Experience

As organisations are now having to adopt the Everywhere Workplace, many are now trying to work out how to secure the devices connecting into corporate systems, allow a great employee experience for them to be productive, and not overburden the IT department. This is an organisation’s biggest challenge.

Let’s look at a simple example, which I think many of you may have experienced. When you were at the office, everything worked fine, the printer was setup, the Wi-Fi is configured, and you always had the IT person up the corridor. You get sent home, and the first thing you realise you need is to be able to print to your home printer. And this is when things start to get problematic. IT have set the Standard Operating Environment (SOE) so that you can’t install software onto your work computer, and therefore you cannot install the printer drivers. After various Google searches, and several frustrating hours waiting for IT to set up a Remote Access session, you get the printer drivers installed. There are quite a few things that have happened here. (1) The employee has been unproductive, (2) IT have been overburdened with calls from employees and (3) The employee experience has been, well terrible.

Before we talk about what we can do to handle these issues, let’s look at another scenario. Jason is the CFO and needs to access the financial systems for end of year reporting. Jason is having to do this from an airport lounge on his way to the board meeting. Normally Jason is always connected via a VPN. Unfortunately, the VPN did not connect, and Jason was unaware, and Jason accesses the financial system across an open airport lounge network. The risk here is that Jason whilst accessing the financial systems is opening up that data to any malicious actor on the network.

Putting Control back into the Employees Hands

This might seem counter-intuitive to the scenarios we just discussed but giving control back to your employees will reduce the burden on IT, and greatly increase the productivity and experience for the employee.

Most organisations have a strict policy, and they remove all administrator rights to an employee’s device. Which may be the right decision on certain devices. In doing this though we raise the burden on IT as we have seen with the printer scenario just discussed.

Now we don’t want to go and open up a device and give full admin rights to everyone, as that can leave the devices vulnerable, significantly increase security and manageability costs, create legal and liability issues and make compliance difficult.

The answer is to remove full admin rights, and then provide them with the elevated privileges for the applications and tasks they need (for example add printer). Ivanti Application Control provides the ability to set privileges according to these requirements, and will greatly reduce support calls, simplify endpoint security, and reduce TCO.

Dynamic Application Security across your Desktop Device

Let’s drill into application security further, in our second scenario, Jason the CFO was using the financial system. Now typically the expectation is that the device is on a local network, or a VPN network, and as a result using the financial system would be secured. However, in the “Everywhere Workplace” if the VPN doesn’t connect, and you aren’t aware of that, then you are open to malicious actors.

What about if we put in place dynamic allow and deny lists? A dynamic allow or deny list will change the behaviour based on the rules you define. In our CFO scenario, we would set up a dynamic list which says, Jason can use the financial application if he is connected to a local network or VPN. If we see Jason is not connected correctly then he is denied the ability to run the application, until he connects to VPN or local office network again.

Putting in place dynamic allow and deny lists increases security, reduces risk, and provides peace of mind to the business. Ivanti Application Control provides a strong capability across allowed and denied lists.

Enabling the Employee

As we have witnessed over the past 18 months, we are living in a dynamic environment where one day we are in the office, the next day we aren’t, our roles change, the work requirements change, the applications we use change. And with that the employee may need legitimate access to an application or some sort of administrator access either permanently or for a short period of time.

Ivanti Application Control integrated with Ivanti Neurons for ITSM allows an employee to request access via the Ivanti Neurons for ITSM Self Service Portal. The request can be full automated for approval, and also the granting of the request. This automated approach ensures fast granting of access, reduces IT burden, and ensures that the appropriate tracking and auditing of changes are kept, and can be reported on against company policies.

Increase Employee Experience in the Everywhere Workplace

Whether you run Windows or Linux desktops you can secure the applications used across these environments and provide a wonderful employee experience. Find out more about Ivanti Application Control by attending our upcoming webinar on “Transforming the User Experience …. One Desktop at a Time."

Learn more about Ivanti Application Control here. Or if you’re ready to take a closer look, schedule a demo today.

Improving the Employee Experience with Proactive Service Management

Tue, 28 Sep 2021 22:23:26 Z

Recently I was thinking about the topic “How do you improve the employee experience?” Many organisations drive this from an IT perspective with concepts like a Self-Service Portal, or Teams Channels, chatbots, even Social IT boards. These are all great ideas, but are they truly addressing employee experience?

Let me elaborate on this concept. I have a friend who uses a Service Management solution that has a fantastic Self-Service Portal which allows them to create issues, search the knowledge base, and make service requests such as ordering a new computer. And, the two or three times he has used the Self-Service Portal and interacted with IT he has been happy.

Poor Employee Experience

But when I asked him what he thought of IT, he said they were never proactive, and he was always having issues with his computer. What? Why? Two weeks earlier, he caught the train into the city; the trip is about 1.5 hours and he had time to work, so out came his laptop and he started working. Thirty minutes later the laptop battery ran out of juice and he could not continue working. Three days later when he powered up his laptop, he received the message, “Your battery can no longer provide sufficient power to your system and needs to be replaced." Six months earlier he had issues with Blue Screen crashes and his motherboard. After the battery issue, he went to the self-service portal, created an issue with IT, who then told him the laptop needed to be replaced and to raise a service request for a replacement laptop.

Now IT were very quick in identifying what needed to be done and responding to my friend. Within the context of the issue, they did a good job. But my friend was still unhappy with IT. His first comment to me was why couldn’t they be proactive and know about these issues before he did.

I put a question back to him. If IT was proactive and could see these issues before you did, and even order you a replacement part, or order a new computer without you having to do that, how would you rate them? His comment was a simple 10 out 10. Excellent.

Shift Left

Many organisations talk about the concept of “Shift Left.” What this is trying to do is focus on service excellence and end user empowerment. By just empowering the end user, this only moves the process a very small amount to the left. The largest shift left is proactive identification and resolution of the issues.

Automation and Self-Healing

Let’s put this into action using Ivanti Neurons for Healing and see what the process can look like.

1. An automation process executes against a laptop and based on this process, identifies battery health as poor, terrible, or no longer useable.

2. The results of this then sends a message to the laptop owner via Microsoft teams notifying them of this issue and asking what they would like to do:

Notify IT of the issue
Request a new laptop
Ignore the issue for now

3. As a result of this Teams interaction, the automation process will either:

Create a service request for a new laptop
Notify IT of the issue
Ignore the issue for a while longer

4. Now of course you could skip the Microsoft Teams interaction but having that notification capability keeps the user engaged and aware of what is happening, and proactively involved.

Putting this all together what does this automation process look like?

This shift left move enables the user to work without distraction and interruption. How many times do we as users Google how to fix something on our work laptop? Why? Because we feel we can get this resolved immediately ourselves, rather than having to logon to the self-service portal, log an issue, wait for an IT person to reply, and arrange a common time for the IT person to remote into your computer -- only to have them try the same things you have already tried and tell you what you already know.

Think about the different issues you have had recently, or maybe colleagues have had. Let’s list a few:

Battery Health. We’ve already covered this one, but the reality is users don’t know about their battery health until they need a new battery, and sometimes that is during an important presentation.
Print Spooler. One recent issue was a vulnerability you may have heard of was with the Windows 10 Print Spooler. Many IT organisations turned off the print spooler, and users found this out when they went to print. Imagine not being able to print that report you were about to give to the CIO.
Blue Screen Crashes. How often do you immediately log an issue with IT when you get a blue screen crash? Typically, it would take three to five times before you say enough is enough. But if this happens automatically and, behind the scenes, the automation creates an IT Issue, they will be aware the first time.
Application Crashes. Again, how quickly do you really get around to telling IT that the Application crashes? Often this one goes undetected until you are discussing this over the watercooler.

Now I have only listed four scenarios, and I am sure that you can list many more. There are so many trivial untold stories that often never get to IT. Imagine knowing about these issues before the employee raises it, and even better resolving it proactively. Ivanti Neurons for Healing comes with many predefined checks like the ones described above and also enables you to build your own.

A 360-degree view

Automation and Self-Healing are two key aspects of driving a better employee experience and another area to consider is having a 360-degree view of the employee. All Service Management platforms have data about an employee. They can tell you their name, email, phone, manager, location, building, the incidents and requests they have initiated, and even the assets they own. While this data is useful, it is static or historical data. How much better would it be if we could get a real time view about the user, the devices, and what is happening at that time: incidents logged, performance of the laptop, and other information.

Ivanti Neurons Workspace enables you to view user device data as well as detailed information like performance, recent incidents logs, software, patches etc. This information gives an IT analyst in-depth and powerful real time information which they can use to quickly identify and remediate.

New Employee Experience

Finally, what if we could understand the real employee experience? In nearly all service management platforms, this is achieved via sending surveys in response to issues or requests. These are great as point-in-time views, but do not give a true holistic view of a user’s experience. As we discussed earlier, my friend was not happy with IT due to the issues he was having with his computer. If we could bring together all that information into one place and, using analytics, give a score across areas of an employee, then we could have an employee index that gives us the ultimate view of the employee.

At Ivanti we are putting the employee first, and through improving employee experience, we can empower everyone in the Everywhere Workplace. Ivanti Neurons for ITSM together with Neurons hyperautomation (Healing and Workspace) combine to enable proactive service models that makes for a better employee experience. Are you interested in learning more about how Ivanti can help you put your employees first? Reach out to us and we’ll be glad to help.