Innovation in DevSecOps must keep pace with the speed of the dynamic, volatile modern cybersecurity environment. Yesterday’s solution worked beautifully…yesterday. What has it done for me today?

Continual iteration and speed are paramount, but they’re not without risks.

As a SaaS provider, how do you know that the latest evolution of your product works at scale? How do you know that it works at all?

How do you know that it’s intuitive, accessible, effective, user-friendly and everything else that’s (rightfully) the cost of entry in the SaaS landscape?

The answer: You don’t… unless you acquire one more essential customer – your own company.

It’s called a Customer Zero program, and we’ve gone all in on it at Ivanti.

We are our own first customer. We encourage adoption, real-world usage and feedback to see how our products and updates work before we finalize DevSecOps and deploy those products to our full external customer base.

What is a Customer Zero program?

As much as we’d like to take credit for this idea, we’re standing on the shoulders of giants here.

Early on, Apple famously set a goal to stop buying typewriters and remove existing typewriters from Apple offices. Why? They wanted to use their own products and experience what they were asking their customers to experience.

A notorious memo at Microsoft went to a manager imploring him to “Eat his own dog food” – meaning that he should increase internal usage of the company’s product, Windows NT.

The takeaway from that arresting headline: if it’s not good enough for you to eat, why would you feed it to your dog?

In the same vein, if a product isn’t good enough for your company to use, why would you deploy it for your customers?

That’s what a Customer Zero program does: It forces a company to use its own products and services in such a way that they become driven to iterate, improve and prove its utility before releasing it to the general public.

In effect, you become the customer-before-the-first-customer – Customer Zero.

Customer Zero programs are the ultimate case study

Customer Zero can support DevSecOps in a wide range of environments, but we’re fortunate to have had a particularly useful scenario right here at Ivanti.

We grew exponentially in a very short time, thanks to several strategic acquisitions. After the mergers, we skyrocketed to 3,200 employees, a billion dollars of revenue and a customer base that includes 96 of the fortune 100.

That rapid scaling – plus the mixing of different security protocols and structures – offered a phenomenal testing ground for products designed to lead the industry through an unpredictable time. It’s one thing to kick the proverbial tires first; it’s another to put solutions to work in the real world amid constant change.

A diagram of the Customer Zero process at Ivanti, highlighting how we use our Neurons platform internally for asset management, DevSecOps and more.

Ivanti’s Customer Zero during the COVID-19 pandemic

During the peak of the COVID-19 pandemic, for example, we remotely managed and provisioned around 3,000 devices globally while deprovisioning approximately 2,000 devices globally.

Today, we generate over 22,000 tickets in our Neurons for ITSM platform internally, with automatic resolution and self-help functionality giving back a ton of our internal IT support team’s time and bandwidth for critical matters.

Ultimately, our team used our own Ivanti tools for patching, upgrades and remote support – without requiring any major increases in our team headcount.

That’s an important advantage given the worldwide shortage of IT staff, and we’re proud to pass that advantage on to our customers.

Ivanti’s Customer Zero as part of internal DevSecOps processes

In Ivanti’s own DevSecOps program, we deploy our Neurons for Risk-based Vulnerability Management (RBVM) software as part of our internal CI / CD process.

Within that CI process, we scan our code for vulnerabilities. Those scan results are ingested right into the Neurons platform, where our software can aggregate that information, evaluate it and prioritize the critical security issues that we have in developing our code.

Neurons for RBVM generates a ticket in our central Neurons for ITSM platform, which then tracks remediation of that vulnerability. Full remediation of any vulnerabilities triggers the deployment of our code securely into production environment.

This is a major step in securing our customer-facing environments, so they are not exposed to security vulnerabilities that may have been injected during the regular development process.

Serving as Customer Zero for either our asset management or DevSecOps programs aren’t a chance to pat ourselves on the back, however.

We expect – and get – unfiltered, candid feedback about issues, functionality, user experience and more. We take that feedback seriously and make changes accordingly.

Our current teams represent a fantastic mix of talent and perspective from our various acquisitions, and that enables diverse and knowledgeable insights that we can act on quickly.

Ivanti's Customer Zero goals

Our high-level goals for this program are to drive:

  • Product transformation
    • Like a lot of our customers, Ivanti has a portfolio of on-premises products that are moving to the cloud. By serving as Customer Zero and using all SaaS products, we can get rapid feedback on the migration experience and any issues that arise with gaps between on-premises and SaaS.
  • Product integration
    • Our customers want to be able to acquire products with different technology stacks and have those products work together seamlessly. To take full advantage of Ivanti’s integrated solutions, Customer Zero evaluates the usage of our products through a single pane of glass or via APIs. Our teams test these integrations to check for consistency and user experience.
  • Product confidence
    • Customer Zero is integral to building product confidence, both internally and externally. It’s important that our sales teams and our customers can point to real-world evidence that our products perform as advertised.

Customer Zero means we can innovate quickly and confidently, even in uncertain territory.

With Customer Zero, we can future-proof our technology by implementing Ivanti products that leverage key elements in rapidly evolving areas, including:

  1. Artificial intelligence (AI)
  2. Hyperautomation
  3. Edge computing
  4. Cybersecurity
  5. Machine learning (ML)
  6. DevSecOps 

The Customer Zero experience at Ivanti in 2022 – and beyond

By serving as our own testing ground, we get to operate at the leading edge of innovation and experience it ourselves. Thus far, that experience has been thrilling.

For both ourselves and our customers, we’ve made it possible to manage complex IT data from a single source of truth. We can discover, manage, secure and service assets, while supporting the remediation of critical vulnerabilities.

Through our own platforms and products, we can leverage that single source of truth to inform our AI and ML functions to accelerate automation and remediation.

I have been working in this space for some time, and having these functions all working together is the holy grail for IT. It’s exciting for our teams at Ivanti to be the first to try it. It’s even more exciting to share it with our customers.

The bottom line: Customer Zero is about using what you have. Innovate internally to find out what works and what doesn’t. Iterate. Get it right.

Successful companies commit and go all in with their customer, and that means walking the walk with them.

It comes back to the dog food. Why would we send our customers something we wouldn’t use – and thrive with – ourselves?

If you’d like to see what we’ve been “eating” – from our own ITSM systems to DevSecOps processes and beyond – then check out our Ivanti Neurons solutions to see if it’s something your organization might want to consider. It contains all the insights and learnings we’ve gleaned from our own company, straight to you.