Government Agency automates IT Delivery to meet Software Compliance with Axios assyst ITSM & ITOM Solution
by Markos Symeonides, on 01-Feb-2021 14:14:39
Worried about regulatory, security and license compliance? Modern ITSM automation enables a state of "continuous compliance"—giving you peace of mind (and more time to create new innovations).
- Large government agency
- 10,000 staff
- 10,000+ IT Assets
- 600 ITSM/ITOM toolset requirements
- Many hundreds of monthly software requests
A large government agency was under pressure to get their desktop systems in line with a complex set of regulatory, security and software license policies. They needed to regain control over the chaos. It's one of the most common problems we see: without proper visibility and control over the technology they have, organizations don't know what they've got, what's installed on it, who is using it, and why. Without accurate visibility, it's impossible to stay compliant with security policies, regulation, and software licensing. The risks can really add up.
They needed to get compliant quickly—and stay compliant on an ongoing basis—without the manual audits and fixes that can consume an organization's IT resources. This is made possible by what we call "continuous compliance"—meaning pro-active compliance by design versus compliance as a reactive response to a time-consuming audit.
assyst gives our customers a real-time view of their Effective License Position (ELP)
Making Desktops Compliant
They needed to "refresh" thousands of desktop workstations to ensure all installed apps and configurations were compliant—and it had to be done quickly and without disruption to ensure continuity of government services. Manual, onsite checking and compliance remediation wasn't an option (estimated at 12+ months).
One of the challenges was that a blanket desktop refresh wasn't feasible. Different departments needed a different set of apps and configurations. They needed to establish compliance in a phased manner—department by department—so that everybody got what they needed.
To solve this problem, they needed a centralized control mechanism by which they could gain and maintain compliance quickly, easily and inexpensively.
They needed intelligent automation with the power to remotely audit and control workstations efficiently.
Achieving Continuous Compliance
In many organizations, compliance is fleeting. They set policies and then run a periodic cycle of compliance auditing—manually checking if everything is as it should be and then working to correct a mountain of discrepancies. The problem with this approach is that an audit is out of date almost as soon as it is completed, so there will always be unknown non-compliance issues that can't be seen.
To achieve continuous compliance you need three "pillars" to be in place:
- Central Visibility - A compliance-oriented view of your infrastructure that tells you whether you are compliant with your regulatory, security and software license "rules" as well as giving you visibility of precisely where you are or are not compliant—so that management can get an Effective License Position (ELP) view and IT teams can drill down into the data to focus in on specific issues.
- Central Control - The ability to quickly and efficiently act—remotely—to resolve non-compliance issues without having to send somebody out to fix it. In the digital age, site visits should only be necessary when physical hardware faults happen.
- Automation: Continuous automated patrolling of the infrastructure to find and flag non-compliance discrepancies in real time (or as close to real time as practical). When discrepancies are flagged, they must be logged as non-compliance cases and handled either by an automated resolution process or human intervention (automatically routed to the relevant IT Security, Software Asset Management, or Regulatory Compliance teams). In most cases, automation can detect and resolve a compliance issue in seconds without human intervention. For example, if an end user installs a black-listed application, assyst can immediately identify and remove the app from that device to bring it back into compliance.
Central visibility and control of compliance and the automations you have in place to maintain compliance is the key. If you don't have the data and the ability to act on that data in one place, it will be very difficult to maintain a state of continuous compliance. Without supporting technology to simplify compliance, organizations fall back into a periodic audit-and-fix cycle—with risks quickly reappearing between audits.
Balancing Compliance and Flexibility
Compliance can often conflict with flexibility. Our customer understood that staff needed flexibility in terms of methods and apps to enable different departments and provide the best possible service to customers. The challenge was to offer this flexibility in the context of a highly regulated environment.
Historically, desktops had been locked down to ensure compliance—and that wasn't going to change. End users couldn't install their own apps, so requests were routed to the desktop support team. With 10,000 employees, the IT team was receiving 500-1000 requests for application installs every month—putting an immense strain on resources and making it difficult to complete new IT projects while so many technical staff were tied up with routine work.
The process was manual and painful. And because the IT team didn't have full visibility of how many of the licenses they owned were already in use, they were over-buying licenses to ensure they weren't going over quota (risking six or even seven figure fines from software vendors).
To provide more efficient flexibility, the IT team needed an ITSM solution that would allow end users to select and install apps from a "safe" list—without manual intervention from the desktop support team. They also needed their new ITSM platform to have visibility of their Effective License Position (ELP) so that the system could automatically check that legitimate licenses were available before proceeding to a "hands-free" remote deployment on the end user's workstation. In other words, fully automated software request management—with compliance built in to the process.
The assyst service catalog was implemented as a software shop, offering end users easy access to a set of licensed, free, and open source software tools (like Acrobat Reader, Web Browsers, Productivity Apps and functional Line of Business LOB Apps).
When activated, a back-end service automation process remotely installs the chosen software on the end user's workstation with zero intervention from IT. Now, IT customers don't have to wait for a desktop engineer to visit; installation happens instantly so they can immediately get on with what they need to do.
From the end user perspective, desktop workstations remain locked down locally—they cannot directly install any new software. Through the Service Catalog Software Shop, flexibility is permitted without compromising compliance. End users are empowered with access to a broad spectrum of apps and tools. And the desktop team and compliance teams are empowered with control over which groups can install and use which applications. Meanwhile, IT Asset Management have full visibility over which apps are installed where, and how many licenses are in use—taking the stress out of managing license compliance and responding to vendor audits. Continuous compliance means continuous readiness for an audit—with the response time shrunk from days to minutes.
Automated Desktop Compliance and Onboarding
assyst enabled the customer to manage logical segments of their network (in this case, departments). For each department, a standard workstation image was created and deployed from a central location—eliminating the need for expensive desk-side visits. Working systematically, the client refreshed all of the organization's desktops— with installs and configurations applied overnight to avoid disruption to end user productivity.
Now, automated compliance auditing means that any workstation plugged into any part of the network is regularly checked and brought into line with policy rules for that department—guaranteeing compliance on an ongoing basis (continuous compliance).
If a new workstation with a blank drive is plugged into the network, it is automatically discovered, checked, and installed with the correct set of apps and configurations for that department—reducing the time it takes IT to onboard a new member of staff by around 90%. To prepare for a new member of staff, a blank workstation is simply plugged into the network on the day before their arrival and is set up overnight by an automated process—ready for the user the next morning. New staff get the setup they need, every time, with just a few minutes of effort from the support team.
There are so many automatable tasks that IT people simply shouldn't be doing anymore. While IT teams are still wasting time working through queues of automatable work, opportunities for business innovation are being missed because people are working on the wrong things. Organizations need to move fast to compete and win...which means IT needs to move fast because technology is driving everything new.
But, many organizations using legacy ITSM platforms haven't seen what's possible with modern automation, so they're being held back by routine work which ought to be looked after by their ITSM platform. Organizations need to think: What are we doing that can be automated now? And what is the cost of NOT doing so?
Markos Symeonides, Regional CEO, Axios Systems
|All workstations brought into a compliant state|
|Real-time visibility of Effective License Position in a clear dashboard format|
|End users get access to a "Software Shop"; a choice of safe applications to help them get the job done|
|Automated, remote deployment of apps to workstations mean costs are reduced to near-zero|
|IT teams have more time to work on new IT projects, accelerating innovation|
|End users are happier and more productive|
|Automated detect-and-resolve technology ensure continuous compliance|
Contact us for a no-obligation chat with a consultant
Sign-up for blog notifications to make sure you don't miss out