5 Steps To Alleviate Endpoint Management Tool Sprawl

Dive inside this article to learn why organizations are consolidating endpoint management tools. Plus, find a 5-step process that outlines business needs and how to consider a more comprehensive endpoint management tool.

Table of contents

The need for tool consolidation
A case study of tool consolidation
A 5-Step approach for tool consolidation
Creating a business case for change
5 Steps to Reduce Endpoint Management Tool
Summary

Cost-saving initiatives are more important than ever as global crises force employees to work at home amid falling revenues and impacts to business continuity. As fiscal scrutiny increases, companies are recognizing the high operational and financial costs of having too many tools, often with redundant functionalities that create unnecessary, time-consuming, manual data correlation and reporting requirements. CIOs and CFOs are expected to do more with less and are highly motivated to create lean organizations using fewer and more integrated endpoint management tools. Ideally, each endpoint tool should serve multiple stakeholders, promote collaboration and productivity between teams, and minimize manual data consolidation to produce operational reports. An effective endpoint management tool strategy can significantly reduce costs while building efficiencies through improved staff productivity and streamlined operations.

This article:

• Briefly explains the reasons why organizations consolidate endpoint management tools.
• Provides a brief case study about how a large IT organization consolidated six tools to one (6:1)
• Outlines a 5-step process for understanding business needs and what to consider for a comprehensive endpoint management tool like BigFix
• Describes how to quantify consolidation benefits that form the foundation of a business case or cost-benefit analysis

The need for tool consolidation

The need for tool consolidation is fairly obvious. After speaking with multiple large organizations, we found that there are five key reasons why companies are aggressively considering tool consolidation: spiralling software and labour costs, IT infrastructure complexity, limited visibility and reporting, inefficient IT processes and gaps in coverage. Each of these is briefly explained, followed by how BigFix can address these areas of concern.

Excess Software License Costs

Annual software spends a rising line item for most IT organizations. By consolidating tools, high costs savings can be achieved by eliminating additional software licenses, annual maintenance and support costs, and any software assurance costs to ensure upgradability.

BigFix can help organizations reduce the bottom line costs of endpoint management through consolidating multiple and often redundant tools. Reducing software spend is a top reason CIOs consider tool consolidation.

Increasing IT staffing

Multiple tools create management silos, segmented by OS, application and/or location. With each autonomous tool, the number of IT staff also grows with training costs. Labour cost is the single biggest line item in the IT organization’s budget. Therefore, improving operating efficiency and reducing redundant processes can drive a 35-70% reduction of effort and management overhead, depending upon the functional area.

By leveraging a single platform for managing all endpoints running Windows, Linux, UNIX and macOS with BigFix, organizations can consolidate IT operations and engineering staff, freeing some staff to work on other projects. It also offers granular, role-based controls allowing IT organizations to delegate management actions to end-user groups, further reducing the burden on the IT managing endpoints.

IT infrastructure complexity

Each autonomous tool typically requires 2-3 management servers in addition to many, often dedicated, distribution points. The fully burdened average cost of a server is not insignificant. If six different management tools are in use, there may be 12 servers or more, and possibly hundreds of relays. Each tool also requires another agent to be installed on each endpoint, often necessitating additional RAM to reduce performance degradation. On servers, additional open ports may also be required, creating new avenues of attack. By consolidating tools, an organization can significantly reduce infrastructure costs, bandwidth usage, security risk, fragile interfaces such as WMI, and management complexity.

The BigFix Platform, in contrast, uses a common infrastructure with a single agent and management server that is easy to deploy and manage. A single management server can manage up to 250,000 physical and virtual computers, over private or public networks. A single, intelligent agent – across all platforms – supports any or all of the core BigFix modules, and often uses less than 2% of the CPU. As a result, IT staff can deploy patches and software during normal work hours without impacting system performance or end-user productivity. Additionally, BigFix requires only one port eliminating the need for multiple open ports in an organization’s firewall, which reduces security risk. BigFix is also easy to deploy. Oftentimes BigFix can be deployed in a day or two versus several weeks or months required by other tools. And adding additional functionality with BigFix is as simple as changing a license key. Additionally, most BigFix relays are nondedicated reducing the need for dedicated relays, even over slow network connections.

Limited visibility and reporting

Since most management tools only manage a subset of an organization’s endpoints, IT lacks a consolidated view of the endpoint landscape. As a result, IT organizations struggle to provide timely, consolidated reports to stakeholders. Without a consolidated view, organizations expend many hours exporting data from various systems, importing and consolidating data into a spreadsheet, reconciling and normalizing data, and then customizing reports. Alternatively, some organizations have built their own data repository to integrate data and write custom code to extract, transform, and load the repository –which is also costly to maintain.

With BigFix, staff can report on all endpoints – regardless of OS, connection, status or location – without the time-consuming data consolidation tasks. How many systems does your organization rely on to determine the status of a patch to Java, for example? Clearly, one is better than six. And new with BigFix 10, BigFix Insights delivers a single data repository that enables the use of standard BI tools (e.g. Tableau®) for data mining, sophisticated, advanced reporting, and integration with other tools (e.g. ServiceNow®) for deeper insights.

Inefficient processes and gaps in coverage

Disparate tools and processes create islands of management and gaps in endpoint overage. Additionally, even if OS systems are covered, organizations often use other solutions to patch 3rd party software such as Firefox® or Adobe® software. Islands of management, by definition, prevent any management action across all endpoints simultaneously. Disparate tools also create gaps in endpoint coverage. For example, an organization may use one tool for identifying and remediating configuration drifts on Windows servers and another tool (or even a manual process) for doing the same on Linux and UNIX servers. Moreover, using different tools, IT Ops and Security Ops have a greater challenge identifying and remediating security vulnerabilities across the endpoint landscape.

By leveraging BigFix, organizations can improve staff productivity, streamline processes and eliminate gaps in coverage. Additionally, IT and Security Ops can leverage BigFIx to enable effective collaboration, enhancing the organization’s ability to deploy critical patches and remediate vulnerabilities.

A case study of tool consolidation

Many organizations, especially larger ones, suffer from an excess of endpoint management tools. HCL’s IT organization, Global Information Technology (GIT), was no exception. HCL GIT manages more than 97,000 servers and workstations for all groups within HCL Technologies. Like many other IT organizations, GIT was challenged by the need to coordinate between all groups with responsibility for endpoint management and security, multiple tools and management silos, longer-than-desired patch cycles, and lack of visibility and control of roaming endpoints.

BigFix provided HCL GIT with a comprehensive endpoint management solution and successfully eliminated Microsoft SCCM®, Flexera Secunia®, Flexera Admin Studio®, RedHat Satellite®, Symantec Wise® and JAMF®. By consolidating tools, GIT reduced overall software spend, reduced IT complexity, simplified staff schedules and training requirements, and shortened their patch cycle while streamlining endpoint management operations. GIT also eliminated the time-consuming effort required to negotiate patch windows by leveraging BigFix’s role-based access and control. Now, GIT can test and approve patches and allow end-user groups to install patches at their convenience within a given timeframe. HCL GIT is integrating BigFix with their service ticketing solution to improve operational efficiencies further. GIT is a shining example of how to reduce IT costs by leveraging the power of BigFix.

A 5-Step approach for tool consolidation

The following section describes five steps that IT organizations can use to determine if endpoint management tool consolidation is needed within their environments.

Step 1: Define the scope

Consider the endpoints you need to manage. Key questions to consider include:

• How many on-premise and roaming endpoints – workstations and servers – are in use and running how many operating systems?
• Are IT staff located in one location or worldwide?
• Who needs to help negotiate and set maintenance windows, patch frequency and testing?
• Which stakeholders need reports showing endpoint patch compliance? Which reports are necessary?
• What are core endpoint management capabilities required? Patch management, compliance and configuration management, software distribution, OS deployment and migration, remote desktop control, inventory management, advanced reporting?
• What are your standard service level agreements between IT and Security? To the business? Are you meeting those requirements?

Step 2: Perform a current inventory

Understand what’s already in place. Key questions to consider include:

• Which groups or teams manage endpoints? Which core management functions (e.g. software distribution, patch management, and OS deployment) does each group need?
• Which tools are in place today, and which endpoints are managed/not managed? How do you know?
• What is working, and what is not?
• Which integrations were built to bridge deficiencies in current tools or to share data between tools?
• How many dedicated servers does each tool require for new licenses, subscriptions, maintenance and support?
• Which tools are not being used for Patch Management? Or for Compliance and Configuration Management, Software Distribution, OS Deployment and Migration, Remote Desktop Control, Inventory Management, License Compliance, or Advanced Reporting?

Step 3: Document functional requirements

With a defined scope and a tool inventory, document specific, functional requirements.

• What core endpoint management functions or capabilities are required?
• What functionality is missing but required?
• How long can you wait to get to 98% patch success?
• Do you need to remediate a zero-day vulnerability in 24 hours or less?
• What information is required by leaders and other stakeholders? How quickly?
• Do you need near-real-time patch or deployment status?

BigFix provided HCL GIT with a comprehensive endpoint management solution and successfully eliminated Microsoft SCCM®, Flexera Secunia®, Flexera Admin Studio®, RedHat Satellite®, Symantec Wise® and JAMF®. By consolidating tools, GIT reduced overall software spend, reduced IT complexity, simplified staff schedules and training requirements, and shortened their patch cycle while streamlining endpoint management operations. GIT also eliminated the time-consuming effort required to negotiate patch windows by leveraging BigFix’s role-based access and control. Now, GIT can test and approve patches and allow end-user groups to install patches at their convenience within a given timeframe. HCL GIT is integrating BigFix with their service ticketing solution to improve operational efficiencies further. GIT is a shining example of how to reduce IT costs by leveraging the power of BigFix.

Step 4: Survey the market

Understand the vendors and offerings available in the market. Key questions to consider about the solution and vendor include:

• How long does it take to deploy? Is the solution easy to use and customize?
• Is the solution offered in modular components that enable phased implementation?
• Is the solution easily scalable to meet future growth without adding more infrastructure components?
• Can the solution be leveraged by both IT and security operations?
• How large is the install base? Does the product have a thriving community of user groups?
• Which capabilities, features and functions are provided “out of the box”? What will additional add-ons, integrations, or custom code be required to satisfy all functional requirements?
• Are all of the operating systems in your enterprise covered?
• Does the vendor provide flexible and competitive pricing?
• Does the vendor have 24×7 global support? Is the solution enabled for multiple languages?

Most importantly, consider HCL and evaluate BigFix. BigFix provides more out-of-the-box functionality and key functional areas than any other endpoint management tool. In fact, BigFix supports over 90 different operating systems and provides modules for lifecycle, inventory and compliance management.

Step 5: Tool selection and implementation

Select and implement the single best tool that meets requirements, simplifies the infrastructure, streamlines management processes, and lowers your total endpoint management cost. Additionally, consider the following:

• Speed time-to-value by leveraging existing change management processes and professional services
• Phase the implementation to reduce project risk
• Deploy functionality in order of highest ROI or greatest impact to encourage rapid adoption and greater confidence

Creating a business case for change

To make a compelling case for change, you need to articulate the value of consolidating tools and streamline endpoint management processes. This requires identifying and calculating tangible savings, and when possible, intangible savings.

Calculate the infrastructure cost savings. These are usually easy to identify and estimate. Tangible savings from eliminating multiple tools may be sufficient to justify an entire BigFix acquisition and implementation. The following four groups of cost savings should be considered:

5 Steps to Reduce Endpoint Management Tool

Software

For each tool, sum the total amount spent each year for new licenses, upgrades, maintenance, and support. Be sure to tally the same costs of any prerequisite software such as SQL Server.

Hardware

For each tool, sum the total number of dedicated management servers and relays. Multiply by the average, annual, fully-burdened cost of a dedicated, on-premise or cloud server, depending on your environment. According to SherWeb.com, the average server cost for an on-premises configuration costs $1,476 a month, while a cloud server with the same configuration costs $313 a month.

Engineering effort

For each tool, determine how many full-time equivalents (FTEs) are required to architect, maintain, and support the hardware and software technology. For example, if there are three engineers working halftime to keep one tool in operation 24×7, then the fully-burdened cost of 1.5 engineerings FTEs is the potential cost savings if the tool is eliminated. Since the fully-burdened cost of a software engineer in the USA with domain expertise is $150,000 or more2, labour savings are often significant.

Cost of integration and custom code

For each, estimate the annual hours spent by developers who write, maintain and support custom code or integrations. For example, a developer or analyst may have written code to update the enterprise CMDB if a change occurred since the last inventory scan. By using out-of-the-box functionality, organizations can eliminate the cost of updating, maintaining, and supporting custom integration code.

Calculate the value of productivity improvements and operational efficiencies. Savings estimates can be assessed by comparing current time-in-tasks using multiple tools with the anticipated time-in-tasks using a highly integrated and comprehensive solution like BigFix. Examples of productivity improvements resulting from using BigFix include:

• Reduced patch cycle time and effort
• Reduced Service Desk costs
• Reduced remediation effort of failed patches
• Eliminated OS or ISO image maintenance
• Faster OS and software upgrades
• Reduced lost productivity of end-users
• Faster identification and removal of unauthorized or risky software
• Reduced hardware and software license inventory audit time
• Decreased validation effort to determine patch status, software license inventory and security compliance

Each of the above benefits results in annual time savings, which is quantified using the same methodology as described earlier for Engineering Effort. Many organizations realize a 35-70% cost savings resulting from productivity improvements and operational efficiencies enabled through BigFix, enabling IT organizations to deploy affected staff on other, high-value projects, begin work delayed due to lack of available resources, or grow the number of endpoints without adding staff or infrastructure.

By identifying quantifiable benefits, the business value of tool consolidation and adopting a more efficient approach to endpoint management is clearly articulated. For assistance in creating a financial justification for BigFix, contact your HCL representative, HCL business partner or BigFix Specialist.

Summary

Reducing costs is always imperative in today’s IT and business environments. Falling revenues make cost savings even more critical. Many organizations struggle with too many tools, each requiring its own staff, infrastructure and processes. Endpoint management silos develop, creating even more challenges to organizations that need a single view of all endpoints, near-real-time patch status or an inventory across the entire organization. Leaner organizations with fewer tools across IT and security operations provide higher quality data and information to those responsible for securing and managing endpoints. A successful endpoint tools strategy, using the 5-steps in this article, can help deliver consistent and reliable management of all endpoints now and in the future.

Source: HCL Software