Did you know that according to a Security Signals report for March 2021, more than 80% of enterprises said they have experienced at least one firmware attack in the past two years, but only 29% of security budgets are allocated to protect firmware? Outdated hardware is increasingly becoming a high-profile security vulnerability.
As if that wasn't enough cause to finally invest in strategically planned, ongoing Evergreen hardware refresh management, a 2019 Currys PC World study revealed that UK employees are wasting a whopping 46 minutes a day (or almost 4 hours a week) and losing productivity due to poor performance caused by their outdated hardware.
Although there is a huge shift towards virtual desktop infrastructure, physical machines are still a large part of the enterprise estate and many organizations still take a big bang approach to their hardware refresh cycles rather than manage them within much smaller batches in a smoother rollout delivery. This isn't because of a lack of trying — but rather because there are very common pitfalls that hold organizations back from either making the plunge or managing continuous refresh cycles successfully. Today, I want to explore the five biggest pitfalls.
When you have to supply a device for thousands of employees, economy of scale matters greatly. Many large organizations will buy tens of thousands of machines at a clip, store them in a warehouse, and roll them out as fast as they can. But this often means that a large number of devices could spend a decent portion of their life sitting boxed in a warehouse. In addition, you have to consider the depreciation cost of holding devices that are not being used on day one.
While many organizations, theoretically, are heading in the direction of smoothing out the management cycles, these circumstances force them to keep sweating the assets without any adequate strategy regarding how and when they will upgrade them. With no Evergreen hardware refresh strategy in place whatsoever, it is unclear for the organization how and where they should start.
How to solve it: First and foremost, it is important to properly understand what the difference is between stock management and just-in-time management. Secondly, know that you don't have to start with your entire estate overnight. Select a portion of your estate that needs to be updated next and start managing these devices within their lifecycle in an Evergreen fashion. Bit by bit, integrate the rest of your estate, using tooling to smooth the deployment planning over a number of months and years.
Managing continuous hardware refresh projects involves a lot of components that need to work together harmoniously. For example, you need to consider which model types you will support, what it is you are replacing (laptops vs desktops vs thin clients), what your vendor logistics onsite/offsite will look like, and how you will manage your VIP users (high engineering touch).
You also need to think through how you will manage the actual physical migration as well as the end-user communication, where you will get the funding from, and how the business units will be participating. You will also want to try to take advantage of programs like Microsoft Autopilot and determine what impact this would have on your desktop management infrastructure (e.g., Microsoft Endpoint Manager vs. Intune).
How to solve it: It is crucial to understand that updating devices isn't a set of randomly occurring ad-hoc events. Instead, all these processes need to be part of a well-organized and strategically planned-out device lifecycle management. Start by interviewing all parties involved in the end to end replacement process. Then carefully map out your current hardware management workflow and look for ways to optimize it before automating it.
Trying to manage a large enterprise estate of devices that could include tens or even hundreds of thousands of devices is difficult enough, but often IT teams have to do so completely blind. More often than not, we don't have enough information on an asset we want to migrate. We don't have local data on the machine, and the data and applications management mapping is usually not precise enough.
Oftentimes, when the user receives their new device after the migration, not everything is exactly where they expect it to be, or they don't have what they previously had (e.g., an application isn't installed). Consequently, this causes a lot of frustration and support calls. This lack of continuity and the resulting frustration results in business units managing their own devices as a rogue Shadow IT organization, leading to application sprawl and security vulnerabilities.
How to solve it: Having detailed insights on your devices as well as an aggregated "30,000 foot view" of your estate allows you to filter and slice and dice information as needed, which is essential for tight management of your devices and the applications that reside on them. Without having all this information at your fingertips, it is not only difficult but nearly impossible to manage any continuous hardware refresh.
In the past, we often managed a device's lifecycle by simply maintaining break-fix instances. But the old "Don't fix it if it ain't broke" mantra leads to the improper decommissioning of devices, outdated hardware, poorly performing assets, and an inventory system that is more often outdated than accurate. As an example, without a lifecycle management system in place to ensure that when a user leaves, their device is decommissioned or a red flag is raised to alert the staff to instigate a recovery process, the inventory will soon become dirty. The lack of up-to-date information on the assets can create quite a headache for resources attempting to replace devices that nobody can find!
How to solve this: Without proper lifecycle management tooling, you cannot manage your inventory correctly, and therefore you will have to keep sweating devices and maintaining break-fix instances. You have to know where you stand now (current state), be able to define where you want to be (target state), and determine the optimal path to move from the current to the target state as efficiently as possible. To do that, you must properly manage the lifecycle of your devices.
The recent announcement regarding Windows 11 and CloudPC reminded us that your hardware matters, especially given the updated hardware requirements (e.g, TPM 2.0) for the new operating system. It affects what you can and cannot do with the rest of your estate. You not only have to manage your next two or three refresh cycles, but also must keep your long-term strategy in mind. For example, the COVID pandemic shifted a large portion of global white-collar workers to a much more flexible Work-From-Anywhere situation. In addition, Bring-Your-Own-Device is still and will continue to be a topic even in enterprises. And finally, you will have to consider how you can take advantage of new technology like CloudPC and such.
How to solve it: In addition to tightly executing your devices' lifecycle management, you will also want to perform regular suitability analysis of your hardware and software estate and then match your findings with your technology user persona profile to determine which employees need which type of hardware.
When working blind and constantly putting out fires, Evergreen Hardware Refresh Management can seem overwhelming as it involves many moving parts and processes that need to be carefully managed. However, with some strategic planning and the right tooling — which provides you with central command and control, integration with procurement systems and processes, offers self-service and automated end-user communication, and gives you exact insights for your current assets, your capacities, and much more — it is very easy to see why continuously refreshing your hardware estate in an iterative, smooth process is the right (and only) way forward.