Many of the recent high-profile data breaches can be traced to hackers’ exploiting known, unpatched vulnerabilities. The simple act of keeping their systems patched would have kept these targets out of the headlines. But if you’ve been in the IT world for any length of time, you know that keeping systems patched is anything but simple, and the more systems there are, the harder it is.
Why Patching is Hard
Keeping systems patched is often left undone for many reasons. Some of the most common are:
- Patching is labor intensive: Manually updating a server or workstation is a time-consuming process that often requires multiple reboots, especially if it has been several months (or years) since that machine was last updated. Although multiple machines can be manually updated in parallel, they typically have to be done outside of business hours; for many organizations, this means you’re paying someone overtime to do routine maintenance.
- Patching is risky: Although software providers try to prevent it, some patches are buggy. Some operating system patches, which might be bug-free in and of themselves, may not “play well” with certain applications (especially custom applications) or system configurations. Either way, system crashes can result, which is bad news for your mission-critical systems. Testing patches in a test environment beforehand is a good idea, but it adds to the effort required to keep systems updated.
- Patching can be disruptive: Even when patching goes smoothly, critical business systems will be offline, often for an unpredictable amount of time. This means planning and coordination to keep the business running.
Is there a better way? Yes: Centralized patch management.
The Solution: Centralized Patch Management
Centralized patch management is a tool or service that takes much of the manual work out of routine patch updates to operating systems and applications on both servers and workstations. It is just one of the benefits of a managed IT services and/or cloud-hosted IT environment. Whether your systems are hosted in the cloud or on-premises with a managed IT services provider running the shop, or you simply deploy a centralized patch management tool for your in-house IT staff to operate, you reap multiple advantages:
- Automated patching: Most servers, workstations, and applications can be patched automatically using remote systems management tools. This reduces the labor-intensive manual patching.
- Pre-deployment validation: Especially in the case of cloud-hosted systems, patch management services can verify that patches will not cause system or application crashes by testing them on “snapshot” copies of your critical servers.
- Schedule management: Servers and workstations can be patched on a staggered schedule so they aren’t all being updated at once. Business-critical servers can be scheduled outside business hours to minimize the impact to the organization. You can also exclude servers that are considered too tricky or high-risk for automated patching (such as clustered SQL Server database servers), so that they can be patched manually.
- Monitoring: Centralized patching systems can provide instant alerts if an OS or application patch fails for some reason on a specific machine (or on many machines), or if a machine fails to reboot or respond after patch installation.
- Easy and fast rollback if problems arise: For cloud environments, even when problems do come up in the production environment, restoring service is as simple as re-deploying the previous snapshot.
- Reduced or eliminated downtime: With patch management services in the cloud, servers can be configured so that there is a backup server that can take over business-critical tasks while the primary server is being patched, resulting in little or no downtime.
Patch management services represent just one component of a comprehensive managed security services solution. Off-loading the task of keeping your IT systems up to date enables your IT staff to focus on more rewarding pursuits, such as developing and deploying innovative solutions for taking your business to the next level.