Patch Management: Why You Should Care?

Scott Calonico

The concept of patch management is really rather simple;

 

working to ensure that all the operating systems and software in use across an infrastructure are kept fully updated and, as a result, are as secure and bug-free as possible.

Unfortunately, for many IT professionals and MSPs, patch management begins and ends with installing Windows Software Update Services (and then largely forgetting about it). Not only does this leave systems vulnerable, it also ignores a big opportunity to deliver an additional service to clients and make extra revenue.

Anyone who follows the computer press will know that some of the more high-profile vulnerabilities in recent years have been related to third-party software such as Flash or Adobe Reader, and nothing to do with Windows at all. Organizations who fail to take patch-management seriously often rely on users to update these programs when they are prompted. Many users, who don’t understand the implications, will simply ignore these prompts – month after month.

Patch Management Software

Fortunately for MSPs, there are patch management software solutions available that make it easy to manage the patching process across disparate hardware and software.

These solutions are usually inexpensive, and as well as making patch management more straightforward across a whole infrastructure, they provide MSPs with the potential to profit from a bolt-on patch management service to add to their MSP offering.

Good patch management software provides network administrators with the ability to scan the entire patch management picturenetwork for missing patches. It is important to choose a solution that considers popular third party software packages as well as the Microsoft stalwarts.

Testing Patches

Although ignoring patches or deploying them too slowly can introduce vulnerabilities that all IT departments wish to avoid, it is not unheard of for the installation of a patch to cause unpredictable knock-on effects and operational problems.

For this reason, it is always considered best practice to install new patches on a test infrastructure before deployment into the production environment. MSPs implementing a patch-management system should always make sure their strategy allows for this kind of pre-deployment testing.

Selling Patch Management

Although patch management is a somewhat dry and unexciting topic, it needn’t be a particularly hard sell to customers. After all, the impact of failing to patch systems reliably can range from security breaches to system downtime.

As part of a standard MSP offering, or as a bolt-on service, it should be fairly easy to explain patch management’s importance to clients, and with the use of a good patch management solution, it should be straightforward to deliver as well. Any MSPs who don’t currently offer it as part of their catalog of services are missing a serious opportunity.