Any system admin worth their salt knows that the time-consuming process of installing new software is only the tip of the iceberg. The real drain on your IT resources comes from managing and administering that software.
Why? Because effective patch management is an essential component for the maintenance of a safer network. Unpatched software and operating systems can have vulnerabilities which in turn can be exploited during a malicious attack on your system.
2012 saw a total 4,347 new security vulnerabilities reported, that’s around 12 every day that system admins need to be aware of and repair across an entire network. And with more and more employees bringing their own devices to plug in to business networks, the risk is even greater.
So, if patch management is essential, how can you handle it more efficiently?
The Evils of Automated Software Patching
Yes, it is true that almost every application now comes with automated patch management. However, relying on this method to keep your software updated could leave you exposed. Automated services require a user to be connected to the Internet and to accept the installation of the update, rather than skipping it.
Can the onus be put onto users to take care of their own machines?
A Skype survey of US, UK and German consumers showed that 40% of respondents don’t update their machines when prompted. Almost 25% required a second prompt. Around 45% were actually worried that installing the update would weaken their computer’s security.
To counter this system admins must check each machine individually to ensure they are all patched and running the latest software versions. That is a hugely resource-intensive for small IT departments and virtually impossible for a single person to accomplish.
On occasion, some patches may cause instability in a machine. The Microsoft MS10-015 patch for Windows XP that was released in February 2010 is one great example. It caused systems to crash and the patch was suspended. Just last month, the MS-13-061/KB2876216 update caused corruption of the Exchange index database, and the KB 2843638, 2843639 and 2868846 caused the Active Federation Services (ADFS) to stop working. Workarounds and additional install instructions were issued for the problematic patches – but how many users know how to roll back patches? And how many will even realize they installed a patch in the first place?
That adds up to even more work for already busy IT managers.
Cloud-Based Patch Management
Using a cloud-based patch management system offers you a wide range of advantages. Firstly, it provides you with a single, central point of control. There is no more hunting around machines to see which one is patched and which one is not. You get a single interface that collects and collates that information for you.
You can patch machines from the console, which removes the need for users to make decisions. That enables you to patch machines faster and ensure that vulnerabilities are kept to a minimum.
Even better, cloud solutions are scalable so they can grow with your needs. Perhaps most importantly, they are also cost effective and won’t require you to upgrade your machines to run. You can deploy the solution within minutes and quickly get clear insight in to the status of your network.