Selling the importance of a Patch Management service

Ben Taylor

Let’s not try to pretend that patch management is an exciting subject. It’s not. But nor is it something that any IT professional can afford to ignore.

Convincing clients of its importance can, however, be tricky. Non-technical people have no interest whatsoever in a newly discovered “buffer overrun vulnerability.” To them, this just sounds like technical mumbo-jumbo. While users may sometimes notice updates being installed, they are unlikely to have any idea what they are and how important they can be.

patch-managementSo, how do you make clients take an interest and convince them that investing money (ideally with your company) is a sound and necessary business decision?

The key is to make customers understand the possible implications of failing to stay on top of the myriad patches and updates that must be installed to keep their systems secure and stable. It’s best to explain these issues in business terms, rather than blinding them with science.

Consider making use of the following points:

With an abundance of good quality patch management solutions available, (like GFI MAX RemoteManagement) it should be easy to offer a patching service to your customers as a low-cost, bolt-on option. The points above should help you sell it to your clients – even if it’s not the most exciting proposition in the world.

Do you have any additional tips for selling patch management as service? Share them in a comment below!

    1. Patches and updates are always released for a reason, and failing to install them can mean that systems are wide open to hacking attempts and privacy risks.
    2. The consequences of falling victim to an unpatched vulnerability could involve anything from loss of crucial data to an embarrassing security breach.
    3. Patch management doesn’t end with making sure basic operating system updates are installed. To be effective, patch management also needs to cover everything from updates to Web plugins such as Flash used on user’s PCs, to the content management platforms driving company websites.
    4. Just because failing to stay abreast of updates hasn’t caused a disruptive system problem in the past, it doesn’t mean it won’t in the future.
    5. Manual patching is repetitive and time consuming for the IT department. Investing in a managed solution may result in fewer billed hours and a smaller overall IT support bill.
    6. Patching too soon can have an equally detrimental effect as patching too late. If a new patch causes compatibility issues and is rolled out across the network without proper testing, the outcome could be system downtime that leads to lost business revenue. This highlights the importance of dealing with patching in an organised fashion by making use of a test environment to confirm compatibility.
    7. Servers need patching as frequently, if not more often than PCs. To avoid disruption to the business this means updating them outside of working hours. Without a patch management system that helps the IT department to update servers from a distance, or in an unattended way, the likely outcome will be bills for out-of-hours IT work.