If you’ve spent more than a few years in the IT industry, you probably remember the day when patching was simply about ensuring that your OS–i.e., Windows, or whatever variation your business was using–was up to date. Today, patch management is a critical cybersecurity task–one that’s becoming increasingly complex and time consuming for most IT departments to accomplish as they look to manage patches that extend to many of today’s cloud-based apps– Adobe, Citrix, Dropbox, Google, Skype, VMware and more.
This growing complexity is reflected in the number of organisations that, simply put, are doing it wrong. According to a study conducted by the Ponemon Institute, 57% of organisations that reported a data breach also noted there was a patch available to safeguard against the vulnerability that led to the breach. In other words, more than half of those breaches could have been avoided if the latest patch had been installed.
IT departments are often overwhelmed and understaffed, which is why so many companies turn to IT service providers. However, even VARs and MSPs suffer from patch anxiety. For instance, even if patches were deployed, it can be challenging to know if the updates were implemented correctly on every device and, as a result, whether the patch will protect customers from emerging security threats.
Fortunately, there are ways to relieve this worry, with more effective automation and greater visibility. For example, some remote monitoring and management (RMM) tools allow you to apply patches to an entire network of devices simultaneously.
There are also tools like Barracuda’s Managed Workplace RMM that can make it even easier to stay on top of patch management. The solution includes a patch scanning feature that helps identify which devices need additional patches, or which patches may have been missed during the normal update process.
With this increased visibility, IT solution providers can identify and remediate security issues before a breach occurs. IT solution providers can also fully automate their patch and update management by preapproving, scheduling and deploying thousands of software versions from over a hundred software vendors through a single pane of glass.
There’s more to security than just patch management, of course. Managed Workplace also allows channel partners to assess vulnerabilities with the site security assessment, secure weak points, inspect password policies, detect anomalies, control backups, manage Office 365 accounts and recover data that may have been lost in an attack.
Patch Management Best Practices
In addition to leveraging RMM tools, it’s a good idea to develop a clear-cut patch management process with your customers, for both legacy and new applications.
Manual patch management is no longer sustainable, given the increased pace of cyberattacks. Automation is critical, but there are other best practices to follow, as well. Here are a few of the essential ones:
- Customer subscriptions and maintenance fees should be paid on time. Both SaaS and on-premises solutions often require an annual fee to ensure updates and patches are received. If clients aren’t being billed automatically for these subscriptions, encourage them to use a CRM tool to track when the next payment needs to be made.
- Take inventory of your customers’ software and hardware. This is a critical step in the patch management process. Having a clear picture will allow you to better understand what vulnerabilities may exist within your customers’ environments, and what updates to look out for.
- Test patches in a sandbox environment. Before the update, test any patches in a sandbox environment to ensure that the new update will not cause any issues with mission-critical applications. These tests can also help spot the types of bugs, such as malware or viruses, or other problems that often afflict early adopters.
- Implement a patching process that minimises business disruptions. Avoid scheduling a software patch during peak business hours, and, instead, schedule updates when most of your customers’ employees will be offline. That way, you won’t disrupt their critical business operations. Leveraging an RMM tool will help ensure you don’t’ miss any devices.
- Make patch management part of your managed services offering. Patch management provides a valuable service to your clients, and you should be charging for it. If you’re handling routine software patches, roll that activity into the cost of your clients’ service contracts. Make sure you highlight the value you’re providing in your regular reporting.
- Monitor vendor patch notifications. You can’t implement a critical security patch if you don’t know it was released. Keep track of when the next patch is going to be released, and what problems it addresses. That’s true for both your customers’ systems and your internal solutions. Staying up to date on patches will keep your customers secure and can save you a lot of headaches down the road.
- Look into software consolidation. The greater the variety of software used by your customers, the higher the risk created for MSPs who are responsible for administrative overhead. By consolidating commonly used software products, such as antivirus, you can streamline patch management for your customers.
Patch management can be complicated, but it’s a mission-critical service that can’t be neglected. By following the best practices outlined above and using advanced RMM tools to automate and monitor your service processes, you can keep your clients’ data secure and their applications running smoothly.