Patch Management No Longer Has to Be an IT Headache: Cloud Computing to the Rescue

CloudCow Contributed Article.  Author: Sergio Galindo, head of Global Product Management at GFI Software.

Stress is a feeling that IT administrators, especially at small and medium-sized businesses (SMBs), know all too well. In fact, an independent survey conducted by Opinion Matters on behalf of GFI Software earlier this year, which polled 207 IT administrators in U.S. organizations with more than 10 employees, found that 57 percent of respondents admit they’ve considered leaving their job due to workplace stress.

The reality is that IT admins are often challenged with supporting their company’s IT efforts with limited resources and budget. And they are forced to wear many different hats each day. They are tasked with keeping network infrastructure operational and secure, battling unauthorized access and intruders, and defining and enforcing corporate policies, among a laundry list of other critical tasks. On top of that, they shoulder the responsibility of supporting the needs of end users who sometimes seem to go out of their way to create the most bizarre IT issues imaginable…


The bottom line is that there just isn’t enough time in the day for IT admins to manage increasingly complex IT environments and tend to end users’ endless needs. To compensate, in resource-strapped environments, IT admins tend to focus on resolving emergencies and immediate needs. And who can blame them? But, that means that standard maintenance tasks such as patch management, which are critical to the health of corporate networks, often fall to the wayside.

The Role of Patch Management in Threat Protection
The threat landscape evolves by the minute. To keep pace, security vendors are constantly updating their solutions to defend against the latest sophisticated threats and pushing those patches to customers for enhanced protection. However, the volume of these patches can be unpredictable and overwhelming, and, as each vendor has its own update mechanism, there are many systems to keep up with – not to mention many endpoints to protect. In short, there are myriad systems to patch, and endless patches to test and then install. Then you have to do it all over again – and again and again. Keeping all computers and servers up-to-date with patches from multiple vendors can be time consuming, challenging and a real IT headache.

To work around this challenge, some IT admins push the patch management responsibility onto end users themselves, holding them accountable for keeping their own computers up-to-date. But, let’s be honest, it’s far too easy for employees to ignore updates, and more often than not, patches that are critical to a company’s security never get downloaded. Other admins will put patch management on their own to-do list for whenever they get around to it. But here again lies a severe security risk, as patches that aren’t deployed in a timely manner leave endpoints exposed and vulnerable to attack.  

At this point, you may be wondering: “Will my business really be vulnerable to attack if patch management isn’t performed in a timely fashion?” Performing a Google news search using the phrase “software vulnerability” should quickly give you your answer. Cybercriminals are constantly exploiting software vulnerabilities in third-party applications. In fact, research has shown that 90 percent of successful exploits are against unpatched systems. Why? Because unpatched systems offer hackers an easy, direct way into the heart of your computer and then your company’s network. And even though a patch remediates the identified vulnerability and keeps hackers out, the patch must be installed to work – a task that many users don’t ever get around to.

Cloud Computing to the Rescue
We know IT admins shouldn’t rely on end users to patch their own applications. Nor should they add patch management to their own never ending to-do list for whenever they get around to it. So, how can IT admins achieve timely and effective patch management without consuming loads of time and resources? The simple answer is by leveraging cloud computing.

Cloud-based patch management solutions take on the bulk of the work when it comes to rolling out new patches. They assess what patches are missing across multiple vendors, as well as what software is out-of-date, so all IT admins have to do is schedule when they’d like the patches to be installed. Once the schedule is set, the cloud patch management solution takes care of the rest. They automatically detect, download and deploy patches – freeing up valuable IT resources for other pressing tasks. Additional benefits of cloud-based patch management solutions include:
•    Fast and easy deployment and set up, enabling IT admins to have the solution up and running within minutes.
•    Ability to manage all unpatched devices from a single Web-based tool regardless of whether the IT admin or the devices they manage are in the office, at home or on-the-road, eliminating the need for IT admins to visit remote sites to maintain workstations, laptops and other devices.
•    Elimination of ongoing maintenance by the IT admin, as cloud patch management vendors are responsible for keeping software and applications up-to-date and running smoothly.
•    Ability to schedule when patches will be installed, opening up overnight updates as an option. Patches may require a reboot of the target machines or updated applications, or the deployment could consume lots of network resources, so installing patches overnight is an ideal scenario as there is less demand for bandwidth and no disruption to end users.

Patch Management Can Be Easy
Keep in mind that a cloud-based patch management solution is only half the battle when it comes to reducing the time and resources it takes IT admins to oversee patch management. The other half is practicing patch management best practices. You don’t have to be an expert to know what these are either. Here are some basic patch management tips that will greatly reduce the burden of patch management processes:
•    Not all patches are critical. Checking the release notes provided by the vendor to see how they classify the patch is a good starting point to determine whether it should be deployed immediately or if it can be postponed. When prioritizing patch deployment, another good thing to keep in mind is the higher the popularity of the application, the greater the chance that cybercriminals will exploit its vulnerability.
•    Don’t just focus on Microsoft patches. Java, Adobe, Oracle, major Web browsers and a host of other providers deploy very important patches on a frequent basis as well. Installing patches from these vendors is just as important as deploying Microsoft’s updates.
•    Testing is key. Patches can break systems or have compatibility issues with business critical applications. Testing patches in your environment before mass deployment is crucial.
•    Apply patches in a timely fashion. In a best case scenario, patches would be applied within 24 hours. However, depending on the urgency of the patch, installing them once a week or on a monthly basis may be acceptable.

Levering a cloud-based patch management solution in combination with the above best practices will put you well on your way to turning a time-consuming and resource-intensive task into a simple and fast standard business process. Ultimately, that means reduced stress levels and more time in your day to handle other critical IT issues.

#########
About the author:   Sergio Galindo is the head of global product management at GFI Software, a leading provider of IT solutions for small and medium-sized businesses.