Software updates and patch management got you down? Seems like new ransomware, malware and viruses lurk around every corner these days, and software companies are releasing patches in swarms to keep up. In addition, computing environments are more complex than ever, with on-premises and cloud-based applications and a growing number of endpoint devices connecting to organizational networks. Not only is it daunting to orchestrate the rollout of updates across your entire IT landscape, but the risk of production downtime and other glitches can seem greater than the risk of not updating. And who hasn’t heard an exec ask, “If it is working fine for our needs now, why do we need to update?”
Well, first of all, the biggest risk is not updating. Sure, it’s easy to make mistakes when rolling out a wide-scale software update, but not updating at all is a bigger mistake. The threat of attacks is very real. As the recent WannaCry outbreak demonstrated, it’s not only necessary to deploy patches and software updates quickly, but it's also necessary to ensure they’ve been deployed across all systems in your organization. These days, teams of hackers are going after more than just the big Microsoft apps and operating system. You’ve got to stay on top of updates for your entire software ecosystem, including third-party software and services as well as routers and networking and storage equipment. More endpoints mean higher security risks. Of course, every organization’s infrastructure is unique, so your update strategy needs to be customized for your situation.
Some aspects of your patch management strategy can likely be automated. And sometimes updates only apply to a part of your organization or one subset of your users, which can certainly streamline your efforts (once you have a plan for how to focus the updates).
For many organizational updates, it’s important to have a strategy that is not only timely but that also includes a testing phase. You don’t always want to make updates the moment they are released. In many cases, you’ve got to make sure patches and updates are deployed after you’re certain they won’t adversely impact your current software environment — unless, of course, your team has an easy-to-implement rollback strategy.
Yes, it’s overwhelming. But fear not — there are numerous ways to mix and match strategies for simplified patch management and improved endpoint protection. Several basics are key:
- Keep up with available updates and patches to strengthen your endpoint security. (Don’t procrastinate.)
- Make sure that all existing systems are fully updated. (That means everything!)
- Develop a tiered approach to update-and-patch deployment, ensuring that you can roll back an update if something goes wrong. (Just be prepared.)
- Find ways to perform these tasks with minimal administrative effort. (There are tools that can help!)
Intrigued? Industry expert and Penton Tech contributing editor Orin Thomas has lots of ideas for how to put together a comprehensive patch management and update strategy. Check out his on-demand webcast: "How to Secure your Endpoints: Do it Right, Keep it Right". Bonus: Quest Sales Engineer Jason Morano gives the skinny on how the KACE endpoint systems management solution can help.