When a customer turns care of their environment over to a trusted partner like a managed services provider (MSP), they’re looking for them to take care of some of the most critical elements of their environment, such as patching. Patching is important for many reasons. Perhaps, most critically, it helps close any known cybersecurity gaps and vulnerabilities that could be within a customer’s environment (which is especially important against today’s threat landscape). Additionally, it can help limit any potential downtime and ensure the organization is meeting all of its compliance requirements, such as HIPAA.
However, patching is typically a manual and time consuming process, which must be undertaken device by device until complete. It can also cause downtime if systems have to reboot as part of the process. The so-called “gold standard” for patching is to patch within 30 days, but on average it takes organizations between 60 and 150 days. This can put organizations at risk of a cyberattack, a compliance violation or of potentially broken software.
There are things that an MSP can do to simplify patch management process across their customers' environments. Here are three ways they can do that.
Know the lay of the land
Being able to implement effective patch management starts with knowing what you have. MSPs should make sure they have a complete record of network and software inventory on an on-going basis (you can’t fix what you don’t know). It can also help to group and categorize this inventory based on how critical it is to the customer or potential for risk, as that can help prioritize what devices need to be patched first.
Having a thorough inventory can also allow the MSP to make recommendations to customers on potential for device or software consolidation, therefore cutting back on the potential risk surface.
Automate, automate, automate
The best patch management is the process that mixes human tasks with automation to determine what needs to be patched, how to do it, and ensure it has been updated across the organization as needed. Automation through tools for remote patch management can help MSPs deploy patches at scale across multiple customer environments.
When it comes to patch management, preparation is key. While many patches may be released sporadically in response to newly discovered issues, there are some routine updates that an MSP can plan for. For example, Microsoft and other major software vendors leverage a monthly “Patch Tuesday” on the second Tuesday of every month to release necessary updates to their software. Knowing this is coming, an MSP can plan ahead to test those updates against a handful of client systems, then roll out to all systems in a coordinated way later that week.
Advanced scheduling also allows for an MSP to better plan for the downtime that can be associated with patching, including scheduling it for more convenient times, such as over a weekend or in the middle of the night.
Of course, each of these updates is important to maintain client security and performance, but they are also important for the MSP to implement in-house, as well. MSPs have recently become the target of significant cyberattacks, due to their high privileged access in so many customer environments. MSPs should make sure they are patching and updating their own systems and following best practices in order to thoroughly protect themselves and their clients.
Patch management is a key piece of every MSP’s business, especially as cyberattacks continue to rise. By maximizing their ability to have an efficient patch management process, an MSP can make sure they are proactively protecting their customers’ environments and staying ahead of the latest threats.