Patching: more complicated than closing holes
– “Be careful outside, son.”
– ‘Yes mom.’
– “The world is a dangerous place.”
– ‘Ok, dad.’
Parents who want the best for their children, warn them often and a lot. But things outside were not normally that bad. However, in the world of IT they really are unsafe. We know better than anyone about the significant dangers from outsiders, which is obviously not good for your organization.
That’s why we’re in a kind of virtual arms race that works like this: a hacker finds a hole, your software supplier closes or “patches” the hole, the hacker searches for new hole. And repeat. It’s an ongoing challenge to stay safe from hackers.
In the meantime, we install one security update after another with our software and systems. This process requires tight control and is called patch management.
You may wonder, “Every time the software vendor releases a patch, should I install it right away?” If only it were that easy. It’s not a simple answer. Yes: you should roll out a patch as soon as possible, especially when it comes to closing a security hole. But you need to do it with care.
As crazy as it sounds, it actually pays to wait a day after the software update release before doing the install. There are countless examples of “critical security fix” updates that had unexpected side effects in the form of bugs or even significant functionality issues. Logically, software companies’ reputations are at stake if they don’t quickly plug a vulnerability. But this can lead to things sometimes going wrong.
Hurry up and wait-and-see
Before jumping into action, it’s better to take a wait-and-see approach first. You should weigh the risk of a hack against loss of your company’s productivity. And if your IT team doesn’t see any panic messages appear on forums, it’s safe for you to install the update.
This example implies that a new version of a software program has no priority at all. We know of organizations whose entire production system failed because of a software update, but its associated plug-ins refused to work with it. In this respect, major suppliers seem to change the rules of the game every time without an explanation or warning.
When auto-magic happens
Rolling out a patch is very similar to a complete software application. If it’s included in the Package Store at Easy Software Deployment, you can start right away. If not, you can add your custom patch in just a few clicks. After that, you just need to “select and deploy” patches. And your IT team can roll them out from a central point to all devices .
The great thing is that you can delay the roll-out and schedule it for a time when you’re sure it can be done safely, and without interrupting work.
Now you can see why patch management is more complex than just rolling out updates. If you plan it carefully, you’ll have a virtually watertight IT system — provided software suppliers seal leaks just as carefully.
There are many more interesting and important things you should know about patch management. Read about them in the rest of our Patch Management blog series.