Patch management has become a standard part of the business responsibilities of every managed service provider (MSP). However, patch management is anything but standard. The changing nature of this task requires patch management tools that give MSPs the agility to address different types and numbers of vulnerabilities.
Members of The ASCII Group share their thoughts on patch management tools and how to perform this essential task effectively. The ideas they offer are:
How have patch management tools improved in the last five years?
Bodner: Technology advances all the time, so there is no question that patch management tools are getting better in terms of effectiveness and automation. There is no question that third-party patches have improved and are included in most remote monitoring and management (RMM) tools. But I think what’s really getting better is education about patch management and the approach to patch management. The best tool is the human being! We also have a greater ability to implement promptly.
Hassell: Notifications and communication of the purpose of patches have certainly increased and become more transparent over time.
Parisi: I live in a world where I believe (some) things should work. It used to be that our RMM vendor would tell me that we shouldn’t install driver updates because they can break things, but that’s not so much the case these days.
What features of patch management tools do you find most valuable?
Bodner: The more automation, the better! And the more you report in words that normal people can understand, the easier it is to make good decisions.
Hassell: Configuring automated tools for operating systems tends to increase the uptake and opportunity for self-updating.
Do you see more awareness of the need to patch mobile solutions?
Bodner: Definitely. Our mobile devices are simply an extension of our office environment. Especially since there is a trend of carrying only one device, we are exposing sensitive data to an environment that is also used for Facebook, watching Netflix or shopping.
Parisi: Mobile device management (MDM) solutions do a good job of this. I’m not sure “awareness” is the problem. It really is in the eye of the beholder. We work with our customers to educate them about the importance of patching mobile devices, but most aren’t concerned.
Hassell: The educational and security awareness that is being promoted in the industry is very helpful in reinforcing this requirement for end users. We found that customers are requesting MDM more frequently. Using this feature, they can secure, manage, and update mobile devices and Internet of Things (IoT) endpoints.
What challenges still exist with patch management?
Bodner: In general, one of the challenges in the industry is that there are so many vendors, many of whom are excellent and offer fantastic products. Picking the right one can be a challenge. At the same time, we are only as good as our customers let us be. This means we need to educate our customers about the importance of patch management (and many other potential risks), and they need to take it seriously enough for us to commit to helping them.
Hassell: When updates haven’t been automated, you still need end-user input, which tends to delay deployment.
Parisi: You have to rethink the whole thing. There are a couple of options, use patch management tools like Microsoft Intune, Windows Package Manager, or Chocolatey, or have the industry develop a standard way of doing things. However, any patch management system must have an easily accessible API for both provisioning and monitoring.
Stay focused on the big picture
In general, Bodner’s advice is to “focus on what really matters and inventory the systems that are most at risk.”
“It’s a valuable service, but the customer needs to see that value. Simplify the process for the customer and use the right tools to make patch management easy to digest, painless, and valuable,” she says.
Hassel adds that there is value in taking the “one ounce of prevention” approach. “I believe that anything that can be done to protect all endpoints in an organization should be called constantly, whether the patch is for security, a bug, or a feature update,” he says.
Parisi suggests that there is still work to be done to develop patch management tools that provide more value to MSPs.
“If patch management just worked and clearly communicated what it can and, even more so, what it can’t do, it would be valuable. For example, my RMM only updates a few apps. What world do they live in? My clients use a lot of apps and all their apps should be updated too.”
“We really should have a ‘patch management summit’ and get our collective heads together and resolve this issue,” he says.
About The ASCII Group, Inc.
The ASCII Group is North America’s leading community of MSPs, MSSPs, VARs, and Solution Providers. The group has more than 1,300 members located throughout the US and Canada, and membership encompasses everyone from accredited MSPs serving the SMB community to multi-location solution providers with a national reach. Founded in 1984, ASCII provides member services including leveraged buyout programs, education and training, marketing assistance, extensive peer-to-peer interaction, and more. ASCII works with a vibrant ecosystem of leading technology providers that complement the ASCII community and support the mission of helping MSPs and VARs grow their businesses. For more information please visit www.ascii.com.