As mentioned in 4 Basic Security Steps For SMBs, “Security tends to be an area that small and midsize businesses know they need to address but nonetheless leave unattended”. One of those areas frequently put on the back burner is patch management. Patch management is the implementation of software updates or security patches that are developed to address security vulnerabilities or flaws and often enable additional functionality or enhance it. Your business information systems which typically require software patches include operating systems, servers, routers, desktops, email clients, office suites, mobile devices, firewalls, and a vast array of other components in the network infrastructure. Given how much your infrastructure includes, managing all the updates on a consistent basis can be a daunting task.
Larger enterprises employ automated patch management systems to reduce manpower requirements and other companies choose to outsource to a qualified company that performs this service from a remote location. The SMB can either place this task with the existing IT department to manually implement or it can act like a larger enterprise and utilize a Managed Services Provider (MSP) to implement both an automated service and a remote service. The advantage of utilizing an MSP for this task would be not only the utilization of staff that are skilled in the deployment of patches across similar infrastructures, but also the fact that monitoring the network and infrastructure typically is included as part of the MSPs monthly contracted services.
An MSP will use the following steps for Patch Management:
- Detect Vulnerabilities by scanning your infrastructure for missing security patches.
- Acquire the appropriate updates or patches for testing.
- Test the software updates or patches in an operational testing environment to ensure that the security fixes work correctly and will not compromise your system.
- Deploy the patches to computers and devices on the network.
- Review the deployment to ensure its success.
- Maintain by actively monitoring your information systems and staying abreast of reported vulnerabilities for your infrastructure.
If you review the steps above you will see how much work can be involved in patch management. Now think about how often security vulnerabilities are reported/fixed and how often the steps above are repeated over a short period of time.
Not addressing your patch management on a consistent basis leaves your network open to hackers and can possibly lead to loss of data. Can your SMB afford to lose data?