Has had any luck or success in dealing with a "patching as a service" vendor or if that area of expertise even exists? I manage a group of 7 engineers, and I recently had an engineer leave who was responsible for the patching of 500 Windows Servers. I'm curious what a service in this space might look like along with the ROI we might get in considering an alternative approach to a traditional Infrastructure task.
Associate Director, Cloud and Infrastructure Architecture, Inventor in IT Services2 years ago
I consider patching as one of the most pressing problems as improper patching mechanism can have several implications in terms of security, compliance and cyber incidents. With the rise in cyber incidents, it is absolutely necessary to keep the systems and software up to date. Hence, it is important to have a robust and structured mechanism established to address this area. Performing patch management manually can be a tedious and inefficient approach with the size and scale of the environment. We can often miss on addressing critical vulnerabilities and/or bugs, with the volume of patches and the size of environment, which can lead to a business impacting event.
To establish a structured approach to patching, it is essential to define the scope for the service i.e., size, scale and complexity of the landscape in terms of endpoints, appliances, OS'es, apps, deployment topologies etc. This is a key step to understand where we are heading towards and if the "patching as a service" is beneficial to us both financially and operationally. Post defining the scope, you will need to look at the essential capabilities for this service covering the entire lifecycle i.e., inventory validation, scanning, identifying and tracking gaps, applying patches, testing and reporting. There can be disparate solutions performing these functions in a brown field environment. Having a clear view of what exists today will help determine what's needed to facilitate an end-to-end patching service. It is essential to consider integration aspects when patching as a service is considered. Encapsulating all these activities with an automation wrapper is what brings in real value operationally.
In summary, having an enterprise view is important as it reaps greater benefits (financially and operationally) as opposed to deploying in isolation to address a limited set of systems. Automating the functions can improve overall efficiency resulting in reduced resources and run times. This can help improve operational efficiency, security and compliance of the environment. Having the ability to view your heatmap in terms of patches and vulnerabilities helps to prioritize patching actions which can help improve overall business posture.
Content you might like
How many FTEs do you need to manage 100 servers?
How often do you perform cyber awareness training?
Are there any resources for selecting a Spam and call trust product? This would be used to control and block SAPM, Vishing, and other malicious activities coming through our Voice trunking and PBX infrastructure.
I consider patching as one of the most pressing problems as improper patching mechanism can have several implications in terms of security, compliance and cyber incidents. With the rise in cyber incidents, it is absolutely necessary to keep the systems and software up to date. Hence, it is important to have a robust and structured mechanism established to address this area. Performing patch management manually can be a tedious and inefficient approach with the size and scale of the environment. We can often miss on addressing critical vulnerabilities and/or bugs, with the volume of patches and the size of environment, which can lead to a business impacting event.
To establish a structured approach to patching, it is essential to define the scope for the service i.e., size, scale and complexity of the landscape in terms of endpoints, appliances, OS'es, apps, deployment topologies etc. This is a key step to understand where we are heading towards and if the "patching as a service" is beneficial to us both financially and operationally. Post defining the scope, you will need to look at the essential capabilities for this service covering the entire lifecycle i.e., inventory validation, scanning, identifying and tracking gaps, applying patches, testing and reporting. There can be disparate solutions performing these functions in a brown field environment. Having a clear view of what exists today will help determine what's needed to facilitate an end-to-end patching service. It is essential to consider integration aspects when patching as a service is considered. Encapsulating all these activities with an automation wrapper is what brings in real value operationally.
In summary, having an enterprise view is important as it reaps greater benefits (financially and operationally) as opposed to deploying in isolation to address a limited set of systems. Automating the functions can improve overall efficiency resulting in reduced resources and run times. This can help improve operational efficiency, security and compliance of the environment. Having the ability to view your heatmap in terms of patches and vulnerabilities helps to prioritize patching actions which can help improve overall business posture.