4 Patch Management Mistakes MSPs Should Avoid

An optimized Patch Management as a Service offering will minimize disruption to operations and keep systems up to date.

Patching has been around for a long time. It’s not the most exciting part of an MSP’s job, and you usually take care of it behind the scenes. However, it can make you a hero by preventing some of the most common exploits that hackers use to compromise networks and steal data.

Interestingly, research for a study by SolarWinds and IDC revealed only 27 percent of cybersecurity teams cite patch management as a strategy to defend against cyberthreats. A press release issued by SolarWinds states, “This lack of patch management activities and reduced focus on network endpoints is alarming, as these basic cyberhygiene best practices must be combined with detection to help ensure that the ‘front door’ isn’t left wide open.”

As essential as patch management is, it’s not a perfect science. Some patches require rebooting; others don’t. Some can make third-party applications stop working — and some can cause production to grind to a halt.

MSPs must understand the nature of patch management and build processes that minimize the downside. Here are some mistakes managed services providers need to avoid to preserve their clients’ productivity while keeping their systems up to date:

  • Not Aligning Your Schedule with Your Clients – Any time an MSP provides a service, you need to set a course that makes the most sense for your client and your team. For example, patching and rebooting need to be scheduled so they don’t interfere with your client’s business operation, which means some will prefer it at night, some during the day, and others at variable times. Therefore, work to develop a schedule that optimizes internal and external schedules.
  • Not Planning for the Worst – It’s risky to discover a patch, immediately install it for your clients, and walk away. Instead, you need to research and test patches to determine their potential to cause systems to break. Always have a roll-back plan if you encounter unexpected issues and need to restore your client’s system.
  • Falling Behind – You not only have to deal with the unpredictability of how the next patch can impact your clients’ systems or applications – but you also can’t predict how many patches you will have to deal with. You may have to deal with numerous vulnerabilities one month and none the next. While it may be tempting to skip a month in which only a few patches are released, make sure you don’t fall behind. Establishing a practice of regular monthly patching yields the greatest value.
  • Wearing OS-Patch Blinders – A potentially dangerous mistake is only focusing on OS patches for workstations and servers. Almost everything in the network – security cameras, routers, switches, IoT devices – require firmware updates to address security issues.

Patch Management Pitfalls That Can Impact an MSP’s Bottom Line

Quilter also points out that there are mistakes that MSPs can make when providing patch management services that can decrease profitability. Maximize your efficiency by:

  • Automating to minimize manual work and provide service to the maximum number of customers.
  • Minimizing the number of tools you use so you can address OS and third-party patches from one application.
  • Keeping patch management tools updated as vendors address changing release policies and other industry trends.

You can also focus on sales and marketing efforts for better conversion. Although you can market this service to any vertical or type of business, it’s wise to focus on prospects in regulated industries, such as credit-card-accepting merchants regulated by PCI DSS or healthcare organizations that must meet HIPAA requirements. In addition, prospects that must install patches regularly may be looking for help staying in compliance and keeping their systems optimized and secure. 

The former owner of a software development company and having more than a decade of experience writing for B2B IT solution providers, Mike is co-founder of XaaS Journal and DevPro Journal.