4 Patch Management Mistakes MSPs Should Avoid

An optimized Patch Management as a Service offering will minimize disruption to operations and keep systems up to date.

Patching has been around for a long time. It’s not the most exciting part of an MSP’s job and usually occurs behind the scenes. However, it can make you a hero by preventing some of the most common exploits hackers use to compromise networks and steal data.

Insurance brokers Sutfliffe & Co. point out in their list of common causes of data breaches that application vulnerabilities “leave holes that (hackers) can crawl straight through to get directly at data.”

As essential as patch management is, it’s not a perfect science. Some patches require rebooting; others don’t. Some can make third-party applications stop working — and some can cause production to grind to a halt.

MSPs must understand the nature of patch management and build processes that minimize the downside. Here are some mistakes managed services providers need to avoid to preserve their clients’ productivity while keeping their systems up to date:

  • Not Aligning Your Schedule with Your Clients – Any time an MSP provides a service, you must set a course that makes the most sense for your client and your team. For example, patching and rebooting need to be scheduled so they don’t interfere with your client’s business operation, which means some will prefer it at night, some during the day, and others at variable times. Therefore, work to develop a schedule that optimizes internal and external schedules.
  • Not Planning for the Worst – It’s risky to discover a patch, immediately install it for your clients, and walk away. Instead, you need to research and test patches to determine their potential to cause systems to break. Always have a roll-back plan if you encounter unexpected issues and need to restore your client’s system.
  • Falling Behind – You not only have to deal with the unpredictability of how the next patch can impact your clients’ systems or applications – but you also can’t predict how many patches you will have to deal with. You may have to deal with numerous vulnerabilities one month and none the next. While it may be tempting to skip a month in which only a few patches are released, ensure you don’t fall behind. Establishing a practice of regular monthly patching yields the greatest value.
  • Wearing OS-Patch Blinders – A potentially dangerous mistake is only focusing on OS patches for workstations and servers. Almost everything in the network – security cameras, routers, switches, IoT devices – require firmware updates to address security issues.

Patch Management Pitfalls That Can Impact an MSP’s Bottom Line

Quilter also points out that there are mistakes that MSPs can make when providing patch management services that can decrease profitability. Maximize your efficiency by:

  • Automating to minimize manual work and provide service to the maximum number of customers.
  • Minimizing the number of tools you use so you can address OS and third-party patches from one application.
  • Keeping patch management tools updated as vendors address changing release policies and other industry trends.

You can also focus on sales and marketing efforts for better conversion. Although you can market this service to any vertical or type of business, focusing on prospects in regulated industries, such as credit-card-accepting merchants regulated by PCI DSS or healthcare organizations that must meet HIPAA requirements, is wise. In addition, prospects who must install patches regularly may be looking for help staying compliant and keeping their systems optimized and secure. 

The former owner of a software development company and having more than a decade of experience writing for B2B IT solution providers, Mike is co-founder of XaaS Journal and DevPro Journal.