Patch management has become a standard part of every managed services provider (MSP) business’s responsibilities. However, patch management is anything but standard. The changing nature of this task requires patch management tools that give MSPs the agility to address varying types and numbers of vulnerabilities.
Members of The ASCII Group share their impressions of patch management tools and how to accomplish this essential task effectively. Offering insights are:
- Zina L. Hassel, ZLH Enterprises
- Marc Bodner, American Technology Services
- Paul Parisi, SaviorLabs
How have patch management tools improved in the past five years?
Bodner: Technology is advancing all the time, so there is no question that patch management tools are improving in terms of effectiveness and automation. There is no doubt that third-party patching has improved and is included in most remote monitoring and management (RMM) tools. But I think what is really improving is the education around patch management and the approach to patch management. The best tool is human! We also have a greater ability to deploy promptly.
Hassel: Notifications and communicating the purpose of the patches have certainly increased and become more transparent over time.
Parisi: I live in a world where I think (some) things should just work. It used to be that our RMM vendor would tell me we should not install driver updates because they can break things, but it’s not so much the case these days.
Which features of patch management tools do you find the most valuable?
Bodner: The more automation, the better! And the more reporting in words that normal people can understand, the easier it is to make good decisions.
Hassel: Setting automated tools for operating systems tends to increase buy-in and the opportunity to auto-update.
Do you see more awareness of the need to patch mobile solutions?
Bodner: Definitely. Our mobile devices are simply an extension of our office environment. Especially since there is a tendency to carry one device, we are exposing sensitive data to an environment that is also used for Facebook, watching Netflix, or shopping.
Parisi: Mobile device management (MDM) solutions do a pretty good job at this. I am not sure that “awareness” is the issue. It really is in the eye of the beholder. We work with our clients to tell them about the importance of patching mobile devices, but most aren’t concerned.
Hassel: The educational and security awareness that is being pushed in the industry is most helpful in reinforcing this requirement to end users. We find that clients are requesting MDM more frequently. By utilizing this feature, they can secure, manage, and update mobile devices and Internet of Things (IoT) endpoints.
What challenges still exist with patch management?
Bodner: In general, one of the industry challenges is that there are so many vendors, many of whom are great and offer fantastic products. Picking the right one can be a challenge. At the same time, we are only as good as our customers allow us to be. This means we need to educate our clients on the importance of patch management (and many other potential risks), and they need to take it seriously enough for us to be engaged to assist them.
Hassel: Where updates have not been automated, you still need end user involvement, which tends to delay implementation.
Parisi: The whole thing needs to be rethought. There are a couple of options, use patch management tools like Microsoft Intune, Windows Package Manager, or Chocolatey, or get the industry to develop a standard way of doing things. However, any patch management system has to have an easily accessible API for both provisioning and monitoring.
Stay Focused on the Big Picture
Overall, Bodner’s advice is to “focus on what really matters and inventory the systems that are most at risk.”
“It’s a valuable service, but the customer needs to see that value. Simplify the process for the client and use the right tools to make patch management easy to digest, painless and valuable,” he says.
Hassel adds that it’s valuable to take the “an-ounce-of-prevention” approach. “I believe anything that may be done to protect all endpoints in an organization should be consistently called out, whether the patch is for security, a bug, or a feature update,” she says.
Parisi suggests that there’s still work to be done to develop patch management tools that deliver more value to MSPs.
“If patch management would just work and clearly communicate what it could and, more so, what it couldn’t do, it would be valuable. For example, my RMM only updates a few applications. What world do they live in? My customers use lots of apps, and all their apps should be updated as well.”
“We really should have a ‘patch management summit’ and get our collective heads together and solve this thing,” he comments.
About The ASCII Group, Inc.
The ASCII Group is the premier community of North American MSPs, MSSPs, VARs and solution providers. The group has over 1,300 members located throughout the U.S. and Canada, and membership encompasses everyone from credentialed MSPs serving the SMB community to multi-location solution providers with a national reach. Founded in 1984, ASCII provides services to members including leveraged purchasing programs, education and training, marketing assistance, extensive peer interaction and more. ASCII works with a vibrant ecosystem of major technology vendors that complement the ASCII community and support the mission of helping MSPs and VARs to grow their businesses. For more information, please visit www.ascii.com.