Patch Management Advice from an MSP: Automate

Design your patch management service offering not only to keep your clients’ systems updated and align best with their schedules, but also to maximize efficiency and productivity for your business.

MSP Michael Goldstein, President of LAN Infotech in Fort Lauderdale, FL, and member of the ASCII Group, has been providing patch management services to his clients even before it was called patch management. He worked for a managed service provider business for 20 years before opening his own business ten years ago, which primarily provides IT services to law firms. “Security for our clients was a higher calling that made it important to keep up with updates even before cybersecurity became as important as it is today,” he says. “We’ve always told our clients you have to fix broken things. If you don’t, it’s a blueprint for disaster.”

Goldstein says in the MS-DOS days, patching was a necessary — but manual — task. “If something didn’t work and you called tech support, the first thing they wanted to know was whether you were using the latest version,” he comments.

The Solution: Automation

Goldstein says as remote monitoring and management (RMM) tools became more prevalent and IT service providers moved away from the break/fix model, MSPs automated services, including patching and updates. LAN Infotech chose Continuum for patch management. Goldstein says when he evaluated tools for his business, he chose Continuum not only for its ability to automate processes and to easily schedule, but also because it evaluates patches and designates them as “good” or “bad,” giving his team the information they need to handle their installation effectively.

Engineers on LAN Infotech’s team manage RMM alerts, including patches and any errors that may occur, from the Continuum dashboard. Patches and updates for workstations are handled daily. “The tool schedules it, so we don’t have to worry that we’ll miss it,” Goldstein explains.

Goldstein explains that his team addresses servers differently, updating each monthly. He says server updates take most of a weekend, installing patches and rebooting before people return to work on Monday. He says Continuum helps streamline the process, providing the information they need to address server updates proactively.

He adds that many of his clients’ servers are virtualized, which involves patching guests and scheduling manual updates for the host quarterly.

LAN Infotech also evaluates its clients’ firewalls once per quarter to verify they’re up to date. “We felt like this was a very important aspect to address,” Goldstein comments.

“We figured out a schedule that makes the most sense for us and our customers,” he says.

Challenges: Keeping Up With Changes

Goldstein says the security landscape is always evolving and vendors’ release policies change in response. “Windows 10 changed the world,” he says. “Before that, if a client didn’t want the patch, they didn’t install it. Windows 10 forces it. You can’t stop it, just defer it. It’s just a way of life.” He says he’s become a Windows Insider to receive advance releases of all versions, which he installs on his laptop to test them before rolling them out to his clients.

He adds that with more clients using Software as a Service (SaaS), using the “latest and greatest” version is important. LAN Infotech’ policy is that if they sell the software, they manage it. “If we notice they’re using other software, we talk about it,” Goldstein comments.

LAN Infotech also keeps clients informed through reports and newsletters. “In the past year, people have paid more attention to patching. They understand what it means and why it’s important,” he comments. “We show them we’re ahead of the game and can answer when they ask if they’re covered.”

Patch Management Advice for New MSPs

Goldstein says the most essential advice for new MSPs is to find a good patch management tool: “Find what works for you and realize you can’t do it all yourself.” He says also to realize that patch management takes time, and there is little reward in it, but it’s necessary given the constantly evolving cyberthreat landscape. “We tell our clients they’re just one click away from going out of business. It’s the way of the world these days,” he says. 

 

About The ASCII Group, Inc.

The ASCII Group is the premier community of North American MSPs, VARs and solution providers. The group has over 1,300 members located throughout the U.S. and Canada, and membership encompasses everyone from credentialed MSPs serving the SMB community to multi-location solution providers with a national reach. Founded in 1984, ASCII provides services to members including leveraged purchasing programs, education and training, marketing assistance, extensive peer interaction and more.  ASCII works with a vibrant ecosystem of major technology vendors that complement the ASCII community and support the mission of helping MSPs and VARs to grow their businesses. For more information, please visit www.ascii.com.