Patch management can benefit businesses and organizations of all sizes and verticals, but it’s not top of mind for every prospect. Your next opportunity to sign a new client may be when something breaks.
Many end users aren’t regularly patching their operating systems or third-party software, picking and choosing what to update – or just putting it off because they don’t have time – then when their system breaks, they call an MSP. Although not the ideal scenario, that situation may set the stage for a conversation about how your business can keep its systems up to date with Patch Management as a Service.
Must-Have Patch Management Solution Features
To build an efficient and profitable patch management practice, the solution you choose includes the following features:
Automation – Some MSPs aren’t automating patch management to the fullest extent and, as a result, have full-time employees dedicated to the task. Automation is much more cost-effective than labor. Further, tools that help you be proactive with patching can lessen administrative burdens.
Automated patch management tools will communicate with vendors – in some cases for both OS and third-party software – to find new patches, eliminating the need to do that research on your own.
These tools will also allow you to establish policies that can apply patches across all clients you manage at times that work best with their schedules. Most patches can be managed with one policy, covering your whole client base. Once you discover the commonalities among customers and put time into implementing procedures, you will see significant time savings.
Staging – Your Patch Management as a Service offering should include staging that allows you to install patches on systems in your office to test the outcomes. He also suggests first patching systems for a few trusted users before sending them out to your entire client base.
Some patch management solutions don’t include staging options, so it’s up to you to build and use test environments in those cases. It’s also tempting to skip this step, especially if you’re dealing with a security patch that corrects a vulnerability that hackers exploit, but it’s vital to stage every time. Remember, you’re responsible for the outcome.
Third-party patching – Your Patch Management as a Service offering needs to do more than patch at the operating system level. Third-party software can also be patched to correct a security vulnerability or a bug affecting performance. Your solution should give your team the same automation capabilities for third-party software as for the OS. A dashboard that your technicians and help desk can use to quickly see the status of a client’s patches is also a helpful feature.
Reporting – Your patch management solution should also give you the ability to provide regular reports on the services your MSP business provides each month. Some systems will allow you to automatically generate and send a report the day after patches are completed. End users want to see proof of the value you’re providing.
Your Success Depends on More Than a Feature-Rich Solution
Although it’s important to choose a patch management solution with the right features, it isn’t enough. You need to educate yourself about the industry and the security landscape. Leverage information such as Microsoft’s Security Update Severity Rating System and CVSS scores from NIST’s National Vulnerability Database.
MSPs must also do their due diligence to understand the relationships between servers, workstations, VM hosts and guests so that patches won’t interfere with productivity. The challenge, as IT environments continue to change, is to keep up with them. 
