By Mike Herrington
Patch management is a critical function in maintaining network security for businesses, but the labor cost of keeping up on it frequently stops it from happening. A patch is a piece of software designed to update a computer program or its supporting data or to fix or improve it. This includes fixing security vulnerabilities and other bugs — those patches are called bugfixes. New automated patching solutions have been introduced and can save businesses time and offer a great return on investment.
Most business owners realize that regular patches and updates are important. Microsoft releases new patches and updates every single week for its windows operating systems. These are to help protect against evolving security threats and new exploits created by hackers. They can also add important bug fixes and increase system stability and performance.
Updates need to be done. Unpatched and end-of-life systems present huge security risks for businesses. There are numerous examples of companies that have lost hundreds of thousands of dollars in revenue due to outages caused by such attacks where unpatched systems were exploited. Typically, the reason they have not been done is that the cost of keeping up on all security patches is significant.
IT departments are reluctant in many cases to turn on automatic updates on their networks because updates left to themselves can frequently cause problems through software conflicts with specific network configurations. This makes the cost of doing patches even higher, because in addition to manually applying patches to all machines on the network, IT professionals have to take the time to test them before they apply them to ensure that no damage will be done.
In his article “A Patch in Time,” Pete Lindstrom wrote about RKA Petroleum. RKA is a small business with six Windows servers and 35 workstations that needed patched. The time needed to properly administer them was killing them. The vice president of information services for the Michigan-based regional petroleum distributor, Jason Hittleman, explained, “Patching took almost 120 hours a month among the three of us, almost a full-time position. Employees had to stop work or work at another station. It was hell.”
There has to be a better way right? Yes, there is. There are software solutions that allow automation of patches and updates. Instead of spending an exorbitant amount of time manually administering and applying patches, IT staff can spend a few hours setting up the automation, then a few minutes each week to approve needed patches. This saves a huge amount of time and money for businesses.
Take a look at some simple calculations to see the ROI. Let’s assume that a business has 100 total systems that need to be patched on a weekly basis. It will take an IT professional a couple of hours to research, verify and test patches each week, and (very conservatively) about 10 minutes per machine to apply them. With 100 machines to be patched that calculates out to about 69 hours per month of labor to get patches applied to all systems.
Sixty-nine hours equates to about 43 percent of a full-time employee’s hours on a monthly basis. If that system administrator made an annual salary of $60,000 per year, $25,800 of it would be allocated to paying them to patch and update systems.
There are numerous solutions on the market today that allow for the automation of patches and updates that have a price tag of between $5 and $10 per month per machine. Quick math shows that even on the highest end of this scale, the yearly cost would be $12,000 compared with $25,800 for manual patching. The ROI is clear even without factoring in the lost productivity of your staff or other factors.
There are a few things that you should look for when investigating automated patch solutions. Ensure that the solution can cover all of the platforms that you need assistance with. For most businesses, that means Windows machines but your business may have Macs or Linux computers that need patches as well.
It’s also important to look for a solution that allows you to easily test the patches and updates before they are rolled out. This is critical, because, as mentioned before, rogue updates can have disruptive consequences.
The ability to schedule patches and updates is another important feature. Look for a product that allows you to schedule patches to be automatically applied at night or another time systems are typically idle. This will ensure that the productivity of your staff isn’t interrupted.
Patch reporting is another important function to look for in patch automation software. This allows you to easily see at a glance that your patches are up to date and specifically calls out any systems that are behind on patches for any reason. This allows you to take action on those outliers if needed and ensure you’re completely protected.
Patches and updates are critical for security and performance. Business owners should investigate automated patching solutions that allow them to save time and money. Outsourced IT providers are often excellent resources to help you set up automated patches and updates on the network.
Mike Herrington is the manager of business development at i.t.NOW.