Maintaining Patch Levels
We’re going to discuss system patching. Sorry for sounding like a broken record & for this long winded 2018 New Years message. Over the past many months, businesses have faced re-prioritized tasks and delayed deliverables, not to mention hit many show-stopping freezes (Thanksgiving, xMas, etc.). This regrettably and certainly can delay patch schedules for many straight months. Yikes! Obviously, the need for system patching is well understood and needn’t be repeated.
As time ticks on, where systems remain unpatched, 2 particular challenges steadily increase. Not only do unpatched systems leave vulnerabilities exposed (obvious), it also creates a very real set of hidden “stacked” operational risks.
Taking a step back, it goes without saying, as a high priority, patch-cycles should be routinely and religiously performed. Traditional patch-cycles represent low risk, and should (as best practices) be tested within Lab. Unfortunately, Lab and Production environments seldom align, not to mention Lab never carries equivalent production service loads. As a result, monthly production patching should be cautiously approached, and handled with the utmost of care (kid gloves).
When monthly patch cycles are missed/omitted, we face the conundrum of cumulative (stacked) patches – a problem which sneaks up on the best of us. It cannot be over-stressed that such a situation exponentially increases operational risk of something, sometimes obscure, breaking. As an alternative (work around), although time consuming and more expensive, in order to catch up, this can be caught up by staggering these over a 6-8 week period.
However, with routine/scheduled patch-releases occurring (knocking at our backdoor), trying to catch up can likewise become a double-edged sword: creating schedule challenges, reducing preferred ideal soak/validation time, cuts short or sometimes omits sufficient/proper change management due diligence/tracking, etc. Thankfully it might not be as bad as you think.
Most businesses have made incredible strides to realign and resolve hundreds of AD and internal security deficiencies. These businesses, through security audits, have basically picked up their AD, as an entity, “by the scruff of its neck” and placed it squarely back onto the road. You must continue to remain alert and diligent to pursue and prevent matters which threatens AD from, once again, gradually slipping off the road.
Your resolve and determination toward normalizing Active Directory & system patching should never be swayed nor compromised.
Recommended: 3 immediate 2018 Action Items:
- Approve a team to create an action plan to safely augment all systems to current patch levels by EOM – note: anticipate potentially multiple work streams
- Approve to “Operationalize” routine monthly patching
- Espouse & garner business visibility and understanding (establish official governance)
SHAWN MAY – DTS Inc. | Principal Architect & CEO – (727) 223-6740 | shawn@yourDTS.com
Recommended Next Step: Migration Services