Maintaining Patch Levels
We’re going to discuss system patching. Sorry for sounding like a broken record & for this long winded 2018 New Years message. Over the past many months, businesses have faced re-prioritized tasks and delayed deliverables, not to mention hit many show-stopping freezes (Thanksgiving, xMas, etc.). This regrettably and certainly can delay patch schedules for many straight months. Yikes! Obviously, the need for system patching is well understood and needn’t be repeated.
As time ticks on, where systems remain unpatched, 2 particular challenges steadily increase. Not only do unpatched systems leave vulnerabilities exposed (obvious), it also creates a very real set of hidden “stacked” operational risks.
Taking a step back, it goes without saying, as a high priority, patch-cycles should be routinely and religiously performed. Traditional patch-cycles represent low risk, and should (as best practices) be tested within Lab. Unfortunately, Lab and Production environments seldom align, not to mention Lab never carries equivalent production service loads. As a result, monthly production patching should be cautiously approached, and handled with the utmost of care (kid gloves).
When monthly patch cycles are missed/omitted, we face the conundrum of cumulative (stacked) patches – a problem which sneaks up on the best of us. It cannot be over-stressed that such a situation exponentially increases operational risk of something, sometimes obscure, breaking. As an alternative (work around), although time consuming and more expensive, in order to catch up, this can be caught up by staggering these over a 6-8 week period.
However, with routine/scheduled patch-releases occurring (knocking at our backdoor), trying to catch up can likewise become a double-edged sword: creating schedule challenges, reducing preferred ideal soak/validation time, cuts short or sometimes omits sufficient/proper change management due diligence/tracking, etc. Thankfully it might not be as bad as you think.
Most businesses have made incredible strides to realign and resolve hundreds of AD and internal security deficiencies. These businesses, through security audits, have basically picked up their AD, as an entity, “by the scruff of its neck” and placed it squarely back onto the road. You must continue to remain alert and diligent to pursue and prevent matters which threatens AD from, once again, gradually slipping off the road.
Your resolve and determination toward normalizing Active Directory & system patching should never be swayed nor compromised.
Recommended: 3 immediate 2018 Action Items:
- Approve a team to create an action plan to safely augment all systems to current patch levels by EOM – note: anticipate potentially multiple work streams
- Approve to “Operationalize” routine monthly patching
- Espouse & garner business visibility and understanding (establish official governance)
SHAWN MAY – DTS Inc. | Principal Architect & CEO – (727) 223-6740 | shawn@yourDTS.com
Recommended Next Step: Migration Services
- Implementing correct solutions
- Bringing the correct talent (professional-staff-augmentation or project team)
- Alignment to the business functional & functional direction
- Maintaining agility with communication and options
- Ensure to have a properly scoped project and accurate roadmap eliminating fluff
Dynamic Technical Solutions is one of the best in the business. I had the pleasure of working and learning a great deal from their team members in the past four years. DTS’ work ethic is unlike any I have ever seen. I have always known them to follow through until the job is completed correctly.
R.T., Senior IT Infrastructure & Ops Manager, E-470 Public Highway Authority
I had a pleasure working with Dynamic Technical Solutions very closely on a very complex, critical project with a lot of moving parts and unknowns. Not only did DTS quickly grasped all the complexities of the project, they helped bring clarity and order to it. Their dedication and professionalism are tremendous. They are team members whom you can always count on to be there and deliver what’s required and then some. Their technical abilities have allowed us to develop and implement great solutions. DTS’ understanding of IT security helped us not only come up with a robust technical solution, but also a very secure one. I’ll gladly work with them any time again.
I.S., VP Technology at Barclays Capital
I have had the pleasure of working with Dynamic Technical Solutions over the last year servicing the same customer. DTS demonstrates an exceptional technical aptitude, attention to detail and work ethic that makes their service delivery extraordinary. Anyone requiring solid directory services architectural or technical guidance will benefit from what DTS brings to the table. I recommend their work.
N.K., Microsoft - Senior Technical Account Manager
I had the pleasure of working with Dynamic Technical Solutions at The Children's Hospital and found them to be an extremely knowledgeable in respect to Microsoft Windows Engineering. Their precision, dedication, thoroughness and understanding in Microsoft Active Directory design and support are impeccable. They take pride in continuously learning, adapting and implementing all of the knowledge they possess and have shown such aptitude in technical writings of Kerberos, DNS and Microsoft products as a whole. I would welcome the opportunity of working with DTS again and hope to do so in the future.
M.D., The Children's Hospital
We contracted with DTS to perform an upgrade/migration of our existing Active Directory and Exchange environments onto new equipment. The entire process was extremely painless and we were very happy with the results. I can honestly say that our DTS consultants exceeded our expectations. It took less time than we had anticipated, and some of the issues we were afraid of running into did occur, but our DTS consultants were very quick at finding a working solution.
DTS is technically competent, their work is very thorough, and their attention to detail is the best I have seen. I would not hesitate in recommending Dynamic Technical Solutions to anyone looking for Microsoft professionals.
R.B. Information Technology Director, Colorado City Government – Town of Vail
CH2M Hill is a $5B IT and engineering firm based in Denver, Colorado. CH2M Hill has utilized DTS for complex IT management and support projects. During the time that DTS supported our efforts for one of our customers (a Fortune 500 company), their consultant exhibited significant technical competencies. Furthermore, our DTS consultant is a professional, receiving high marks from the customer for program management as well as communication skills.