Patching as a Service
You're in the cloud. You've got all this awesome infrastructure and you want to make sure that your transactions through the cloud to wherever the data is stored is secure. One of the main things you need to do is make sure you have patching as a service. Before we discuss patching as a service, what exactly is patching?
What Is Patching?
A patch is set of changes rolled out by the developer or company designed to update, fix, or improve it. This usually includes fixing security vulnerabilities and other bugs and improving usability or performance.
Why Should You Do It?
At the absolute bare minimum, you need to make sure that all of your equipment, hardware, software and everything else is patched. You don't want to be in a situation where something happens and you lose all of your data, or what's worse is if you don't even realise something has happened and all of your data is being captured and shuttled off to somewhere else for them to be spammed and credit card details to be exploited.
So, patching as a service isn't just about patching windows. No. Patching as a service is about patching everything. This includes your switches, your routers, your access points, your printers, everything. All the things need to be patched and everything needs to be up-to-date. Without things like this being done, you end up doing yourself a disservice. In the last couple of years, there's been major changes and vulnerabilities found in core protocols, such as the WPA2 protocol attacks, the SSL or heart bleed attacks and RDP vulnerabilities that have happened in Windows 7 and Windows XP systems.
Make Sure to Stay Patched
You need to make sure you stay patched. The better you are and the faster you are at patching, the less likely you are to have some of these nasties come in. Now, don't get me wrong, you still need to have a quality managed anti-virus and anti-malware product and make sure that you have increment or backups of absolutely everywhere stored on-site and off-site. But, you don't want to be just be backing up these security holes. You want to be making sure there are no holes when you got your backups going and they're all backed up. So, patching as a service can be that thing that bridges the gap. It means you can have all your stuff in the cloud, and you can know that your infrastructure isn't going to be being peed on by unscrupulous eyes.
Find Out About Your Patching Situation ASAP
The other cool thing about patching is sometimes it brings about new features and functions, which is an awesome little added bonus. If you don't know if you have patching as a service currently, it's a really sensible idea to reach out to your chief technology officer. Even if it's a stand-in one that's been outsourced, make sure to reach out and ask them, "Do we have patching as service?" Because if you do, and it's a quality service, ask the provider how they go about applying the patches. The way that they normally work is they'll have a test environment or what's called a sandbox. From the sandbox, they take the information and they patch an environment that's not too dissimilar to yours, and they patch this and they do this offsite to make sure that if there was to be a problem, they'll solve it.
Why the Sandbox?
The reason they do this is that patching isn't always 100% for everyone. Although there are many, many companies that bring out patches, Microsoft brings them out very regularly. You have companies such as Java which bring them out about every two hours. They bring out these patches all the time, and if you don't apply them, you're stuffed. But if you do apply them, sometimes you're also stuffed, and it can be that there's just an incompatibility between the software stack that you're using, as well as the patches that are being deployed. Something doesn't go quite right and it runs amiss.
You Need to Be Able to Roll Back Patches Too
That being the case, and if that does happen, you want to sure that you're able to roll back the patches, as well as prevent it from happening altogether by having it done in a test environment. Making sure that the companies you're going through for patching as a service are quality companies that are tested, trialed and have a procedure in place with the way they're doing it will ultimately save you a stack of money. They're not just ticking a box say, "Apply all updates automatically." That is not going to work.
Real Life Example
I will give you a great example. Now, this one is going back into the archives a bit. There was a company that we deal with in the Southeast Queensland area that had this patch go out for Windows XP that upgraded service pack two to service pack three. Now, when that happened, the minimum specification for RAM nearly quadrupled, and that meant all of their point of sales systems, over 400 different terminals, stopped checking in. That meant that across all of their stores everywhere, no-one could have a transaction go through. Can you imagine how much money that cost their business, because they had it set to automatically send out these patches and no-one was managing it? Absolutely ridiculous. Now with the right setup, you can roll back those patches. With the way they had it set up, they couldn't even have the system boot. So, they were in strife. What they ended up having to do is have a bunch of people very quickly drive around to all the stores and upgrade RAM for all of the computers, and then upgrade their computers wherever they couldn't have any more RAM. So, it was a terrible situation, and it cost the business hundreds of thousands of dollars in just a matter of days.
The Final Word
It is very, very sensible to make sure that you're not a statistic. Make sure that you do have patching as a service, or something that allows you to know that everything that you're running with is secure, tight and controlled. Remember, if you have any questions at all, Dorks Delivered would love to help you out.