When enterprises look at their security posture, they generally are looking to counteract the latest malware of Distributed Denial of Service (DDoS) attacks to ensure their data is safe and maintain business continuity.
However, chasing what is covered most in the press will leave you wide open to the biggest cause for enterprise data breaches: poor enterprise patch management. According to The Market Snapshot Report: Secure Operations Automation, 80% of enterprise data breaches are the result of bad patch management.
Studies and our conversations with our customers find that many are struggling to just stay current with critical patch releases for the enterprise IT systems they use – including mobile apps, cloud-native, and legacy systems of record that could be commercial off-the-shelf, open source and/or custom built.
With new vulnerabilities emerging daily and the need to satisfy regulatory compliance regulations, businesses know enterprise patch management should be a high priority. However, a recent Ponemon study shows 65% of enterprises have difficulty prioritizing what needs to be patched first. This paralysis by analysis causes backlogs of patches and spirals into situations where you’re fire fighting to patch what you can find with no idea as to whether it’s even fortifying your IT security posture.
The easy answer to solve this problem of patch management is to stay current altogether. However, that’s easier said than done in an environment where many enterprises’ IT staff continue to shrink and software companies are having their own issues getting patch management right.
Case in point: Microsoft. July’s Patch Tuesday – also known as monthly quality updates – caused stability problems for Windows operating systems and applications alike – particularly Windows and .NET Framework. The July 10 patches came with 47 “known issues” listed in the security section. Microsoft admitted that these updates also caused problems for users of SQL Server as well as Skype and Exchange Server.
Depending on the Microsoft products enterprises use, the global technology giant had different nuanced advice to address the issues. For many organizations, the advice is that if they hadn’t already installed the problematic July 10 patch, that they’d have to install it and then update it with patches released in August. Further to that, if enterprises have large clusters where upgrading each node isn’t an option, they’d need to contact Microsoft Support – which can take even longer and cause further business disruption.
Microsoft’s size, while many times an advantage, is a tremendous disadvantage in this particular situation. The fact that it still supports Windows 7 and Windows 10, each with varying schedules for feature and patch upgrades, is one issue. The bigger one is just with enterprises using Windows 10. There are four versions of Windows 10 released currently supported by Microsoft, and organizations don’t receive feature releases at the same time. Microsoft uses artificial intelligence and well as telemetry to determine when a Windows 10 release is ready for an organization. This leads to communications and testing breakdowns which diminish Microsoft’s patch quality.
There is a lot of discontent from the field and even from the Microsoft Most Valuable Professional (MVP) community about these issues, and there’s low confidence at this point as to whether the situation will get better with each monthly Patch Tuesday. Many consultants are advising their clients to turn off Windows updates, with many enterprises waiting at least two weeks to apply patches. The general consensus is that especially for small businesses, which make up the vast majority of businesses around the world, if they’re not confident they can quickly backup and restore their machines they should avoid downloading the patches. While understandable from a business continuity standpoint, delaying enterprise patch management leaves companies wide open to security vulnerabilities and causes them to run afoul of compliance regulations they must follow which mandates they keep software updated.
Since many enterprises use some form of Microsoft software and services, these problems could make you want to throw up your hands and turn off all updates until the storm clears. But what if it never clears?
The good news is you can turn to trusted enterprise patch management experts like US Cloud to unburden your enterprise IT and security teams from the day-to-day operational patching of both cloud and legacy infrastructure. Don’t worry about the storms around you – with US Cloud, you’ll have a comprehensive enterprise patch management strategy that keeps you safe from software vulnerabilities while meeting enterprise regulatory and compliance requirements.
US Cloud was born in the Cloud so our ability to manage cloud-based systems is baked into our DNA. At the same time, we have 13 years of experience managing organizations’ on-premises IT infrastructure. Over the years, we have found that many organizations who outsource the support and maintenance of their IT operations experience inconsistencies related to high personnel turnover rates, a lack of the right experience and a one-size-fits-all approach that is not customizable to meet their individual business requirements.
As a trusted advisor in the deployment of advanced infrastructure, virtualization and cloud solutions, US Cloud brings to the table a proven track record built on decades of virtualization and cloud computing expertise.
Learn more about Enterprise Patch Management from US Cloud today and get started on the journey to maintain business continuity while eliminating your patch backlog, improving audit readiness, reducing open vulnerabilities, and mitigating security breaches from existing patches.