No longer confined by legacy systems or brand ecosystems, today’s smart businesses use a mix of operating systems, platforms, and software to best meet their needs. From cloud based directories to automated patch management and software deployment, the ability to quickly and easily enable on-demand resources like applications, servers, networks, storage, and services with minimal effort make these solutions are far more valuable than their predecessors.
One example of this is patch management. Every IT department dreads the task. It’s time consuming, tedious, and expensive. Historically, solutions were usually add-ons to antivirus software or other endpoint security products and were difficult to use and limited in their capabilities. Modern threats like ransomware and rootkits plus a plethora of regulations for compliance including PCI, HIPAA, SOX, FISMA, and GLBA are requiring that IT departments reevaluate how they are managing and patching endpoints.
The idea of using configuration management solutions such as Chef or Puppet, which are great at pushing out application builds and handling configuration automation, doesn’t suffice as a patch management tool as they require you to write and maintain the recipes before you begin to see any value. Legacy on-premise, enterprise level patching solutions work for large internal deployments, but don’t fully support hybrid environments that leverage servers in the cloud from hosting providers such as Amazon Web Services or Google Compute Engine, and are cost prohibitive for many midsize companies. And cost is key factor for most IT organizations, which is why companies of all sizes are increasingly leveraging cloud infrastructure for its ease of use, pay as you go model, and scalability.
In a survey conducted by Bromium at the RSA Conference this past March, they asked attendees about security risks and found that 49% believe that endpoints are the highest security risk, ranking it higher than cloud risks, network insecurity, and inside threats.
The just released Forrester Wave report on endpoint security suites, notes that endpoint security is the frontline in the battle against attacks. Servers and employee endpoints are targeted more often than any other asset.
- Corporate server 48%
- Corporate owned device 42%
- Employee owned device 40%
With security budgets increasing dramatically in the past decade, it’s no surprise that endpoint security is averaging 10% of the overall security budget in 2016.
In a recent analysis, Gartner delineated endpoint security into two camps, endpoint detection and response (EDR) and next-gen or non-signature endpoint technology. In sizing the market, they noted that there 400 million client machines running antivirus worldwide but only 40 million client machines running EDR and less than 10 million client machines using next-gen technology.
What does all the talk of today’s endpoint management solutions encompass? Let’s define the key aspects you should be looking for:
- Asset Management – You have to know what endpoints you have and how they are configured. Though a dashboard you can quickly and easily see how many endpoints are out of date and which programs need to be updated.
- Patch Management – Now that you can see your endpoints, you need to be able to deploy patches to them. Rather than physically updating each endpoint, you can update in groups on your schedule.
- Operating System Management – Whether configuring a new device or updating 500 devices, you can make sure the OS is consistent and current across your endpoints.
- Application Management – From third party software to printer drivers, it only takes minutes to deploy the right patches to the right machines. If HR has a special printer that no one else has access to, you can manage it with the click of a button.
- Compliance and Remediation Management – Policies are the lifeblood of a company’s IT architecture. With the right endpoint management solution, you can monitor and report on every endpoint and update those that are out of compliance.
Now that we are aligned on what a good solution consists of, and we know that threats are increasing, compliance is increasingly mandated, and yet there is a notable lack of adoption, what is holding IT departments back from investing in endpoint patching? Tripwire conducted a survey of roughly 483 IT professionals to understand the drivers of patch fatigue.
Almost 20% of organizations surveyed are managing their patches manually without software. Nearly half admit to being overwhelmed and unable to keep up, while more than two thirds of companies have 5 or fewer employees dedicated to the patching process.
Fatigue is attributed to both the number of patches being released every year as well as the complexity of patches, from different OS’s to third party applications, not all patches are created equally. Timing and prioritization also create anxiety as immediacy must be balanced with prudence and while some vendors release on a schedule, others don’t. And while most IT departments appreciate the predictability, when it comes down to critical patches, most would like to have them as soon as they are fully tested.
The most effective way to address these challenges is to manage endpoints through the cloud. According to IDC, cloud IT services compound annual growth rate (CAGR) is 23.5%, which is five times faster than the IT industry overall. The Technology in the Mid-Market – Taking Ownership report from Deloitte shows the main impetus for cloud adoption, at 56%, is to increase flexibility to scale, acquire, and divest…or creating strategic value. CompTIA found the top three applications IT departments are moving to the cloud are storage at 59%, business continuity/disaster recovery at 48% and security at 44%.
As you think about managing your endpoints it is important to consider what technology you’re using currently, and your 24 month plan? Are you using new or different vendors? Is your workforce becoming more distributed? Are you considering moving to the cloud and adopting solutions such as Amazon Web Services?
Technology will continue to outpace our ability to keep up. Finding the right cloud based solution reduces the amount of pressure on your IT team to stay on top of every trend. Imagine if a solution could help you stay on top of server patch management by:
- Keeping you informed of OS level patches and severity
- Maintain a schedule that is predictable and published with maintenance windows
- Testing is not just a best practice; but required – patching goes badly when patches are deployed to production without testing
- Automation of the patching process
- Systematically verify patch status on an ongoing basis
- Ad hoc, emergency patching abilities
SaaS based patching is the ideal solution for the modern organization. A solution which works in a hybrid environment across multiple OS’s and cloud providers.