IT Basics – Software Updates and Patch ManagementJohn LeMay
Managing software updates for your organization is an important task and a security best practice. Software updates, or patches, typically address security issues, fix bugs in applications, and improve performance or compatibility with other systems. Additionally, updates may introduce new functionality in an application or device. As small and midsized businesses are targets for cybercriminals, ensuring your computers, firewalls, routers, printers, and other devices are updated regularly helps protect your organization from cyber threats.
What do we mean by “Patch Management”?
Patch management is a term used within the IT industry that refers to various processes related to keeping software up to date on business systems. A mature and effective patch management practice goes beyond simply applying updates to computers as the manufacturer releases them.
Most software and hardware manufacturers regularly release software updates for their products. The purpose of these updates is usually to address problems identified after a product is released. As issues are identified and corrected, vendors make available updated software for their products for users to download and apply.
These updates can impact every component of your IT infrastructure. For example, computer and mobile device operating systems regularly receive updates. Additionally, office software packages are frequently updated. As printers have become targets for attack, security updates for these devices now must be managed. Other devices such as internet access routers and WiFi access points must also be updated regularly.
Software Updates versus Software Upgrades
It is important to differentiate between software updates and upgrades. In this case, the term “update” means to apply a fix or enhancement. Updates are generally much smaller and address specific problems, typically relating to security or features that do not currently work as intended. Updates usually do not significantly change how software functions, so no significant changes to the software are typically noticed by users following an update.
Software upgrades refer primarily to moving from one major version of an application to another. For example, upgrading from Microsoft Office 2016 to Office 2019 or Microsoft Windows 10 to Windows 11 are two examples of significant upgrades. Software upgrades tend to require more planning, longer testing duration, and additional user training to take advantage of new or changed features.
The first step to implementing a patch management solution for your organization is to catalog all of your organization’s IT infrastructure devices. Include mobile devices, laptops and desktop computers, servers, network devices such as NAS storage, firewalls, and WiFi devices, printers, and any other device that connects to your network. Be sure to keep this information updated as devices are added to and removed from your organization.
Next, list all operating systems and software installed in your infrastructure. Again include mobile device operating systems on this list as they require updates. Include all installed software and software you are using from cloud providers. While you may not be responsible for updating cloud-based systems, updates to those systems by the vendors who manage them may impact your business.
Review all of your organization’s various systems and software. Perhaps you have a mix of old and new computers, some with earlier versions of applications than others. In most cases, having only a single version of each application to support makes patch management and other IT support efforts much more straightforward. Upgrading older versions of applications where possible is generally recommended.
Simply applying updates or patches to all systems as soon as they are released is not generally recommended. Instead, a process of testing each update to ensure the update does not break any functionality is a good practice. Depending on the size of your organization, this means identifying one or more computers that will receive updates first. Then, after confirming the update is working correctly, the remaining systems can be updated.
While this process works well for laptops, desktops, and servers, network devices such as routers and firewalls require specialized handling when applying updates to ensure work is not interrupted. Unlike updates to computers, updates to network devices cannot usually be uninstalled. Instead, if a problem occurs following an update to a network device, an earlier revision of the software usually needs to be reinstalled to restore function. Depending on the manufacturer, printers may or may not face a similar situation with failed updates.
It is crucial to have a regular schedule defined for applying updates after they are released and tested. Especially with security-related updates, installing them as soon as practical is highly recommended. Many vendors have defined a regular schedule for when they release regular updates. For example, Microsoft has long released a monthly batch of updates on the second Tuesday of each month. Many other software vendors have aligned themselves with a similar release schedule. In the IT industry this second Tuesday of the month is referred to as “Patch Tuesday” for this reason.
Security updates are typically released as soon as they are developed and tested by a vendor. Therefore while a monthly patching schedule should be adhered to for end-user devices, it is still essential to watch for important security updates and focus on testing and applying those as they are released.
Developing a mature set of patch management processes to handle software updates for all of your organization’s systems can be a daunting task. However, it is crucial to the security and continued operation of your organization.
Oceantec can assist with developing a patch management practice for your organization, or we can help optimize your existing processes. Optionally, our managed services team can automate all of these processes on your behalf. Don’t hesitate to get in touch with us today to schedule a discussion about how we can help.