Patching is a never-ending chore that comes around every month if you have Windows servers. And let’s face it, that’s most organisations.
Many businesses run critical applications on platforms that need constant patching, and patches are changes that may cause problems – sometimes more problems than they fix. So, what are the options to patch safely?
Backup Before Patching
Backups are important for many things, with ransomware recovery being high on the list. Integrity becomes of paramount importance if you rely on backups, and time to restore may mean an outage for the duration.
Having more than one set of servers performing a task seems a bit of a waste, until something happens. Applying patches incrementally to servers, or groups of servers, in a redundant environment can highlight issues before an outage occurs.
A Reference Environment is one in which a large production is duplicated with lower cost hardware and software running the exact same versions of an organisation’s operating systems, software and applications. Code development, configuration changes and patches are tested in the reference environment before being approved to be applied in the live environment.
Sandboxes are “containers” or other isolated virtual environments on production machines, typically used to test new software and guard against malicious embedded code. They may also be used for patching safely.
DevOps, SecDevOps, DevSecOps
DevOps, SecDevOps, or DevSecOps all involve infrastructure patches becoming part of the testing and release cycle.
Organisations should consider their options before applying patches, or any other updates, to live environments.
Patch Internet-Facing Services First
While insiders are a more intelligent threat, the largest data breaches in recent years have been perpetrated by external malicious actors over the Internet.
Agilient has a strategic partner to supply continuous threat assessments, alongside seasoned, veteran consultants who can advise on patching and wider change management strategies to assure the highest level of business continuity possible. Contact us to discuss the security of your organisation.
Author: David Steele, Agilient Consultant