A new model for safe and secure Windows patch management

I’ve seen a lot of evolution in desktop operating systems (OS), both in the product itself, and how it has been deployed and managed by corporate IT departments. Many of our customers have upgraded their OS every three years, and then patched in between. What we see is that some IT teams are setup to offer support. While they are great at it, many struggle to deliver projects as they aren’t geared, resourced or setup to do so effectively. They also don’t retain deployment knowledge given OS upgrades were a three-yearly event and not an ongoing change management process.

The deployment of an OS has always been an expensive and time-consuming project, and I’ve been involved in my fair share of some of the larger ones that Data^#3 helped our customers execute. There are often many factors to consider in these types of projects including:

• Securing budget
• Management sponsorship
• Coordinating external consultancy
• Recruiting operating system skills that aren’t retained in-house
• Organising the large amount of infrastructure and people required to work in sync for a successful outcome.

Often, as a parallel work stream, there was the huge task of application and driver packaging, sociability testing and hardware compatibility testing. Of course, the impact on users came with its own set of problems. User adoption of the new technologies is also a recurring challenge, as users had to re-learn interfaces and workflows. This just adds to the confusion and disruption.

So it comes as no surprise that IT departments would often skip updates or deploy on an irregular basis.

The problem with the patch gap

To help maintain the functionality and security between major updates, organisations would rely on patches. But keeping up with patches brings new issues. IT departments can become overwhelmed with their daily workload or lack the resources needed to stay on top of the sheer volume of patch releases.

Scheduling, staffing and testing delays means it can potentially take IT departments 100-120 days to patch vulnerabilities. This creates a time lag between the patch release and organisational deployment. Unpatched systems are a favourite target for attackers so this period of time makes organisations particularly vulnerable.

A costly lesson in patching

In 2017, WannaCry ransomware swept the globe and affected 200,000 organisations in 150 countries. Using a flaw in the Microsoft Windows operating system, WannaCry became one of the worst cyberattacks to date. Cyber Risk modelling firm Cyence estimated that this attack has cost organisations worldwide up to $4Billion dollars. While the attack had serious financial repercussions, it also provided a valuable lesson. Not only because it was so widespread, but because it was so easily preventable.

Microsoft had released the patch almost two months before the outbreak.

It’s pretty clear, keeping patching up to date plays a big part in ensuring organisations remain secure. This is also particularly important now that the Notifiable Data Breaches Act is in play.

The good news is, when it comes to upgrading operating systems, Windows 10 will be the last operating system organisations need to deploy.

Changes to releases and updates in Windows 10 and Office 365 ProPlus

Since releasing Windows 10 and Office 365 ProPlus, both platforms have undergone rapid development. Notably, Microsoft has changed the way they release and update software. Feature updates are now released every 6 months enabling new capabilities and hardware support on a semi-annual basis. There are smaller, more frequent, cumulative changes for security updates, bug fixes, and performance/reliability improvements. This continuous evolution ensures organisations stay current and secure.

As a result, IT departments may feel overwhelmed by the requirements to keep up with testing and supporting OS updates. But this doesn’t need to be a costly and laborious exercise.

To assist organisations, Data^#3 have been selected as one of only four partners worldwide to help develop and deploy what we’re calling our Microsoft 365 as-a-Service offering.

The Data^#3 approach to modern patch management

Our team has been working hard to introduce a simple, effective update management solution to help organisations stay current and secure. Windows 10 and Office 365 ProPlus customers can now access Microsoft 365 as-a-Service to keep their organisations updated 24/7.

This ongoing service provides organisations with a regular visit from one of our highly skilled subject matter experts. They are there to assist you with best practice guidance, implementation, maintenance, and reporting on your Microsoft 365 service. This service can be extended to develop a complete modern management strategy.

By leveraging this service, organisations can unlock value by no longer needing to maintain specialist OS deployment skills in-house, or allocate IT resources to the ongoing maintenance.

Learn more about Microsoft 365 as-a-Service from Data^#3, Australia’s largest Microsoft partner.