Keeping your data protected, particularly in the financial sector, has increased in importance over the last few years. When working with any managed service provider, cyber security is imperative, no matter the size of your business.
Part of the process to ensure that your businesses data is protected is ensuring that your software and network devices are up to date, which is done through patch management.
Patches are used to update your software, ensuring everything is running as it should. They are released when there is a need to fix bugs, address security problems or potentially add more functionality.
Patch management requires insight, process, visibility, and knowledge which the expert team at Tribeca have in abundance. But what are the differences within patch management and what tools do we use to manage the process?
We also need to consider how our working models are continuing to develop, meaning that Remote Management & Monitoring (RMM) tools and Mobile Device Management (MDM) tools have now also become industry-standard tools, helping to keep your infrastructures software versions up to date and managed effectively.
What’s the difference between Major Updates, Minor Updates & Patches?
All three are updates to your software but what they’re called is relevant to the size and impact of the update.
Major Update: This will refer to the overall version of the software you’re using, for example, iOS 15 or Windows 11. Upgrading software versions from Windows 10 to Windows 11 is a big jump in functionality, design and features and ultimately determines the compatibility between devices running these different versions. The software version as a whole will have a support end of life date, this is the point at which the vendor stops releasing service packs and patches for the version.
Minor Update: This type of update will introduce new features the enhance a software version without the addition of redesigns or new ways of working. For example, Apple will release multiple updates to an iOS version, taking iOS 14 through 14.1 to 14.7. Each update will include changes to built-in apps such as Siri getting new voices, new emojis being added and new hardware being natively supported such as Apple AirTags.
Patch: A patch is released to fix an issue where the latest software update does not work, or a security vulnerability has been found. Most recently Apple released iOS 15.0.2 to patch a security issue found within iOS 15.0.1 that had been exploited before they were aware of the issue. It also fixed a functionality flaw surrounding internal memory corruption and memory speed. These updates are much smaller but more frequent than Service Packs as they are released as and when faults are found. The job of patches is to fix issues quickly and ensure the end-user experience is not sacrificed.
When to perform a Major Update
Upgrading to a new software version is a big decision to make for a business, as it’s advisable to upgrade all machines in the business at the same time. This allows for easier risk management of a standardised OS.
When upgrading a system like Windows, there will be a cost for doing so. This will be a cost per device, and in a business with 50 users, each with a PC and a laptop, the costs rack up quickly.
At Tribeca, we also advise our customers to wait until the first or second update to a new OS like Windows. By this time, many of the initial bugs will have been addressed, and you will also be able to tell from reviews whether the new software is worth making the jump to. An example where being patient has paid off was when Windows 8 was released. Many businesses avoided making the switch from Windows 7 to Windows 8 and waited for Windows 10 which was seen as a worthwhile upgrade. We recommend taking this approach to Windows 11 when their upgrade plans begin to emerge in 2022. Windows 10 will remain to be supported by Microsoft with active patches still being developed for any security issues for some time after the launch of Windows 11.
For an iOS update the timeline changes. Typically support for older iOS versions is stopped once a new version comes out like iOS 14 to iOS 15. However, there are exceptions to this rule if there are exploited security vulnerabilities to older versions, especially for devices that can’t support newer versions of the software.
When to install a Minor Update or Patch
At Tribeca, we work to the requirements of our Cyber Essentials certification which means patching OS and third-party systems within 14 days of release. The industry has begun to standardise on releasing their patches on the second Tuesday of every month, earning the name of ‘Patch Tuesday’.
We recommend breaking down the environment into two groups, less sensitive devices and critical devices. That way we patch the less sensitive devices in the first week of release and the critical devices the following week, which allows us to pick up and fix any critical issues, whilst also satisfying the time requirement of 14 days.
Difficulties with performing updates
Hardware requirements: The most obvious, and probably the costliest is when a new software update is not compatible with the hardware you’re trying to install it on. This will be most common when you’re trying to upgrade your software to a whole new version. Older iPhones will not support newer iOS versions, and Windows 11 will likely require a minimum amount of RAM, a minimum CPU power and more. With PC’s you have the option to install more RAM or upgrade the CPU, but it’s worth noting the age of the PC and weighing up if it’s worth replacing the whole unit instead.
Dependencies: If you are using a piece of software like Adobe creative cloud, it will require a minimum version of Windows or macOS to be run on. So, if you’re upgrading this you must be aware of the compatibility.
Scheduling: For certain programs, you can just run the update out of hours when no one is using it. However, for certain systems that are being used 24/7 such as firewalls, you will need to agree on some downtime to get them updated.
How to manage your software updates and patches
Using a Remote Monitoring & Management (RMM) tool such as SolarWinds RMM, Atera, or ConnectWise Automate is a great way to monitor which devices are using which version of the software. You can deploy mandatory updates across all company devices and schedule updates to install at a particular time/day.
RMM tools can also produce patch compliance reports so you can see if any devices within your organisation are missing patches. This is an important part of vulnerability scanning; it allows you to find out which devices are the ones allowing your network to be penetrated and you can then roll out the relevant patches to those devices.
For your businesses handheld devices, you are able to centrally control updates and patches using a Mobile Device Management (MDM) tool. A commonly used MDM tool is Microsoft InTune.
MDM tools allow you to force updates to the latest iOS & Android OS versions to avoid unnecessary delays of security patches being installed. This is particularly helpful for keeping your mobile devices compliant to any update time rules your business is working too
Conclusion
Whilst you can dedicate time to managing this process internally, It’s also something that we at Tribeca can manage for you. This will allow you to sit back and let us ensure your business is fully up to date, and compliant with industry regulations.
We encompass patch management within our standard security packages meaning you get a whole lot more than patch management from us. Tribeca also offers IT support services tailored to businesses in the Alternative Investment sector. From Hedge Fund IT Support to Private Equity IT Support. We operate as your business partner and want to be seen as an extension of your business, providing consistent quality and proactive assistance to help you grow and protect your business.
For more information on our IT support and managed services for the alternative investment sector, get in touch with us today.
