Posted on July 20, 2017,

Protecting your company infrastructure against attack is top priority. But due to the complexity and time demands of IT departments, patches often get overlooked. And given the recent WannaCrypt and Petya ransomware attacks, the need for a well-defined patch management process is more critical than ever.

What Is Patch Management?

IT vendors are constantly rolling out new software updates to their products to repair security vulnerabilities, fix bugs and enhance usability or performance.


A patch management process defines how and when you acquire, test and apply new patches to your software and systems.


Your patch management process should include steps to:

  • Inventory the software your organization uses
  • Monitor new patch updates
  • Document patches and which vulnerabilities they address
  • Test the patches before rolling out across desktops
  • Securely download and deploy patches
  • Verify the patches have been successfully applied


Patches might seem like seemingly minor updates. But one improperly patched computer threatens the stability of your whole IT environment and could affect basic features users depend on.

Steps for Defining Your Patch Management Process

When outlining your patch management process, here are three critical steps to consider:


Document All Software Your Company Uses

The first step in a proper patch management system is to list all software the organization uses.


While Windows can automatically update itself, Adobe, Chrome, Java and a host of other programs might not have this ability or be configured to do it. This creates multiple attack vectors into your endpoints. Your policy should address third-party apps, and the software you use should be able to patch them.


Build In Proactive Management

A successful patch management strategy requires you to patch endpoints before they’re exposed to vulnerability.


You can do this a couple of ways:

  • You can have your IT admin run around on a bi-weekly or monthly basis applying the patches
  • You can rely on a managed IT support company that uses specialized remote monitoring and management software to apply the patches based on your schedule.


Define And Enforce Your Policy

Knowing you have to patch isn’t enough. You also need to know what you’re patching and what patches you are applying. Putting together a policy document that encompasses the patching procedure is time-consuming but necessary.


Depending on the system or software, you might want to apply only critical updates to servers and apply critical and recommended updates to desktops. Assess the security threat of each system or software, and assign priority levels based on that threat level.


Once you have a policy in place, you need to enforce it. Your IT team can enforce the policy through manual remediation processes or enlist the help of managed IT support specialists.


Offloading critical yet menial tasks like patch management can free your technical team to focus on customer support and strategic thinking.

Proper Patch Management Saves Time And Money

By designing and implementing a proper patch management strategy, you are saving your company time and money in the form of proactive security and maintenance.


There are many types of remote management and monitoring software that offer a single, unified dashboard to monitor your infrastructure. But these products become costly as you add more to your network and involve technical nuances you may not want to deal with.


Outsourcing patch management to a managed services provider is a cost-effective strategy. MSPs already have the processes in place to make sure something as small as a patch never compromises your network.


SugarShot offers proactive managed services for LA-area businesses that includes patch management. Want to learn how patch management services can save you time and improve security? Contact us today.

  • managed IT services
  • network security