We don’t have to tell you that patching is a lot of work. But there were a few surprises from our latest security industry survey.
As part of the survey, we asked industry professionals to fill us in on their biggest pain points when it came to patching. Here are the five biggest takeaways and what they mean for today’s IT world:
1. Patching Remains a Top Priority — But Are Companies Achieving This Goal?
We already knew that patching was a top priority, but this was further backed up by the vast majority of respondents who said patching was “very important” to their overall security and IT strategy.
However, setting priorities isn’t enough. We wanted to find out how many organizations are actually following through and making it happen in a timely way. And that did turn up a couple of surprises.
Less than half (40.5%) said they were managing to patch their entire environment within one month, while 19.5% said it takes them more than 120 days to remediate all vulnerabilities. It seems many companies are feeling overwhelmed when it comes to meeting this “very important” target.
Why is this an issue?
Time to remediation (TTR) is an important measure of patching success that is often overlooked. In fact, many security solutions fail to track this crucial metric.
Choosing a tool that provides TTR statistics will help your IT department show concrete ROI. By setting organization-wide remediation goals and then tracking TTR, CIOs can demonstrate that they’re meeting this target.
2. Organizations Want to Minimize Downtime — But This Isn’t Happening
Downtime can be catastrophic, especially with your teams and personnel accessing resources from home, across time zones, and more.
Obviously, some downtime is to be expected. A solid number (39.5%) of respondents said the process of stopping servers, installing updates, and restarting takes them up to two hours, which is good practice. But the real surprise was that 10% experienced between 8-16 hours of downtime while 7% said they’re regularly experiencing over 16 hours of downtime in a typical patch cycle. Now that’s a serious problem.
Excessive downtime is unacceptable in the modern business world. That’s why the best contemporary patching solutions provide intelligent ways to predict and eliminate downtime.
3. The Patching World Is Diverse and Getting More So
Windows is still the leader in the business world, with 75% of the IT security professionals we surveyed saying they’re patching Windows servers, while 56% are responsible for patching Windows workstations.
But that doesn’t mean Windows should be the sole focus of your patching program. A range of other environments and endpoints makes the organization-wide patching process very complex. For example, 53% of respondents said they’re also responsible for Linux servers.
As we expected, on-premises patching is part of the regular task list for 82% of those surveyed; 58% say they’re now responsible for cloud-based patching, while 37% are taking care of hybrid environments. Other types of environments adding to the challenge include off-campus and other endpoint locations.
This diverse range of systems, which organizations have to patch, highlights the need for a solution that can handle various endpoints and environments. Older tools that handled on-premises and Windows-only systems just don’t cut it anymore.
Today, some patching tools offer a unified dashboard and automated processes to determine which updates are needed across all OSes, environments, platforms, and devices.
4. COVID-19 Is Having a Big Security Impact
COVID-19 has created obvious gaps in security, including work from home (WFH), reduced IT teams, and more. It shouldn’t surprise anyone that 70% of our respondents had implemented work from home (WFH) policies.
COVID-19 has also created some sobering financial realities, but it was still a shock that 34% admitted they’d been forced to reduce their IT budget. Looking at the statistics pre-coronavirus, organizations were already not meeting patching targets in the best of times–and now they’re facing new challenges.
Given that 37% of respondents said their biggest COVID-19-related concern was users connecting from home via unmanaged and unpatched devices, this clearly demonstrates the need for an affordable, easy-to-manage patching solution that can tighten up security far beyond the borders of your regular network.
5. IT Leaders Are Striving for Better Tools
Given all of the above, it’s no surprise that a wide range of tools has emerged to help with the task of patching. Based on what professionals said on our survey, they’re already using patching tools, but many don’t love what they’re currently using.
In fact, an overwhelming 70% said they’d switch to a new tool if it could help automate patching. This fits right in with other results we found regarding organizations’ priorities:
- The top IT priority (46%) was eliminating manual tasks.
- The next highest priorities were tightening overall security (43%) and faster remediation (41%).
- Compliance was only mentioned by 25%, but this number is growing as more regions and organizations create stricter standards.
Fortunately, patch automation addresses all of these concerns with a single tool. Also, almost 80% said they’d consider work with a service-based patching tool than a product-based one. So, this is a growing area of interest for managed service providers (MSPs) looking to expand their revenue streams–as well as take some of the burden off their clients’ shoulders.
Where Do We Go From Here?
Our latest industry survey has shone light on some enlightening data: excessive time to remediation, unacceptable downtime during patch cycles, unexpected budget cuts, and tools that just don’t cut it.
Most importantly, these data show that organizations can’t do it alone. Patching today has become too complicated. You’re already managing a range of complex environments on-premises, in the cloud, and off-campus, and now WFH has made things a whole lot harder.
Luckily, newer patch management tools can close many of the gaps our survey identified. The best tools available offer features our respondents said they wanted, including automation, prediction, and process governance (adapting to the entire organization’s needs and workflows) to make the tough job of vulnerability remediation simple.
As a modern patch management tool, JetPatch makes it easy to apply intelligent prediction and automate core tasks. This saves you work and cuts downtime, so you can do more with the resources you have.
To download the complete survey infographic, click here.