Hackers never rest. They constantly look for security holes to infiltrate your network in increasingly complex attacks. A favorite avenue is through unpatched applications. So, the timely implementation of security patches is crucial for organizations to safeguard their systems and data against these threats.
However, the approval process for endpoint patch management remains a cumbersome and inefficient task for most organizations, leading to miscommunication, delays, and gaping vulnerabilities. I’ve seen the patching process handled every way you can imagine.
The most persistent method I’ve experienced in my career was by committee. That meant we were in countless meetings while third party patch approvals fell through the cracks. In one case, the team I was on used a monthly round robin approach for responsibility. So, the patching process was handled several different ways depending on who was on assignment. It’s incredibly challenging, but patching can get done this way. The problem lay in the fact that the team had no idea where the required patches were located, where they needed to go, and how to responsibly deploy them. Configurations were housed in individuals’ institutional knowledge instead of in a documented, repeatable process.
In this article, I will:
- Identify historical challenges of the patch approval process.
- Provide an in-depth exploration of how OneSite Patch handles approvals.
- Walk through our patching workflow.
- Explain the benefits of our streamlined process.
When you don’t have a patch approval process
Some organizations adopt an approach of blind trust, where patches get deployed without proper approval or testing. While this may work a lot of the time, a single bad month can lead to significant disruptions. For example, if a large vendor makes a mistake and releases a bad patch, a lot of organizations that lack a stringent patch approval process may suffer from widespread system failures, flooded support tickets, and increased IT and help desk workloads. By implementing a streamlined approval process, organizations can mitigate risks and maintain a proactive approach to patching.
Without an approval strategy in place, an inordinate amount of time is spent by numerous stakeholders manually going through the whole process of approving individual patches in meetings, phone calls, tracking people down for feedback, identifying people through Active Directory or Azure Active Directory to create identity access, and opening and closing help desk support tickets. It is ultimately an ad-hoc process that must be duplicated over and over from scratch and gives you a far less favorable outcome.
Historical challenges in the patch approval process
Traditionally, organizations rely on stakeholders, such as change control boards or trustees to oversee the patch approval process. These processes involve time-consuming meetings, manual lists, and dependency on external tools. This approach often results in a serious lack of efficiency and creates silos among different departments.
Further delays involve extended alpha, beta, and production rollouts, which take a lot of time and leave systems vulnerable while the meetings, emails, and deliberations continue.
Adaptiva recognized the need for an integrated approval process in the endpoint patch management workflow to address these challenges.
Streamlining the approval process with Adaptiva’s OneSite Patch
OneSite Patch incorporates a streamlined approach to patch approval, eliminating the need for extensive external coordination. By condensing the approval process into the product, the software dynamically responds to different layers of approval. Through the web user interface, administrators can easily view and manage approval requests, facilitating quick decision-making and reducing bottlenecks.
The Approval Process Made Simple
Within Adaptiva's dashboard, the "approval requests" tab provides sysadmins with a comprehensive overview of pending approvals. Each request includes information about the patch, its target location, and the duration of the approval process. Stakeholders can swiftly approve or reject requests, ensuring timely and informed decision-making.
Configuring Approval Chains
To further customize the approval process, Adaptiva offers the flexibility to configure approval chains. These chains allow organizations to define specific approval workflows based on their unique requirements. By creating different sets of approvals for various deployment phases, such as testing, pilot, and production organizations can maintain control and ensure a standardized approach to patching. To do so, we created a structural object of “approval layers” to address the delays and constraints of the traditional approval process by building the approval chain directly into the product.
This is an important capability because if an organization uses SCCM this type of approval process does not exist. This requires those users to pre-deploy, which is a heavy lift on the patching team to identify users, types of endpoints, locations, or business units ahead of time.
Below are some examples of Approval Layer personnel who might be part of the process.
- IT and security directors
- Technical lead and security services team member
- Early adopters (who might test the patch for compatibility)
- Backup team members (to avoid bottlenecks in the process)
OneSite Patch also allows you to configure unanimous approvals. Because it is possible to assign a role to multiple people, you can set the process so each team member must approve a patch for it to move through that layer of approval with necessary back up reminders. The whole process can be configured for email, Teams, WhatsApp, text messages, ServiceNow, or any other communication channel a customer already uses.
Benefits of a Streamlined Approval Process
The adoption of Adaptiva's OneSite Patch and the implementation of a streamlined approval process offers several significant benefits. Organizations can save time and resources by eliminating redundant meetings, emails, and manual efforts. Instead, teams can focus on more productive initiatives for the business. Additionally, a streamlined approval process ensures standardized and repeatable patching practices, reducing the potential for errors and remediating vulnerabilities quickly.
The approval process for patching has historically been a time-consuming and challenging task for organizations. Adaptiva's OneSite Patch provides a cutting-edge solution by integrating a streamlined approval process within its software. By leveraging this innovative approach, organizations can experience significant time savings, improved efficiency, and enhanced security.
In a rapidly changing technological landscape, the importance of an effective approval process cannot be overstated. By embracing a structured, incorporated strategy, organizations can ensure robust security against increasingly complex cyberattacks. Adaptiva's OneSite Patch empowers organizations to simplify and optimize their patch approval process to stay ahead of emerging threats and maintain a secure and efficient IT infrastructure.
This is the latest entry in our Adaptiva Practitioner Blog Series. In these blog posts, we share what we know about managing endpoints. Stop by to hear from our own in-house subject matter experts. We are excited to discuss best practices, technical how-tos, and other topics we think you'll find valuable. Our solution architects, product experts, and own IT practitioners have seen and done it all. We are adding new content regularly and are happy to have you here.