Any IT professional involved in end-user computing or responsible for managing Windows environments and infrastructure will be more than aware of the importance of patching and very familiar with the term ‘Patch Tuesday.’ In fact, this week Microsoft announced a ‘lower than normal’ 87 vulnerabilities across 12 of its products. Listing 12 of them as critical, the update contains important updates for Exchange Server, Office, .NET framework and more…
That’s a lot to manage for IT Operations teams. Add to that, with every patch deployed, comes a risk. A risk that something will break. An application that won’t launch, an operating system or service that won’t boot. Then you have the challenge of how you deploy that patch. Did it deploy? Did reach every employee’ home network? How big was the patch? When did it deploy and to how many? How long does the patch process take? Is the endpoint capable of installing the patch? How much downtime will the employee experience? If something does break, can you rollback? The list goes on…
It’s worth considering that while patching is no doubt an important task, what is the real opportunity cost of patching? Just imagine what we could achieve if we didn’t need to spend the time testing, deploying and worrying about what should be such a simple task.
Patching is About IT Operations, Not Security
It’s worth considering that patching is less about security and more about IT Operations. As I meet with customers Endpoint Security continues to come into every conversation, but when you dig a little deeper, you find that the challenge many face is not one of security but the operational work involved.
For those insistent on buying high cost, fast depreciating, expensive to support and difficult to update endpoints, solutions from Microsoft, VMware, Ivanti and others can certainly help patch and update endpoints, even those that sit within the home office.
Microsoft’s Intune and work on Endpoint Manager demonstrates how PC lifecycle management tools are being combined with modern device management. Thanks to the acquisition of Airwatch and other technologies, VMware’s market-leading solution Workspace One continues to extend the ability to manage more than just Windows devices remotely. And with the recent news that Ivanti is due to acquire MobileIron, coupled with their existing well-known Landesk solutions, the UEM market can help overcome many of the challenges discussed.
Remember VDI and the Promise of DaaS
VDI has been used to help organizations deploy applications and desktops using virtualization technologies from Citrix and VMware for over 20 years. Historically used for remote workers over low bandwidth connections or frequently deployed to help with business acquisitions and mergers, desktop virtualization has been a steady but stable technology choice for some organizations and use cases. At one point, VDI was considered as the most cost-effective way of deploying end-user computing. Today, with more matured technology and the cloud, I would argue that this is more true than ever!
However, with the recent rise in WFH, the need to rapidly deploy and support desktops and applications to a remote workforce has become business critical. VDI and DaaS have proven themselves during the pandemic for many organizations.
VDI / DaaS – Reducing the Operational Cost of Patching
But this virtualized and centralized desktop platform doesn’t just help with remote work, it significantly reduces IT operational cost required to patch and update Windows desktops. Hosting Windows in the datacenter means you no longer need to worry about the delivery of the patch, the size, its impact on the applications, the user or the endpoint. Everything is done once, centrally and in a controlled manner. When ready, it is simply activated, ready for the next employee to connect.
Customers who use VDI and DaaS don’t spend hours worrying about patching. They utilize technologies like Machine creation services and single image management to test and deploy once and yet at scale. They don’t worry about the next Windows update, nor are they bothered whether an employee is sat in the office or working from home. Many of our customers will also tell you they don’t worry about the endpoint…
Of course, people still need an edge device, but in the world of VDI/DaaS, that edge device doesn’t need to place a burden on IT operations… That device could be a Linux OS – easily managed, more secure and more cost-effective. But that is a different story; one that can be found here.
For now though, when you read of the next ransomware attack or see the next Patch Tuesday update, take time to consider whether the attack utilized a known vulnerability, whether that vulnerability could of been patched and how much easier and operationally efficient it could of been if the employee was instead using a virtualized desktop. Think of all the other things your IT operations staff cloud be doing for your company!
Image licensed from Adobe Stock.