It is not uncommon to see in some companies that updating servers is a subject that has been neglected for a long time and in the worst case, for several years… Faced with the resurgence of cyberattacks, companies must take up the subject very seriously because the financial consequences can be irremediable. A complex task, but not insurmountable. Decryption.
Keeping your servers up to date means avoiding increased exposure to cyberattacks, which can be all the more costly. Like workstations, servers have become common targets because they are strategic for an organization. When the cybercriminal tries to cause damage to a company, he will therefore attack the server, the workstation being only a gateway.
However, how to explain that this subject has sometimes been relegated to the background? And above all, what are the steps to follow to keep your servers up to date?
Network architecture, operating systems: multifaceted complexity
With the rise of cyber threats, businesses have rediscovered that operating systems need to be managed. However, updating servers is a source of difficulty for many organizations. First of all, it is the great diversity of operating systems that has brought complexity to the management and smooth running of patching campaigns. Indeed, in recent years, a multitude of versions of Linux has been added to the entire range of servers that run on Windows. This trend can be explained in particular by budgetary reasons – limiting the number and cost of licenses – and to replace operating systems that are aging or require dedicated hardware such as AIX or Solaris. Today, the multiplication of the number of patching tools installed on the different versions of Linux represents a real headache for companies that have for a long time patched their operating systems little or not at all.
Largely forgotten in the evolution of IT architectures, the issue of server heterogeneity is also crucial. It can be seen that there are generally as many services installed as there are servers in an organization. In this context, it is necessary to check that the patching application will not impact the services running on the organization’s servers.
Also, the network architecture is another source of complexity. For example, a multinational will often set up central servers in data centers close to its headquarters. However, for legal reasons, response time and practicality, the company will often use many additional servers, installed around the world. However, the use of this distributed architecture presupposes being able to transfer large update files over low-speed networks. Without this, companies will be forced to resort to a large and often very expensive infrastructure.
Added to this is the desire of companies to make their information system hybrid with servers located on managed data centers, on private or public clouds, without forgetting the multicloud approach. Faced with this wide variety of environments, companies must ensure the consistency of their cloud and managed ecosystems. To go even further, they must ask themselves if their cloud service providers have the same standards and the same level of patching as them.
Finally, while applying patches is problematic in itself, it is even more important to be able to prove that the updates have really been applied. For this, reporting is crucial and it must be able to be carried out on the entire IT infrastructure.
Visibility and reporting, key concepts for a successful patching campaign
Companies need to ensure that updates are made at the right time and on the right part of the fleet. For this reason, it is necessary to have an overview of your fleet in order to anticipate whether the patching campaign will go well or not. It starts with asking basic questions: do you have enough disk space? Are you well connected to the network? Are there any errors that appeared in previous campaigns that have not yet been addressed? The establishment of indicators could then make it possible to monitor past campaigns and better prepare for the following ones.
Depending on maintenance periods and knowledge of their information system, companies must then establish an organization capable of successively updating all machines and servers. Initially, it is necessary to consider tests in a pilot environment, then on a restricted circle of servers before deploying this organization more widely to reach the entire target park.
However, patching campaigns never stop and it is always necessary to update its servers. Leaving systems unmaintained is exposing yourself to unnecessary risk. It also requires human intervention which can cause the HR costs associated with the patching activity to explode. Indeed, catching up on unmaintained systems will be much more expensive than implementing a recurring patching campaign.
We would love to say thanks to the writer of this post for this incredible material
Updating servers: the right questions to ask Computerworld
You can view our social media pages here and other related pages herehttps://go-dedicated.com/related-pages/