Many IT teams are facing the double dilemma of more applications to manage, at the same time as more frequent and complex updates to run. At the same time, ransomware hackers are increasingly looking for vulnerabilities in the security of applications as a way to access and encrypt organisations’ critical data, infrastructure or devices.
As a result, the UK’s National Cyber Security Centre has posted advice about the security risks that out of date applications pose to British firms. The guidance focuses around the need to run patch updates, ideally within 14 days in order to ensure new security features are running as soon as possible.
Despite this, some firms have been found to take up to 205 days to run critical updates and shut down vulnerabilities.
The importance of updates – and the flaws of automatic updates
Running updates is essential to ensure that operating systems, web browsers and extensions, third party applications and anti-virus agents are all kept up-to-date. While some third party apps can auto-update, others require manual intervention.
Even if applications are set to auto update, relying fully on this can be a risky strategy for IT. Auto updates can be delayed or are usually blocked completely, if users have disabled updates or the URLs for the updates are blocked. This risk is intensified in organisations running a Bring Your Own Device (BYOD) policy in which users have more control of their own devices. Auto updates are often disabled anyway by IT because users lack the admin rights to install them. This ensures IT remain fully in control of the process. Some updates may require the user to manually restart their device. If the device is only snoozed every night and not fully rebooted, this may mean the updates do not take full effect for several weeks.
Avoiding the potential downsides of patch updates
There are other downsides to auto updates. Some updates have also been known to cause problems with how an applications functions. If auto updates take place across a large number of users’ devices but cause a problem with a business critical application, there can be serious impacts on productivity. Packaging these updates and testing on a small group of users/devices can eliminates these issues, before deployment to the wider groups of users, to minimise the risk of any downtime due to a bug in the application.
Is your application management scalable?
These best practices are a bare minimum for good application management, and they can all be applied to reduce the risk of vulnerabilities. The reality for IT teams running hundreds or even thousands of applications is that it is simply not realistic to apply this same rigor to every application.
This is a problem, when even the most obscure, apparently low-priority application can provide an access point for hackers to exploit.
How can our application monitoring services help?
Expert application monitoring services can help organisations efficiently deploy and manage third party software applications. With our easily deployable desktop application packages or software patches which can be deployed in a timely manner.
So what is our solution?
Given the risks associated with slow updates or automatic patching, more IT teams are looking for alternative solutions to application management. To do this, Adaptrix Application Monitoring service can help. This can include:
• Creating an Application inventory and tracking these applications to establish what can be and needs protecting.
• Carry out weekly monitoring of the applications in the inventory to check whether any updates have been released.
• Informed the Organisation of any applications that have been updated and whether they would like to update them.
• Packaged the updated application.
• Hand over to the Organisation to perform User Assurance Testing to a small group of users, before releasing into production.
Find out more
Although there are automated Application Monitoring services out there, Adaptrix’s Application Monitoring Service is bespoke to the client.
So if you are interested in our Application Monitoring services, please get in touch.