These are the six most common patching challenges we run into at Ongoing Operations. And certainly, your experience may reflect a different set of challenges. Still, we’d be surprised if your credit union hasn’t experienced at least one of these issues.
1. Patching Laptops
This is the issue that we run into the most here at Ongoing Operations. Here’s why:
Company laptops are supposed to be closed or off when they’re not in use. Yet, laptops can’t be patched when they’re off or not connected to the internet. Laptops that aren’t kept on (and online) during patching windows miss out on important updates.
Solution: ensure all employee laptops are on during patching windows. This is a relatively simple user training issue that credit unions (and any managed patching vendors) can work out.
2. Disabled Windows Update Service
Windows Update is a background service that runs on Windows machines. If the service is turned off, then it can’t download and install updates. Unfortunately, many people inadvertently disable their Windows Update service.
Solution: make sure all computers have Windows Update enabled before and during patching windows. This is another easy user training issue.
3. Patches Not Detected
Software and devices all update on their own schedules. Those schedules don’t always align, so free-for-all updating usually results in a constant deluge of updates. Or worse—machines don’t detect all the available updates, and they don’t install what they can’t find.
Solution: create a patching window and give your devices time to detect available updates. At Ongoing Operations, we give machines a week to detect and download patches. Then, we update all at once to keep things simple.
4. Blocked Network Traffic
To be sure, credit unions need robust network security. After all, that’s why patching is so important! However, that aggressive security can also hinder the patching process. In some specific, high-security environments, stringent security practices occasionally interfere with a machine’s ability to detect and download updates.
Specific to managed patching services, there are some older server types (WSUS) that prevent outside patching services from working.
Solution: blocked network traffic issues must be handled on a case-by-case basis. There are too many variables for a single approach to address every possibility.
5. Failed Agent Status
This one is particular to managed patching. Every machine to be patched needs an active, working Windows agent. That agent allows communication—and consequently, patching—between remote machines.
Solution: reinstall the Windows agent on the machine that needs patching. If one agent fails, bring on another!
6. Old Machine With Slow Specs
As machines age, they take longer to install patches. Older computers just don’t have the ability to handle things as quickly as they used to. If patching takes too long, then some patches may get left out of the update.
Solution: increase the duration of scheduled patching windows. Some machines may need a little extra care. Another solution is to buy new equipment, but that’s a topic for another blog.
Here at Ongoing Operations, we manage the patching process for credit unions. It’s given us a good deal of experience and perspective on credit union patching challenges.
You can read more about patching and managed patching for credit unions by subscribing to our blog. Or just follow the links below to see what else we’ve written about credit union patching recently.