Patching quickly is a security must but it can cost you in productivity.
Patch Tuesday. Windows updates. Microsoft Office updates. It's a necessary evil, making sure your Windows computers are up to date with the latest vulnerability patches. Patch "whatever day" for Microsoft, Oracle, Apple and others are now simply part of our normal IT process. Next to anti-malware and succumbing to some type of phishing attack, keep computers updated with the latest patches is essential for maintaining good security. But at what cost to our user productivity and our businesses?
The impact can be as obvious and as financially impacting as the elaborate processes enterprises must send patches through to make sure production systems and business users don't suffer downtime or even worse. Reviewing patches, understanding their potential impact, prioritizing them, testing, and deploying patches consumes valuable resources and time. But security patches also hit small businesses, work at home workers and casual computer users.
Ever have everything set up, applications open, browser pages loaded… everything just the way you need, only to come back the next morning to see that patches were applied and your computer rebooted. You may spend 2, 5 or 10 minutes getting your computer work environment to a point where you can pick back up where you left off. It's not like losing your left arm or anything but those little hits to productivity add up, more akin to death by a thousand cuts.
Is there any other alternative? I certainly wouldn't recommend holding off applying patches other than to tell Windows to give a break for four hours so you can continue getting work done.
What can help is all of us demanding more secure software and less intrusive patching processes from all of our vendors. Would you buy a brand new hybrid car if once a month it needed to shut down and reboot itself while driving down the road? Not likely.
Each version of Windows has successively gotten better about not having reboot after every patch. Those improvements are obvious in Windows 7 and Windows Server 2008, but required reboots are still too frequent.
In one respect this is problem online services like Google, SaaS applications, and virtualized servers with live migration don't have. Upgrades in can be much smaller and more frequent without an impact to users. When servers do need restarting, sessions can be moved to other servers so systems can be patched and rebooted as necessary. Simplified OS's like Google Chrome may also avoid the frequently reboot penalty.
Online services is creating additional pressure on Microsoft and others to make patching less intrusive.
Like this? Here are some of Mitchell's recent posts.
