With decades in the making and pure divinity in its simplicity it is hard to understand why this Managed IT security secret has not been thought of before. Threats are found every single day to break into the most securely designed systems on the planet. These zero day exploits can cause significant damage. Then the race is on to plug these vulnerabilities as fast as programmers can type.
Do you know that a large percentage of breaches start from old forgotten about servers left under the desk of someone that left a few months ago. Servers that have not been touched most likely in years because no one wants to break it. I have heard claims of zero outages and zero downtime in 3 years and 5 years and I shudder every time I hear the answer to my inevitable question. The question I have to ask even though I know the answer “How can you have zero downtime on a server. When were they last patched”?
I imagine as you are reading this you have just face palmed as the answer flashes through your mind. These servers have never been patched. For the entirety of their lives they have been left accruing more and more vulnerabilities as time goes on (maybe even a virus/malware or more). So what is this IT security secret that I have so far withheld?
IT security secret
Just patch your damn servers. Regularly and completely. Yes you need to test patches on QA/test systems first. However once you have done it you need to complete the task by rolling them into production.
When it comes to security like most other things it’s not about doing a few extraordinary and mysteriously clever things. It’s about doing the basics extraordinarily well that gives you the edge. Patching is such a simple and vital process to carry out on your systems yet it is often overlooked.
By keeping your systems up to date you minimise the window of opportunity for bad actors to compromise your servers and your business. Continuing to avoid patches in this fast paced environment is unacceptable and will result in a massive amount of work to set it right. Take some time to analyze what you have. Find what is not up to date then start to work your way through the list. Once a server has been patched add it to a patching schedule to keep it up to date.