This guest blog was contributed by Jason Lau, Senior Cloud Security Consultant, Quorum Cyber
Today, IT infrastructure is so complex that thousands of software patches are released annually. It’s no wonder that many organizations find it challenging to roll them out in a timely manner. Operating systems, web browsers, enterprise applications, firmware, and a whole array of different technologies need to be patched. While a few businesses have mastered the management of software updates, others are struggling. Some can take weeks or even months to update their software, or even forget to do it all, leading to them running unsupported software.
The availability of automated patch management tools and vulnerability assessment systems are a great help for under-resourced IT and security teams. But there’s no magic wand when it comes to maintaining software across large, international enterprises.
The huge IT outage caused by a faulty CrowdStrike software update that disrupted computer systems across multiple industries on July 19th was a wake-up call for organizations worldwide. Nobody wanted to be affected by the outage, but everybody needs to run patch updates to tighten their security. So, what can they do in this position?
Smart software deployment
While there’s no perfect solution, ring deployment is the best approach to take to roll out new software or updates to software while minimizing the risk of something going wrong. Some of the largest technology and software companies in the world use ring deployment only. By adopting ring deployment companies can reliability deliver a quality service without the worry and headache of standard all-in-one-go methods of software deployment.
Ring deployment makes sure software is released in stages, one system or subset of users at a time. The team starts with the smaller ‘inner’ ring, learns from any mistakes, fixes bugs, collects feedback from users. And if things do go wrong, fewer people and systems are disrupted. Then, based on how successful this first ring was, they can move onto the next rings in the system – larger teams and ‘riskier’ parts of the organization. The downside is that the entire process takes longer, and it’s more difficult to plan, organize, and execute.
Four phases of ring deployment
Inner ring – small group of users, a single system, or small set of systems
Second ring – slightly bigger group to collect feedback and make some progress
Third ring – larger audience, broader ecosystem of teams and systems
Outer (final) ring – the remainder of the entire organization to complete the rollout.
Ring deployment tools
It might seem daunting the first time, but tools are available to help businesses set up a ring policy and run ring deployment. Once it’s up and running, it will help you to streamline your software patch updates and enhance your security while minimizing the risk of something going wrong.
Jason Lau is a Senior Cloud Security Consultant at Quorum Cyber.