As IT professionals, all of us attain a sure level in our IT profession the place we understand that a few of our on a regular basis duties are performed the identical method 12 months after 12 months with out anybody questioning why it is performed that method.
Regardless of the fixed change and enchancment in know-how, some issues simply get performed the identical ineffective method with none actual thought behind it as a result of “that is the best way it is at all times been performed.”
A typical instance: patching
Month in, month out, a day comes alongside that’s devoted to patching.
Patching could also be extra automated than earlier than since you not must log into every system to patch and reboot tediously. It is a step ahead, however the patching course of stays the identical.
Patching is disruptive, gradual, error-prone, and barely quick sufficient to maintain up with new vulnerabilities. Why disruptive? Everyone knows that each time a upkeep window comes alongside, Bob from accounting will remind everybody how “the corporate’s IT goes to mess up our week.”
He is proper, in fact, as a result of performing patching the best way it is at all times performed impacts a enterprise by utterly stopping operations or slowing every part down. Corporations and their stakeholders do not prefer it, and it signifies that patching reinforces the thought of IT as a cash sink inside a corporation moderately than a driver of enterprise worth.
Room for enchancment… however no enchancment
Patching can be gradual. Assuming a month-to-month timeframe and lots of hours of labor each time, patching as it has been performed all these years is simply too gradual to be an efficient deterrent for cyber incidents however time-consuming sufficient that it at all times feels prefer it’s taking too lengthy to do.
But when we have been patching the identical method all these years, absolutely we’re doing it that method as a result of it’s foolproof, proper? Not a lot, and that is true for a lot of different prevalent IT practices, too, the place there’s simply no good purpose for the way issues are performed.
Regarding patching, each sysadmin would establish with a narrative the place…simply the opposite day…as an alternative of choosing solely the hot-spare internet servers for patching, the administration device in some way deployed patches to the entire internet servers, which then rebooted all of them on the identical time.
These internet servers took some time to return again up, and naturally, Bob from accounting rapidly identified that the corporate misplaced “a ton of cash” in misplaced gross sales through the downtime.
Bob is usually annoying like that as a result of, but once more, he is proper. Nonetheless, patching has at all times been performed this manner, so everybody continues to do it this manner – and Bob will hold complaining as a result of IT practices do not change.
Typically a greater method is already on the market
Here is the eye-opener half that gives a lesson for each case of “we have at all times performed it that method in IT”: there are safer, extra environment friendly, disruption-free methods to carry out patching.
For a few years, stay patching has supplied an alternative choice to the outdated method of patching. It has been examined totally and works flawlessly for organizations, delivering appreciable advantages. Why is it not used universally?
Stay patching makes the method quicker, although “rapid” is an excellent higher phrase. Stay patching can be much less error-prone, and there’s no disruption. Stay patches are auditable and reversible and function fast safety in opposition to new threats.
But, for some purpose, stay patching is not universally adopted, and the one clarification for that’s resistance to vary, although some groups could merely not be that properly knowledgeable.
Discover a higher method? Undertake it
Understandably, cutting-edge, untested know-how is not for everybody. However ignoring a tried and examined know-how that improves outcomes isn’t a good suggestion.
Perhaps it is time to modernize operations by shifting gears and adopting the newest method of doing issues. IT practitioners ought to keep conscious of adjusting practices and be careful for higher methods to do issues. We have to query whether or not our on a regular basis observe displays greatest practices.
Do this, and we would discover that Bob stops complaining about IT.
This text is written and sponsored by TuxCare, the trade chief in enterprise-grade Linux automation. TuxCare affords unmatched ranges of effectivity for builders, IT safety managers, and Linux server directors searching for to affordably improve and simplify their cybersecurity operations. TuxCare’s Linux kernel stay safety patching, and customary and enhanced assist companies help in securing and supporting over a million manufacturing workloads.
