IT Support, Security & Managed IT Services Blog - iCorps

It's Time to Rethink Automatic Updates

Written by Jeffery Lauria | 2024/07/29

It's time for enterprise IT to rethink its approach to automatic updates to maintain a secure and stable IT infrastructure. While automatic updates are crucial in addressing zero-day threats, two significant factors highlight the need for a more balanced strategy. (1) the loss of control over when and how updates are installed and (2) the increasing threat of supply chain attacks.  

The CrowdStrike Situation

The recent CrowdStrike incident serves as a stark reminder that the enterprise, not the vendor, ultimately has responsibility for software updates and underscores the need for a renewed focus on software update management in enterprise IT. By reevaluating their approach to automatic updates, organizations can proactively safeguard their systems, maintain control over their technology infrastructure, and effectively combat zero-day threats.

Automatic Updates

The traditional model of automatic updates shifts the responsibility for ensuring smooth operations to vendors, leaving enterprise IT with little control over the process. Automatic updates provide the benefit of delivering security patches and software improvements seamlessly, ensuring systems are equipped with the latest protections. While most vendors have strong quality control measures in place, recent supply chain attacks have highlighted vulnerabilities in this approach. Automatic updates can result in compatibility issues, unexpected system behavior, and disruptions if not tested beforehand. These updates may also consume bandwidth and system resources, impacting performance during crucial operations. 

Pros of automatic updates:

  1. Seamless delivery of critical security patches and software improvements without user intervention.
  2. Ensures that systems are regularly equipped with the latest protections against emerging threats.


Cons of automatic updates:

  1. Potential compatibility issues, unexpected system behavior, or disruptions if updates are not thoroughly tested.
  2. Consumption of bandwidth and system resources, impacting performance during crucial business operations.

Manual Updates

Manual IT system updates offer a more hands-on approach to managing software and security updates. One of the main advantages of manual updates is that they allow for more control and oversight, as IT administrators can carefully review and test each update before implementation. This can help prevent potential compatibility issues and ensure that the updates do not disrupt critical business operations. Additionally, manual updates can be particularly beneficial for highly customized or specialized IT environments where automatic updates may not be suitable.

On the downside, manual updates can be more time-consuming and resource-intensive, requiring dedicated IT staff to oversee the update process. This can potentially lead to delays in applying crucial security patches, leaving systems vulnerable to exploitation. Moreover, human error during the manual update process can introduce security risks and create inconsistencies across IT infrastructure. It's essential for organizations to carefully weigh the pros and cons of manual updates and consider adopting a hybrid approach to ensure both security and operational efficiency.

Pros of manual updates:

  1. Control: Users have full control over when the update occurs.
  2. Awareness: Users can review release notes and know exactly what changes are being made.
  3. Testing: Users can test updates in a controlled environment before rolling them out to all systems.


Cons for manual updates:

  1. Time-consuming:  Manual updates can be labor-intensive and time-consuming, especially for large systems.
  2. Human error: There's a risk of human error during the manual update process, which can lead to issues or downtime.
  3. Delayed security patches:  If users forget or delay updating, they may miss important security patches and updates.

How to Mitigate the Threat - Adopt a Hybrid Strategy for Automatic and Manual Updates

A hybrid update strategy addresses the challenges of both automatic and manual updates without compromising security. A hybrid strategy maintains the benefits of automatic updates for critical security patches while taking a more active role in the approval proc ss for other updates. Adopting a hybrid strategy ensures that all systems are secure and up to date, even in the face of urgent patches. By combining the strengths of manual and automatic updates, a hybrid approach can effectively manage IT updates, balancing security and operational efficiency.

5 Benefits of a Hybrid Update Strategy

  1. Greater control and oversight: Allows for manual intervention where necessary, providing more control over the update process.
  2. Flexibility: Can adapt to different scenarios and requirements, incorporating both manual and automatic approaches as needed.
  3. Risk mitigation: Provides the opportunity to carefully review and assess updates before implementation, reducing the potential for unforeseen issues.
  4. Efficient resource utilization: Leverages automation for routine tasks, freeing up human resources for more complex or strategic activities.
  5. Customization: Offers the ability to tailor the update process to specific needs and preferences, striking a balance between manual and automated methods.

 

Enterprise IT should take a balanced approach to automatic updates. While automatic updates are crucial for protecting against zero-day threats, IT teams should also play a more active role in the approval process to address vulnerabilities from supply chain attacks. Elevating your approach, assuming responsibility, and securing your organization against future incidents and potential threats is essential. 

Need some guidance? Our experienced, dedicated, US-based team of experts is here to help. Contact us to reassess your strategy for implementing automatic updates and take proactive measures to fortify your systems starting today.