Cloud’s Silver Lining: Patching the Fluid Workforce

COVID-19 struck the world at a time when the cybersecurity landscape was already growing ever more complex due to emerging threats and an increasingly interconnected reality. Protecting a remote workforce was not a new challenge, but one that companies were often only managing for a minority of users.

The mass transition turned out to be a challenge many companies simply weren’t ready for, but most IT teams fared well.

However, businesses are now facing a new challenge: maintaining these network changes in the long-term as many were implemented quickly and as a temporary solution. Now employees are heading back to work, the new normal is becoming apparent. Many are predicting that a fluid workforce will take the lead going forward, as employees work flexibly between the office and home. 

Patching is a core element of any security strategy, and deploying the right patches in a timely manner determines a company’s level of protection. Cyber-criminals focus on exploiting systems rife with unpatched vulnerabilities – not just because they’re the easiest to take advantage of, but because they betray a lack of basic cyber hygiene. Therefore, despite the new challenges of fluid working, IT and security teams must streamline and improve patch management practices.

Remote patching woes

Before the pandemic, the ‘bring your own device’ (BYOD) trend had already been embraced by some organizations, but not all knew how to deal with it from a security standpoint. Staff that connect to the company network from personal devices expand the cyber-attack surface and create entry opportunities for hackers.

Similarly, there is the issue of home routers, which are targeted as they are infrequently patched. In fact, a recent study found that 64% of routers hadn’t received a single patch within the past year and many are affected by hundreds of known vulnerabilities. This can allow attackers to compromise the router and monitor that home network.

Between BYOD use increasing and the shift to remote work, the secure perimeter of businesses no longer applies. If companies don’t extend corporate security standards to BYOD, they provide a bridge between vulnerable home routers and a business network.

Now the fluid workforce looks set to become the norm for the foreseeable future, security pros are again facing new challenges. Many will have paused certain activities due to the unclear economic outlook and, now we are emerging out of the other side, they must figure out how to enable those activities again with a fluid workforce.

Take Windows 10 branch upgrades for example, which require a 4GB ISO image. Most systems undergo 0.5GB of patches in a normal month, which many businesses have been struggling to install remotely due to VPN constraints. Now these teams must tackle installing a 4GB upgrade onto off-premise devices without completely overloading the VPN.

Sub-standard solutions

Companies may have contemplated solutions, like Intune, to streamline cooperation with their teams no longer in the office. This would ensure unified endpoint management of all devices that utilize enterprise resources – company and user-owned. The advantages are clear: Intune allows patches to be deployed on all devices connected to the network.

However it’s no patching panacea, its limits mean that updates from third parties, such Adobe and Google, are not rolled out in the same way. This leaves security pros searching for ways to drive protection for all devices across cloud and hybrid environments.

Home-based working presents further problems as some of the most widely used patching solutions – Windows Server Update Services and Microsoft Endpoint Configuration Manager – require communication with on-premise infrastructure. This is where VPNs play a crucial role: VPN traffic must be optimally managed to enable necessary updates but, if bandwidth is constrained by update traffic, this can slow down the system and impact productivity.

So, what to do? IT teams could have reset the process so that updates come directly from Windows Update, thereby diminishing the VPN bandwidth backlash. However, this would reduce IT ownership and visibility of the patching process.

Not all is lost: patching in the new normal

Despite various components making remote patching nothing short of a minefield, not all is lost. There are viable ways to overcome these hurdles, including hybrid and cloud-based patch management solutions. Hybrid solutions can empower off-network agents to communicate with their on-premise management console. Cloud-based services securely enable policy updates – resulting in saved VPN bandwidth and more consistent reporting.

Due to the financial impact of the pandemic, investing in new IT initiatives might seem out of the question for many organizations as they strive for cost-efficiency. However, threat actors are not decreasing their activities; if anything, they will be gaining steam and taking advantage of the new opportunities remote working has provided and continues to offer.

Cutting back on security spending is simply not an option. Hybrid and cloud patch management tools will benefit businesses in the long run and, while the future is uncertain, it’s important to be well equipped to face it. 

It’s an incredibly trying period for businesses as they look for ways to remain profitable, while adjusting to the evolving situation and battling new cyber threats. Streamlining patching is fundamental for businesses to stay afloat, and should be achieved with the help of cloud-based and hybrid solutions. With these tools in place, security teams can be prepared for whatever the new normal may hold.

What’s Hot on Infosecurity Magazine?