IT teams are facing the dilemma of more applications to manage but also at the same time the issue of having to manage more complex and frequent updates connected to those applications. Alongside this dilemma ransomware hackers are increasingly looking for more vulnerabilities in the security of applications to gain access and encrypt organisations’ critical infrastructure, data, and devices.
Despite all of this, some firms have been found to take up to 205 days to run critical updates and shut down any vulnerabilities. As a result, the UK’s National Cyber Security Centre have posted advice around the security risks out of date applications pose to UK firms. The guidance focuses around the need to run patch updates within 14 days of release in order to ensure all new updates and new security features are installed as soon as possible.
Flaws of automatic updates
Relying fully on applications which have been set to auto update is a risky strategy for organisations. Lack of WIFI connectivity, storage limitations, power supply and a devices age can cause interruptions when it comes to auto updates. For some updates to kick in fully they require the device to be restarted. If the device is only snoozed and not rebooted those updates could take several weeks to fully take their desired effect.
Updates can also become delayed or blocked completely if a user has the access to be able to disable updates, this risk becomes amplified if an organisation deploys a Bring Your Own device policy as those users have much more control over their devices. IT teams are often disabling auto updates as the users lack the correct admin rights to be able to fully install them. This gives the control back to the IT teams as they can choose if, when and on which devices the updates are installed.
It has been known over the years for some updates to cause problems within the functionality of an application. If an update with this issue included is released by a vendor for a business-critical application and automatically pushed out company wide, this can have a serious impact on productivity.
What is the solution?
Given the risks associated with slow or automatic updates, IT teams are looking for alternative solutions to application management. To do this, several best practices can be applied to balance both security and productivity. These can include:
- Application inventory and tracking to establish what needs protecting.
- Carrying out threat assessments: to understand what the threats are and how to mitigate them.
- Stay on top of patches: Despite the importance of this, many organisations are not up to date with patches.
- Use containers to create silos and reduce risk.
- Encrypt data in at-rest and in-transit status.
- Use privilege management to reduce the risk of external attacks through silos, and insider threats through limitations on access.
- Conduct penetration testing to find any weak points in applications.
For good application management these best practices are the bare minimum required. All of these can be applied to reduce the risk of vulnerabilities. Unfortunately, the reality for IT teams who are running hundreds if not thousands of applications is, it simply isn’t realistic to apply the same level of diligence to every application. This vulnerability becomes even more of an issue when low priority applications can provide an access point for hackers to exploit.
How ORIIUM application management services can help
At ORIIUM we believe a blend of both automatic updates and application packaging services is the best of both worlds.
ORIIUM’s Application Packaging service enables effective packaging and deployment of third party or in house software applications, software patches and other dependencies. Our team have been servicing the application packaging and consultancy needs of our customers for more than 15 years. Including central and local government, education, health care, finance, and other highly regulated organisations. We are experts in all mainstream packaging formats and delivery mechanisms including MSI, MSIX, App-V, Intune, SCCM and Citrix.
This service is completed end to end by ORIIUM and our team typically work remotely or on customer location if necessary.
AppAffinity continuously monitors for the latest security, software and feature updates when an update is released. A fully deployable software package is created and pushed directly into an organisations Endpoint Management System. This could be Intune or SCCM (Endpoint Configuration Management). From there it can be automatically distributed to all endpoints for silent install. Our team of application experts can also package updates for those applications which may need specific customers settings incorporating, these can also be pushed out to the customers endpoints ensuring all applications are covered.
Find out more
ORIIUM’s application workshops provide personalised advice for deploying and managing applications. From shutting down security vulnerabilities to troubleshooting legacy applications, you can benefit from best practices for managing your environment.