03-25-2022 12:57 PM - edited 03-25-2022 03:03 PM
Sometimes a quick post grows into an idea. I briefly shared that JumpCloud's Patch Management service is here on my LinkedIn, and my thoughts about it. That's not the medium to further explain why this excites me as a former IT Directory who had to tackle this challenge.
Patching, and doing it *right*, is a tough challenge for IT admins. There's some very comprehensive solutions that are made for enterprise needs and enterprise budgets, not SMEs, which are increasingly targeted in cyberattacks exploiting Zero-Days. They're also focused solely on Windows or don't do mobile (that's another invoice). JumpCloud's patch management follows the user lifecycle cross-OS, and it's easy to use. That's a big deal for IT admins.
I recall the task of getting quotes for the "top" patching solutions, or having considering SCCM. That latter isn't made for SME IT teams... it's just too much a extra work for smaller sized organization to set up and maintain. We didn't use SCCM, but the solution we did opt for required multiple servers and licenses. I had to configure and manage it on an app server as well as set up a database on another. It was Yet. Another. Thing. that we had to maintain. Those costs are never included on the label, but they exist.
For instance, I'd run authenticated vulnerability scans using our SIEM. My memory might be fuzzy, but there was at least once instance where we had to contact the vendor and ask why something critical in its stack hadn't been patched. Supply chain can be a blindspot for IT admins when it comes to security: that's how some high-profile hacks have occurred. It's especially concerning when it's a solution that requires a service admin role on your domain controller AND has admin access to your entire fleet of PCs.
Then, there was uncertainty regarding whether or not patches were even being installed. It was a local solution and remote users weren't always logged into the VPN. We periodically had to have remote sessions with those users to ensure that updates were installed. That wasn't good for us or the employees, who were either sales people or technical services and didn't have the time to spare. It wasn't optimal, but I wasn't about to set up a hybrid config in AWS... even more time and money. Another instance wasn't free and would have also involved setting up some firewall rules.
( ... And even more unplanned expense, if we did it right in the DMZ). We may have purchased the "bargain" patching solution, but it really wasn't so. The costs of going on-prem just weren't obvious up front. Changing our firewall config usually meant additional invoices from our networking partner, who required us to buy blocks of hours ahead of time.
I'd have been very interested in this new JumpCloud service, because it would have eliminated my VPN problem and all of the extra maintenance work a local system required. I honestly can't even quantify the hours I'd wasted "rolling my own."
03-31-2022 03:13 PM
Patch Management is definitely a step in the right direction... albeit perhaps a baby step at the present time. That said, we are on board for it and look forward to seeing the capabilities grow over time, especially around reporting and alerts which it sounds like are going to be a primary focus in the follow-up iterations. The foundation is certainly there to be built upon. And the promise of 3rd party patching in the future is an exciting prospect as well. The work towards having these capabilities all contained within JumpCloud is indeed going to make my life easier as an Admin and more importantly, our organization more secure.
04-01-2022 10:51 AM
Love it, @NVergin, and thanks for the additional comments.
Like someone's post? Give them a kudo!
Did someone's answer help you? Please mark it as a solution.
New to the site? Take a look at these additional resources:
Ready to join us? You can register here.