JumpCloud Community

Sometimes a quick post grows into an idea. I briefly shared that JumpCloud's Patch Management service is here on my LinkedIn, and my thoughts about it. That's not the medium to further explain why this excites me as a former IT Directory who had to tackle this challenge.

Patching, and doing it *right*, is a tough challenge for IT admins. There's some very comprehensive solutions that are made for enterprise needs and enterprise budgets, not SMEs, which are increasingly targeted in cyberattacks exploiting Zero-Days. They're also focused solely on Windows or don't do mobile (that's another invoice). JumpCloud's patch management follows the user lifecycle cross-OS, and it's easy to use. That's a big deal for IT admins.

I recall the task of getting quotes for the "top" patching solutions, or having considering SCCM. That latter isn't made for SME IT teams... it's just too much a  extra work for smaller sized organization to set up and maintain. We didn't use SCCM, but the solution we did opt for required multiple servers and licenses. I had to configure and manage it on an app server as well as set up a database on another. It was Yet. Another. Thing. that we had to maintain. Those costs are never included on the label, but they exist.

For instance, I'd run authenticated vulnerability scans using our SIEM. My memory might be fuzzy, but there was at least once instance where we had to contact the vendor and ask why something critical in its stack hadn't been patched. Supply chain can be a blindspot for IT admins when it comes to security: that's how some high-profile hacks have occurred. It's especially concerning when it's a solution that requires a service admin role on your domain controller AND has admin access to your entire fleet of PCs.

Then, there was uncertainty regarding whether or not patches were even being installed. It was a local solution and remote users weren't always logged into the VPN. We periodically had to have remote sessions with those users to ensure that updates were installed. That wasn't good for us or the employees, who were either sales people or technical services and didn't have the time to spare. It wasn't optimal, but I wasn't about to set up a hybrid config in AWS... even more time and money. Another instance wasn't free and would have also involved setting up some firewall rules.

( ... And even more unplanned expense, if we did it right in the DMZ).  We may have purchased the "bargain" patching solution, but it really wasn't so. The costs of going on-prem just weren't obvious up front. Changing our firewall config usually meant additional invoices from our networking partner, who required us to buy blocks of hours ahead of time.

I'd have been very interested in this new JumpCloud service, because it would have eliminated my VPN problem and all of the extra maintenance work a local system required. I honestly can't even quantify the hours I'd wasted "rolling my own."