Saturday, December 18, 2010

Not taking action is not always the best strategy

As part of my work, I often review how clients are managing their SharePoint farm. I've started to recognize a trend that I find a little disconcerting. It relates to applying operating system updates to Windows Servers. I find that the majority of my clients do not apply these automatically. The reason is that they feel that these updates may cause issues on the server. Let's be honest, there are plenty of examples of this happening, so this is not a unfounded concern.

But what is the downside of this approach? It means that their server is exposed to the issues that these patches apply to. To me, this is a significantly greater risk than a system becoming unavailable. Users may be unhappy if a server is offline, but what are the consequences of a hacker gaining access to your network?

I think there are two basic approaches you can take - turn on automatic updates or review and test each update that is released. These are the two extreme cases, but I know which end of the spectrum I would much rather be on. The number of companies with the skills and time to evaluate each update is small. Enabling monitoring of servers and services is relatively cost effective and has benefits above and beyond patch management.

Keeping the window of opportunity as small as possible for hackers is something every administrator should be trying to do. Hackers aren't after your servers specifically, they are just after the softest targets. Try not to be at the back of the herd when they attack.