Patch Management: 4 Best Practices and More for Today's Healthcare IT

Patch Management: 4 Best Practices and More for Today’s Healthcare ITMay 11th, 201111:00 am PST / 2:00 pm EST

Meet Our Speakers
Ian Bartell
IT Director
Roswell Regional Hospital
Gerald Beaulieu
IT Automation Expert
Kaseya

Polling Question 1
What is your biggest pain point for Patch Management?
- workstation
- server
- laptop
- other

Patch: It’s the Same Problem
A. Knowing about the patch, the severity, and the risk
B. Getting the patch to all your servers and PCs

How Bad is Manual Patching?
Monitoring for new patch:
10min/d or 61hr/yr
61hr * $70/hr = $4.5K
Applying new patch:
10min or 0.16hr
0.16hr*500PC*$70/hr = $5.6K per patch
MSFT patches/yr = 72 (3 yr avg)
Impact of managing 1 image/yr:
$4.5K+($5.6K*72) = $408K
Source: Microsoft, 2010

And the Exploit Timeline is Shrinking
Days Between Patch & Exploit
As this cycle keeps getting shorter, patching is a less effective defense
Automation for testing and deployment needed
331
180
151
25
Nimda
SQL
Slammer
Nachi
Blaster
Source: Microsoft, 2010

Healthcare Institutions: Patching is Top Automation Target
IT Service
SW upgrades & patches
Backups
Monitoring
Ticketing
Response*
75%
61%
58%
38%
*Out of 174 healthcare IT leaders when asked – by Kaseya – their top 2011 target for automation

4 Best Practices for Patch Management... + 1 Bonus Tip
Discover & assess
1
Identify & test
2
Evaluate & plan
3
Deploy & remediate
4
Automate
5

Discover & assess
Best Practice #1Discover & Assess
1
Are there any threats in your environment?
Has anything changed in your operation?
Do you have an accurate, current inventory?
Can your infrastructure support patch management?

Identify & test
Best Practice #2Identify & Test
2
How do you learn about new patches?
How do you decide if the patch relevant? Needed?
Which PCs/servers will need a patch?
What is/are the system priority/ies?
Which systems are most vulnerable?
How will you test the patch itself?

Evaluate & plan
Best Practice #3Evaluate & Plan
3
How do you ensure all parties agree with “need to deploy?”
Exceptions?
How will you install the patch?
PC vs server? Corporate vs remote?
Do you combine with other tasks?
Who will do it?
When will you install the patch?
How will you test an installed patch?
Do critical business functions still “work?”
How much testing is required?
Where does testing occur?

Deploy & remediate
Best Practice #4Deploy & Remediate
4
Pre-deployment
Do you notify users? Support?
Do you provide training?
Did you check all your distribution/deployment points?
At deployment
How do you monitor patch distribution progress?
How do you deal with slow connections?
Post-deployment
How do you deal with exceptions?
12

Best Practice Bonus TipAutomated Patch Management
Assess
Use predefined, predetermined network scans to assess installed - and uncover missing - patches
Identify
Create alerts to capture new software added to inventory
Create new patch schedules, where needed
Evaluate
Create periodic vulnerability reports - and compare to patch policy - to determine which patches are needed
Create patch-analysis and patch-test scenarios
Deploy
Schedule patch distribution by time, by system, by group, or by user-defined collection of systems
Create exception-handling routines
Create real-time deployment reports for users and management
Automate
5

Recap: 4 Best Practices for Patch Management + 1 More
Discover & assess
Determine current state of environment
1
Identify & test
Employ procedures to obtain patches and stack-rank for use across environment
2
Evaluate & plan
Develop patch deployment policy and schedule, as well as a corresponding exception plan
3
Deploy & remediate
Deploy & remediate
Coordinate distribution with stakeholders, manage patch exceptions, and compile relevant reports
4
4
Automate
Automate to reduce delivery cost, improve staff productivity, and ensure system performance
5

About Kaseya
Patented
#7,827,547
Value Proposition
A single Kaseya user can proactively manage 1,000s of automated IT systems tasks in the same amount of time required by a team of technicians using other techniques.
Key Facts
Founded 2000 & HQ in Switzerland
Privately held, no debt, no external capital requirements
33 offices worldwide in 20 countries with 450+ employees
10,000+ customers
5,000,000+ assets managed
Patented technology and FIPS 140-2 compliant

The Kaseya Solution for Automated Systems Management
Comprehensive
Automates all systems management tasks
Integration friendly
Scalable and flexible
Uncomplicated
Lightweight, 1 agent
Cross platform
Easy to install & use via a single pane
Affordable
On-premise or cloud
http://www.kaseya.com/products.aspx

Integrated Patch ManagementAutomated scans, policies, deployments & reports
No WSUS!
http://www.kaseya.com/get-started/demo.aspx

Other Market Leaders
Universities and K-12 Schools
Hospitals and Care Facilities
Our Customers

Reduce Risk
Reduce Cost
Improve Service
Proven ROI
Family Health Center – San Diego (1,000 PCs) deployed EE and improved core application uptime from 85% to 99.6%
Virginia Tech (500 PCs) used Remote Access (IT Toolkit) to decrease MTTR by 83%
N. Conejos School District (500 clients) saved $100K with automation and increased PC availability from 80% to 99%
Cano Petroleum (100 PCs) usedEE to demonstrate SOX compliance with 100% IT control
Integrated Health Management (250 workstations) achieved target HIPAA compliance every year since EE first deployed
BankFirst (150 PCs) used EE to satisfy FDIC compliance regulations – since 2007
Advanced Motion Control (500 workstations) used EE to reduce monthly CADD updates from 2 hrs/PC to 5 mins/PC
Redbox (10,000 clients) used EE to reduce number of kiosk-technician visits by 90% in 1 year
National Health Service (1,000 PCs) saved 15 hrs/month on mandatory SW updates with EE

Other Accolades
Industry Awards
Industry Reviews
“Kaseya's products have a reputation for being easy to install and use, compared with many competitive products.”
Gartner, 2011 (#G00209766)
“Service automation is vital to IT success. Kaseya is purpose-built for this next era of computing.”
OVUM, 2010 (#TA001974ITM)
“Kaseya’s strength lies in the ease of implementation, support for their customers, and comprehensive service level management.”
IDC, 2009 (#219336)
“Kaseya’s IT Automation Framework can help many types of IT management organizations. Quickly. Affordably.”
EMA, 2008 (#1429091307

Polling Question #2
Would you like to learn more about …
- Yes, I’d like to try Kaseya free for 30 days
- Yes, but I have no idea what Kaseya costs
- Yes, please have someone contact me
- No, not at this time

Q&A and Resources
Explore Kaseya Patch Management
http://www.kaseya.com/features/patch-management.aspx
Learn More About Kaseya
www.kaseya.com/PPSresources
Contact Us
sales@kaseya.comor toll free +1 877-692-2003
Join the Kaseya Conversation
www.kaseya.com/community.aspx

Patch Management: 4 Best Practices and More for Today's Healthcare IT

by Kaseya

Accessibility

Categories

Upload Details

Usage Rights

Statistics

Patch Management: 4 Best Practices and More for Today’s Healthcare IT Presentation Transcript