Keeping IT Current
How to Nail Software Updates as an MSP
As an MSP, your job is highly multi-faceted, and that’s a large part of your appeal – organizations hire you to take on all (or at least a large chunk) of their IT duties, so they can focus on, well, not IT.
This do-it-all-so-they-don’t-have-to is perhaps best exemplified by software updates, one of the peskier IT tasks organizations struggle with – or worse yet, ignore altogether. Your updating expertise and patching prowess are superpowers, not to mention strong selling points, so make sure you…
- (a) Develop and document a robust software update program: a set of processes that collectively encompass all aspects of software updates, from planning to deployment to testing.
- (b) Communicate and demonstrate the value of your software update program to clients and prospects.
Some MSPs take care of (a) but neglect (b), an all-too-familiar pattern in the managed services space: we work our tail off taking care of clients, but don’t receive recognition for our efforts because we don’t effectively convey everything that we’re doing, much of it behind the scenes.
Another common mistake we encounter is MSPs developing a program for keeping systems updated, but failing to enshrine it in documentation. This is particularly common among smaller MSPs, who don’t always feel a pressing need to document their core processes, preferring to keep them ‘stored in the head.’ But this can hamper growth in major ways by limiting scalability.
Also, as well-documented processes become more and more the norm, you’d better believe prospective clients will notice the absence of robust documentation, and count it as a strike against your MSP.
Now that we’ve discussed some general objectives related to software updates, let’s delve into the nitty-gritty and talk best practices.
Put Security First
The threat landscape is a veritable minefield – and has been for quite some time. And while it would be nice to write that we are, slowly but surely, winning the war against cybercrime, it’s just not true. Things are getting worse.
Every MSP should be adopting a ‘security-first’ mindset, and such a mindset should definitely inform your approach to software updates. So, create a program that prioritizes security updates. For example, if there’s a security patch available to fix a known, actively exploited vulnerability, you should prioritize and apply that patch first, even if it means temporarily delaying less critical updates.
As your MSP grows, managing updates for multiple clients can start to become a big time drain. That’s why you want to utilize automation tools and scripts to streamline the process. However, keep in mind that while a good MSP automates effectively, a great one will strike the perfect balance between automation and manual intervention. This is where knowing your clients’ businesses can work wonders.
For instance, understanding that a client in e-commerce experiences a surge in traffic during the holiday season may lead you to temporarily adjust the update schedule to avoid potential disruptions. Bottom line – talk to your clients so you can get to know their businesses and their unique needs.
Stick to a Schedule
This is one of those things that almost every MSP will fully endorse in theory. But in practice? Let’s just say that we’ve encountered a lot of smaller MSPs that plan to stick to a strict updating schedule, but let things slide when they get busy.
When creating your timetable for updates, you’ll want it to reflect the security-first mindset we discussed earlier. For some concrete advice on how to schedule in light of security prioritization, check out UC Berkeley’s Patching and Updates Guidelines.
You should also strive to create client-specific schedules. A one-size-fits-all approach is limited, especially if your client base is diverse and spans multiple industries, each one with its own compliance landscape to navigate. We understand that customization is time-consuming, but the investment in client-specific schedules pays off in terms of improved security, client satisfaction, and trust. It shows that you’re attuned to your clients’ unique needs, a hallmark of excellent MSP service.
Test to Be the Best
Software updates can be a double-edged sword for organizations. While they promise enhanced features and security, the lack of rigorous testing can lead to unexpected disruptions or vulnerabilities. This is where your MSP can shine.
Testing software updates meticulously is a specialized skill, and most organizations’ in-house IT staff can’t carry out testing nearly as effectively as an MSP dedicated to the task. Make sure your clients not only understand that you’re committed to testing updates before deployment, but also, the value of testing – i.e., avoiding of severe disruptions to everyday operations and protecting essential software applications and data systems.
If you have the bandwidth, consider setting up a lab environment in which to test patches for functionality and compatibility with your client’s existing applications and systems.
Be in the Know
As an MSP, you want your clients to view you as the ultimate authority on all things IT. Needless to say, it would look pretty bad if one of your clients caught wind of a crucial patch from a vendor before hearing about it from you. So stay informed about the latest software vulnerabilities and corresponding updates. Also, make sure to maintain an accurate and up-to-date inventory of each of your client’s IT assets, as doing so will help you provide timely and targeted support, as well as strengthen one of the most valuable aspects of your managed services business: client trust!
You want your clients to take software updates seriously – to not roll their eyes and ignore the latest notification. But keep in mind, threat actors are quick to use your clients’ desire to
remain updated against them, and a common phishing attack involves masquerading as legitimate software updates or security alerts. It is in this complex security landscape that your role as an MSP becomes even more critical. Your job isn’t simply ensuring efficient and secure software updates; it’s also training your clients to distinguish between genuine and fraudulent update requests.
As with so many things in the IT realm, the name of the game here is communication. Talk to your clients. Engage them in ongoing discussions about the importance of keeping their systems updated and secure.
And if you need help, get in touch! The 20 is a business development group for small and medium-sized MSPs looking to get to that next level, whether that’s $500k, $1M, or even $5M in annual recurring revenue. We give you the tools, processes, and expertise to become a major player in this fiercely competitive industry. Just ask any one of our 170+ MSP members – growing a large and profitable MSP business is a lot easier with The 20 at your back!