Patch management can be a good starting point when trying to implement a more structured service management methodology within a small business. Jason Slater talks about the benefit of implementing aspects of service management frameworks in small business.
Small businesses operating with tight budgets and few IT personnel do not always have time to spend implementing structured methodologies as the business often needs to start trading as soon as possible and time needs to be prioritised addressing a never ending cycle of requirement analysis, sourcing, implementation, management, maintenance and disposal.
Small businesses operating with tight budgets and few IT personnel do not always have time to spend implementing structured methodologies as the business often needs to start trading as soon as possible and time needs to be prioritised addressing a never ending cycle of requirement analysis, sourcing, implementation, management, maintenance and disposal.
It can be difficult justifying, or even selecting, a suitable management framework, however, it is not always necessary to implement a full blown methodology and a smaller implementation can often be used as a stepping stone, acting as a proof of concept, whilst alleviating some problems and logically organising work flows and ensuring what needs to be done actually gets done. Of course, a number of formal methodologies are available to choose from and deciding which one is right for you could be a series of articles in themselves. However many of them aim to address similar issues but go about them slightly differently. What is consistent is that they offer logical, considered ways of achieving improvements through effective service management.
During busy or prolonged project periods smaller issues can sometimes be pushed down the pile of things to do, but these can have longer term impacts on productivity. A backup tape missed here, a patch missed there might not seem important at the time but are risks that can be better managed by implementing good working practices and a more structured way of working. You may discover that many of the actions you are already performing fit a particular service management function.
The idea of implementing a fully blown service management framework can be overwhelming at the outset. A brief glance through frameworks such as the IT Infrastructure Library (ITIL®) or the Microsoft Office Framework (MoF) and you might think your time is better spent actually solving problems than wading through paperwork - but spend a reasonable amount of time fire fighting and you may soon realise there must be a better way of working - and this has everything to do with operating a more structured methodology.
One of the important aspects of service management is what your customers think of you - from suppliers, through the user base to the board of directors - everyone is going to have a view of how you are performing and this may have little to do with the nuts and bolts of the operation but instead on how well you are serving the customer.
Someone once said the problem with IT is that if it is done well no one ever knows and having worked in a number of IT environments this is undoubtedly true. I do not recall ever being patted on the back for implementing a new SPAM control system or keeping the anti-virus software up to date but these are essential tasks and ones which will definitely be noticed if they do not get done.
Patch management is a function contained in service management frameworks that can be of great benefit to a small business and is often a good place to begin. Keeping up to date with software patches often starts out as installing whatever is required then rebooting the computer. But how do we ensure all client machines are using the same patch? How do we know if there is a patch we really need?
As time moves on we need to consider if patches can be applied consistently and we might need to ensure devices stay on if they are required - rebooting a device is not always convenient. Many things require patches including operating systems, office applications, and third party applications but other things require updates that fall into patch management including firmware updates and hardware drivers. The key point here is being able to keep the infrastructure up to date, be this for error fixing, security or software enhancements.
The first step in implementing structured patch management should always be a written policy setting down what you have, what needs to be done, who does what, how often it should be done, and any clarifications or limitations (often called a scope) that may need to be considered, in particular:
A list of equipment
For a large number of end points identifying the initial versions of software and firmware can be achieved using any number of network inventory tools available.
A list of who applies patches and when
It is important to focus on this area in particular. Consider whether users can install their own patches and make sure everyone understands which patches can be installed and which ones need consideration.
A list of authorised places to obtain patches
Keeping up to date on patches can be a hit and miss affair if not considered up front; it is often best to keep a list of all relevant and reliable information sources and check them regularly.
Set up a notification system for available updates and patches
A number of sites now offer email notifications of new patches and you should always keep up to date with patch information whether or not you decide to implement specific patches. Remember to always check the source of a patch before installing it - security is paramount, you can often also check the contents of the patch to ensure they arrive to you as expected - some vendors offer a checksum that you can use to verify the integrity of your patch prior to implementation.
A list of which patches and updates will be logged in a control document
Certain types of changes will benefit from being logged, though not all patches and software updates necessarily need to be logged, but in particular, drivers, firmware updates and server changes, as well as third party application changes should always be recorded. This log will help you analyse the problem should things go wrong.
Describe how a patch is implemented including any verification procedures
Know what to do if things go wrong
A word of warning, particularly for drivers and firmware updates. Always read the guidance notes associated with patches and software updates and always perform a backup routine before implementing any major software changes.
Patch priorities - for example, critical patches should take priority over software updates
Set review times for the guidelines to handle new requirements
Once written and agreed it is important to stick to this policy; once you start applying patches in an uncontrolled manner you start to drift away from the best practice you have laid down. If things start to drift away you need to reel them back in as soon as possible.
Information collected can be reported upon, showing number of patches, how many devices they were applied to and how much time was assigned to completing patch management tasks.
A successfully managed and operated patch management methodology will not only provide a more structured method for keeping software and hardware up to date, but can be used as a measure of performance, becoming a key performance indicator for the IT team and something the business can understand and appreciate.
Once patch management is under your belt you will be in a great position to look at other aspects of service management.
No comments:
Post a Comment