Originally posted October 13, 2011
About once a month, when Microsoft announces its list of security issues and associated fixes or application updates, I’m reminded of what a hard job managing change can be. In many instances the chaos that can remain dormant for the preceding thirty days, gets a chance to be front and center. For the teams that control these updates, you know the deep sigh that comes from pushing something out. That hesitation comes from experience with updates appearing benign on the surface, then quickly bringing your organization to its knees.
Added to this stress are those, even among your own team, that love to place blame on Microsoft’s operating system and use any opportunity to herald in the days of open source. Perhaps even worse, and as of late, a new consortium of cloud sycophants spread the propaganda of all these updating woes easily and simply solved by the cloud.
Unfortunately, I just can’t believe either of these claims to entirety. Yes, an opensource OS would likely prevent core malicious attacks. But, there are plenty of updates to install, which can continue to have a negative impact. As for the ease of unified updates provided via the cloud, well it could certainly remove the chaos associate with rollouts and updates. At the same time, what updated, and when did it update. Many cloud vendors lack the clarity needed in communication that we have come to expect from software partners like Microsoft.
The truth is that it’s fairly easy to find a scapegoat, meanwhile ignoring the real issues - lack of planning and proper processes. While some teams race to put out fire after fire, and a battle sense of failure in the face of adversity, others find great success even with an endless wave of updates and patches. What is it then, that distinguishes the successes from the failures?
The quick answer is, "Proper change management that encompasses a set of best practices and principles, such as those found in ITIL." Even when teams are small and face the daunting task of supporting thousands of dislocated end users, on as many if not more devices, those that find success understand risk and exposure. They work methodically and efficiently using best practices and processes that have been tested and retested. Finally, and perhaps most importantly, they have tools to enable them to understand the impact that change, just like Tuesday’s update(s) from Microsoft, will have to all their systems. In my experience, and I’ve been lucky to have worked on a number of IT teams – some successful, and other not so much – teams that can embrace this guidance regularly reap the benefits.
How does your organization handle changes such as security updates and patches? Hopefully that’s a question you’ve already answered. However, even if you haven’t we’d love to help. As always, we wish the best of luck to all of our IT brethren facing the adversity of change. At last look, that Microsoft security update will affect about 80% of us.