One of the significant challenges faced by IT is the need to stay current and make sure all technology is fully patched. This became increasingly vital, as security threats increased. All devices need to be patched, from mobile devices, laptops, PCs, switches, firewalls, servers etc. A large organization may have thousands of devices. Patching becomes problematic when there are legacy applications that will not run on the latest patched version of the OS or when there simply is not the budget available to patch and upgrade. Not only is this situation a problem for many companies but it is also a problem for the vendors. They release more advanced versions of their OS and applications, companies buy the licenses but never upgrade or install the latest versions. The vendors are now supporting multiple versions and releasing patches for each version.
This lack of standardization is hugely problematic. At a company, there may be ten people sitting in an office, each using a company laptop and each laptop is slightly different because they have not been uniformly patched. For the same reason, there may be rows of servers in the data centre which have different patch states. When vendors test their products against the latest version of an operating system (fully patched) and other vendors’ products, the test results may be positive but in the real world, with disparately patched devices, problems may occur.
Unfortunately, companies, especially large enterprises have clearly demonstrated that they are unable to keep their environments fully current and homogenous. Almost in desperation, vendors like Microsoft have taken it onto themselves to manage the environments they sell – as a service. As well, consumers have become used to frequent iOS and Android updates being forced down to mobile devices. Enterprise IT vendors have leveraged this new behavioral norm. With the move to cloud and in an effort to limit the number of supported versions and to ensure that all devices are fully patched and homogenous, vendors have adopted a model with rolling patches and updates. The opportunity to opt. out is limited, and opting out a few times removes support. It’s understandable that vendors would do this given that supporting multiple different versions of a product is expensive (with costs being passed to the enterprise). As well, problems with their products were often blamed on the vendor when in fact they may have been caused by the incompletely patched environment.
From a user experience perspective, the goal is to build an end-to-end service infrastructure including the device that is more reliable, more secure and where ongoing changes are incremental in nature with a minimal impact to the user. The goal is also to remove the need for massive and costly enterprise-wide upgrade programs. These programs, while vital were hugely painful and difficult to justify and they often ran into problems. Today, Windows 10 is the last major version of the Microsoft OS and as such, future changes are being delivered via incremental updates.
Part of an overall cloud strategy requires that an enterprise build the infrastructure and processes necessary to deploy incremental changes/patches to user services without major impact to the user community. This may involve prioritized, automated application testing, deployment infrastructure, initial patch testing and rolling waves of deployments. Again we return to the concept of infrastructure and applications as a service. The goal of moving to cloud is to execute the necessary transformation one last potentially painful time so that the organization can move to the “as a service” state. The goal is to achieve a degree of standardization, automation and tooling that enables waves of small, incremental changes to wash painlessly and quickly over an organization with minimal impact and minimal human intervention.
Given that laudable goal, there have been numerous “shrill” stories in the press on Windows updates that failed, deleted user data or seriously impacted the performance of a user’s device. While enterprises have experienced some of these issues, it’s been the consumer that has been hardest hit. Understandably people are upset. These problems have in some cases, seriously impacted consumer and business confidence in the rolling/obligatory upgrade process. However the scale of these problems and the underlying cause puts these issues in perspective.
Fundamentally a Windows desktop is an “open” environment and very different from the locked down Apple ecosystem. If the user has admin. rights, which consumers and many enterprise users have, they are free to download and install any application or service. Some enterprises are locking down their end user devices, blocking USB ports and trying to prevent potentially egregious activity. Other enterprises recognize that their employee’s view their end user devices as more than just a company asset but also as a tool for their personal lives. People want the ability to download and use applications both for business and personal use. To paraphrase Spiderman…”with great freedom also comes great responsibility” and ultimately the ability to really mess things up. Microsoft is now attempting to manage the core OS and productivity stack for over 800,000,000 devices worldwide. If there is a failure rate in the order of 0.001% (which is a number any competent IT department would be happy with) this translates into almost a million unhappy users that blame Microsoft (rightly or wrongly) for their system’s problem. Given the scale and complexity of the problem and the issues presented by unpatched endpoints (especially the security exposure) the approach of mandating upgrades and patches is arguably the best method. The use of AI, automation and the ability to rebuild devices remotely and quickly will continue to reduce (but likely never fully eliminate) the impact of failures.
Ultimately to be able to accommodate this degree of automation and management, the IT organization needs to change. Implementing the tools and infrastructure along with the necessary processes is key. Simplifying the environment by choosing “best of suite” rather than “best of breed” is also key. Automated application testing – perhaps using off shore services for overnight testing - is prudent for mission critical applications.
The IT department needs to have a much better grasp of the end user experience. How confusing is the upgrade process when the screen goes blank or displays some strange and alarming system message? In one instance, a major business unit at a bank, halted a significant technology rollout because a device displayed a legal warning message that frightened the user community into thinking (erroneously) that the enterprise could view and delete all their personal data. Proper change management, education and technical architects who are able to “put themselves in their users’ shoes” are vital.
Ultimately, the goal of a cloud centric, managed and current environment is to reduce the impact of change to the user community and to deliver a reliable and protected service.
Simon Morris is a Digital Transformation leader at KPMG. When his head’s not in the clouds, he is riding his bike, carving turns on his snowboard, or building water cooled computers with his son. He can be reached at firstname.lastname@example.org