Keys to streamlining your patch management plan for 2021

| By:
Mike Killingbeck

As you know, the pandemic had thousands of employees trading in their commute to work for sweatpants as they migrated to a work-from-home lifestyle. Now, with company-issued devices and many logging in with personal devices through unsecure and unpatched networks, this created new security gaps and risks. According to Global Workplace Analytics, 25 to 30% of the workforce will be working from home multiple days a week by the end of 2021. 

As the number of users working remotely increases, so does the need for successful patch management. Your first line of defense in protecting your clients from viruses and other harmful intrusions is to secure their endpoints—and firewalls won’t cut it anymore. Building an efficient and profitable patch management practice in 2021 demands that the solution you choose includes the following features:  


Many MSPs out there aren’t automating patch management to the fullest extent and have had to hire full-time employees to cover this task. Managing patches manually leaves too much room for error, and it’s easy to fall behind when it comes to identifying, evaluating, and deploying patches by hand.  

Instead, implementing automated patch management tools will communicate with vendors—in some cases for both OS and third-party software—to find new patches, eliminating the need to do that extensive research on your own. 

You also have to take into account that the cost of labor is much higher than the cost of implementing an automation solution. For every second a technician spends working on patching, that's money directly off of the company's bottom lineInstead, you can lessen the administrative burden when you’re able to be more proactive with automated scans and updates and spend your time more wisely on higher ROI tasks.  

These tools also allow you to establish policies that can apply patches across all of the clients you manage, at times that work best with their schedules. A great rule to follow is the 95-5 rule. The goal is to have 95% of patches managed by a single policy across your entire client base, and the other 5% are one-offs that you can take care of manually. It will take time to find commonalities among your customers, but you’ll quickly realize there’s no need to do individual policies for every client. By removing these redundancies, you’ll find significant time savings.  


It’s best practice to never push out a newly discovered patch on day one. You need to test the outcomes first. This is where staging is imperative. Your patch management offering should include staging so you can install patches on systems within your office, on a few trusted users before you sent them out to your entire client base. Keep in mind that some patch management solutions don’t have staging options, so it will be up to you to build safe testing environments.  

It can be tempting to skip staging, especially when you’re handling a critical situation where a security patch can correct a vulnerability that hackers are actively exploiting. But remember, you’re responsible for the outcome—good and bad. You want to get the job done, but skipping steps can make a bad situation worse, so be sure to stage every time.  

Third-party patching 

When it comes to third parties and vendors, you can’t simply cross your fingers and hope they’ve issued auto-updates. If left unmanaged, third-party software can create security vulnerabilities or develop a bug that affects performance.  

Your Patch Management-as-a-Service offering should give your team the same automation capabilities for third-party software as it does at the operating system level. A great feature to look out for is a dashboard that gives your technicians and help desk a quick view of all of a client’s patches status. Having this information is not only helpful for your team, but it’s another aspect of delivering peace of mind to your clients that no stone was left unturned.   


A lot of the work an MSP does is proactive, and it’s sometimes difficult for your clients to realize the true value you provide on a daily basis. That’s where reporting comes in to provide the “proof.”  

Your patch management solution should also give you the ability to provide regular reports on the services your MSP business provided each month. In many cases, you can automatically generate and send a report the day after patches are completed. By automating reports, you’ll get your team out of the weeds and have more time to provide additional services that will help you grow your MSP business even more.