The true cost of offering patch management services

Patch management can be a headache for organizations. As a result, there is a lot of money to be made in providing patch management services. Consultants and value-added resellers contemplating offering patch management services need to consider the cost of providing those services. Some costs are obvious. It goes without saying that you need patch management software, at least one server to run that software on, and maybe a couple of employees to oversee the process. There are, however, other significant costs that might even overshadow those previously mentioned.

Unfortunately, there's really no getting around the costs that I'm going to discuss in this article. Although you can always shop for a bargain, my purpose isn't to show you how to minimize these costs, but to point out some necessary expenses that you might not have considered.

Bandwidth

One of the biggest costs associated with offering patch management services is likely to be bandwidth. You will consume bandwidth downloading patches from the software vendor that created them, and you will also use a considerable amount of bandwidth pushing these patches out to your customers' sites. Granted, some patches are less than a megabyte in size, but service packs and some third party patches can be hundreds of megabytes. You need to have sufficient bandwidth available to accommodate these large patches when they're released. Besides, even small patches can consume a lot of bandwidth if you are sending the patches to enough remote sites.

Another reason why bandwidth could be a considerable expense is because you need multiple Internet connections with at least two different Internet Service Providers. ISPs are not perfect. Sometimes Internet connections fail for one reason or another, and you probably have service level agreements in place that commit you to delivering patches within a certain length of time after the patches are made available. You obviously can...

Digg This!     StumbleUpon     Del.icio.us

VIEW ALL IN THIS CATEGORY

RELATED CONTENT Vulnerability and patch management Mitigating zero-day vulnerabilities in customers' environments Despite customer interest, channel struggles with threat management Portcullis Systems adds HP security products to Microsoft customers Agilex partners with HBGary to offer security forensic, assessment services Snort vs. Microsoft Security Bulletin MS08-068 Top security tips for solutions providers Top five security service provider tips of 2007 Microsoft WSUS deployment guide Antivirus software patch management Should hotfix testing be performed by the QA department or by support? Patch Management Tools Automated patch management for SMB customers WSUS vs. SMS: Choosing a Windows patch management tool Platform Security Channel Checklist: Windows Vista security An introduction to penetration testing and its legal implications for VARs and consultants Penetration testing reconnaissance -- Footprinting, scanning and enumerating Network penetration testing: Ethical hacking tools and techniques Penetration testing -- Social engineering, IDS and honey pots Penetration testing -- Securing wireless access points Penetration testing -- Big bad bugs Windows security administration using command-line tools Windows Vista BitLocker basics and advanced techniques Microsoft Windows Vista firewall enhancements

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

't meet those SLAs if your Internet connection is down, so you need a backup connection. Besides, when both connections are functioning you can use both connections simultaneously for faster file transfers.

Hardware

Just as you need at least two Internet connections, you also need duplicate hardware. That way, if a server fails, you are not out of business. You can keep on delivering patches to your customers until the failed server has been repaired. As you budget for duplicate hardware, keep in mind that you might also have to spend some money on software licenses for the extra servers.

Insurance

One last expense that I want to talk about is insurance. If you offer patch management services you need an insurance policy that protects you against the various types of damage that can occur as a result of the patching process. For example, you could download a buggy patch that crashes your customer's servers. Another possibility is that a patch could inadvertently become infected by a virus and then be passed on to your customers.

There are also consequences for not patching your customer's systems quickly enough. For example, suppose a particular patch protects against a known vulnerability, and someone manages to exploit that vulnerability on one of your customer's servers before you have a chance to apply the patch.

My point is that offering patch management services is not a risk-free endeavor. There are a lot of things that can go wrong, and in many cases these mishaps are likely to result in litigation against your company or in your company being asked to pay for the damages. That is why a good insurance policy is important. A policy that provides millions of dollars worth of liability coverage isn't cheap, but it might just save your business one day.

As you can see, there are a lot of costs, both initial and ongoing, associated with running a patch management service. Although you can look for ways to minimize costs, there are some things that you shouldn't skimp on.

About the author
Brien Posey is an award winning author who has written over 3,000 articles and written or contributed to 27 books. You can visit Brien's personal Web site at www.brienposey.com.