Patch management can be a headache for organizations. As a result, there is a lot of money to be made in providing patch management services. Consultants and value-added resellers contemplating offering patch management services need to consider the cost of providing those services. Some costs are obvious. It goes without saying that you need patch management software, at least one server to run that software on, and maybe a couple of employees to oversee the process. There are, however, other significant costs that might even overshadow those previously mentioned.
Unfortunately, there's really no getting around the costs that I'm going to discuss in this article. Although you can always shop for a bargain, my purpose isn't to show you how to minimize these costs, but to point out some necessary expenses that you might not have considered.
One of the biggest costs associated with offering patch management services is likely to be bandwidth. You will consume bandwidth downloading patches from the software vendor that created them, and you will also use a considerable amount of bandwidth pushing these patches out to your customers' sites. Granted, some patches are less than a megabyte in size, but service packs and some third party patches can be hundreds of megabytes. You need to have sufficient bandwidth available to accommodate these large patches when they're released. Besides, even small patches can consume a lot of bandwidth if you are sending the patches to enough remote sites.
Another reason why bandwidth could be a considerable expense is because you need multiple Internet connections with at least two different Internet Service Providers. ISPs are not perfect. Sometimes Internet connections fail for one reason or another, and you probably have service level agreements in place that commit you to delivering patches within a certain length of time after the patches are made available. You obviously can't meet those SLAs if your Internet connection is down, so you need a backup connection. Besides, when both connections are functioning you can use both connections simultaneously for faster file transfers.
Just as you need at least two Internet connections, you also need duplicate hardware. That way, if a server fails, you are not out of business. You can keep on delivering patches to your customers until the failed server has been repaired. As you budget for duplicate hardware, keep in mind that you might also have to spend some money on software licenses for the extra servers.
One last expense that I want to talk about is insurance. If you offer patch management services you need an insurance policy that protects you against the various types of damage that can occur as a result of the patching process. For example, you could download a buggy patch that crashes your customer's servers. Another possibility is that a patch could inadvertently become infected by a virus and then be passed on to your customers.
There are also consequences for not patching your customer's systems quickly enough. For example, suppose a particular patch protects against a known vulnerability, and someone manages to exploit that vulnerability on one of your customer's servers before you have a chance to apply the patch.
My point is that offering patch management services is not a risk-free endeavor. There are a lot of things that can go wrong, and in many cases these mishaps are likely to result in litigation against your company or in your company being asked to pay for the damages. That is why a good insurance policy is important. A policy that provides millions of dollars worth of liability coverage isn't cheap, but it might just save your business one day.
As you can see, there are a lot of costs, both initial and ongoing, associated with running a patch management service. Although you can look for ways to minimize costs, there are some things that you shouldn't skimp on.
About the author
Brien Posey is an award winning author who has written over 3,000 articles and written or contributed to 27 books. You can visit Brien's personal Web site at www.brienposey.com.