Systems administrators are responsible for keeping IT systems running effectively.
Joel Rennich, Head of Device Identity, JumpCloud.
As part of this, sysadmins are always keen to automate common processes - not only does this help keep services running smoothly, it also makes life easier for them. Here are some approaches that you can deploy to improve performance and productivity.
Preventing problems around patching
One of the biggest challenges that sysadmins face is updates. Alongside the regular Patch Tuesday events that take place every month involving major software companies like Microsoft and Adobe, there are other unscheduled updates needed for security. In January 2022, there were 97 updates from Microsoft published as planned, while there were 29 out of band patches released to deal with security issues linked to Apache Log4j. Not all these updates will be needed for each IT asset, but they do all have to be looked at, examined and deployed to users.
Here is one of the biggest problems for sysadmins: actually getting patches deployed. Once an admin has tested any updates to ensure they are safe to be deployed, the next step is getting users to take a bit of time out of their work day to allow the updates to run.
There can be many different reasons for why it’s hard to get users to update. Some users may not feel comfortable carrying out their own patching or are just confused about what’s going on, while others may have concerns over application compatibility for their specific software. Other users may be too lazy to carry these tasks out, while others just never find the time based on always prioritizing other work requirements.
For sysadmins, understanding these problems can help improve their efficiency around getting updates deployed. It’s always better to work with your users than to work against them.
To achieve this, you first need insight into which users are up to date and which ones are not. The first improvement is how to encourage people to implement those updates sooner rather than later. Depending on your company size, you can look at how to communicate around planned changes in advance.
This approach to patch management can help ensure everyone knows about updates, what will be expected of them - if anything - and when those changes will be rolled out. By taking a proactive approach to informing teams on this, you can provide some insight into any threats that are coming up too. Many users are hesitant to click on updates after having taken security training suggesting that updates can often disguise malware, so properly informing your users as to what updates are legitimate can quickly get a portion of your population up to date. This also lets you ensure that no-one can argue that they did not know.
Patch status reports
Alongside this, you should build a patch status report that tells you where assets have been updated, and - more importantly - any assets where critical patches have not been applied. This involves looking at who is responsible for those missed updates. Rather than leaving this as an IT issue, which can be ignored, make this issue something that the team lead or manager is responsible for over time. Sometimes just the simple act of reporting on which teams are compliant, and which aren’t, can shake out the laggards. Also, when someone’s bonus depends on IT assets being up to date, they are more likely to take the problem seriously.
Similarly, you will have to consider how to stop those individuals that always put off updates. Rather than allowing the user to do this indefinitely, you should put a limit in place on how many times they can defer.
Providing a set number of times when someone can decline an update is about ensuring that updates get done, but that they don’t get in the way of people working. We have all heard stories about users getting suddenly kicked out when an automatic update gets started, which can lead to frustration and lost work. Instead, this approach should ensure that users can manage their current work, then apply changes. One or two reminders is probably not enough, while anything in double figures is not effective - instead, five or six reminders should be enough for anyone.
However, you should communicate this approach to all users in advance, so they know what is coming up. You can phrase this as being based on user feedback to demonstrate you have already thought about the problems that might otherwise come up.
Unfortunately there’s no ideal universal set of policies that will work for all organizations here, so keep in mind these ideas and begin working on a policy specifically for your environment. Just make sure to include management and some of the other units in your organization when implementing these policies.
Dealing with devices
Alongside applications and operating systems, sysadmins have to care about all the different devices that users might work with. While specifying work desktops and locking down systems might have been possible before the Covid-19 pandemic, today users will have a plethora of potential devices that they can - and in some cases, have to - use for work. All of these devices can end up accessing work applications, so sysadmins have to plan ahead.
Today, managing remote work will be the biggest issue for sysadmins at companies of all sizes. According to research, 57% of sysadmins reported this as the biggest issue they will face. This depends on knowing what assets will get used over time. Having a list of all assets used, and keeping it up to date, can help. Automating this process helps you track those changes and respond automatically.
When it comes to remote working, looking solely at devices is not enough for security. Instead, the constant factor is user identity. Knowing what devices someone may use - whether they are the user’s own, or company-owned - is the first step. Implementing Multi-Factor Authentication is the next step to proving that users are who they say are for each application that users have access to.
After this, you can use a x509certificate to link the user and the device together. This involves using that certificate to help you manage user identities more effectively - alongside having the right access credentials, your system can check that the device is one that should be allowed access, based on the presence of that certificate.
If you start using x509 certificates on devices, you can stop potential access through mis-used user accounts that get stolen or where passwords are weak. Even if a live user ID and password does get found, you can use policy to block access from devices that are not authorized with a certificate. This policy might be too dramatic for users that have not enrolled their devices but still want to use them for work occasionally, or where Bring Your Own Device is popular.
An alternative is to set up additional challenges for those users based on their context - if the account is on a trusted device, then they automatically get access. If it is an untrusted device, then use Multi-Factor Authentication to check that someone really is who they say they are.
Remote work and team management
For sysadmins, dealing with remote work requires budget to support those security tools, processes and approaches. In the short term after initial lockdowns due to the pandemic, many companies over-spent to correct their security and remote work problems. This situation seems to be improving - currently, 59% of sysadmins think their organizations spend too much on remote work and security, compared to 74% in early 2021.
To ensure your costs to support remote work come down, consider if you can consolidate some of those products that got brought in initially. Where there might be overlap, you can reduce spending or put the money towards other projects. Similarly, you can look at the experience side for users around remote work as an opportunity to make some savings as well as cutting costs. Managing remote workers is the biggest challenge IT admins faced over the past year, now at 57%, while 54% admit that the remote work experience is not as easy for end-users as they would like.
To make this happen, look at your current processes and steps that users have to go through. This can show up opportunities to change the approach, reduce the number of steps involved and simplify the experience side. Similarly, you can look at your infrastructure for areas like user management - do you need to maintain internal IT services, or can you use cloud-based alternatives that are priced per user? This can help reduce the spend, particularly if you have to manage more than just Windows endpoints.
Alongside the tooling, it’s also worth looking at how to help your team as a whole. According to research, the percentage of sysadmins that are happy in their roles dropped from 59% to 42%. This can be coupled with the demand for new IT staff that is taking place as part of mass job moves and hiring taking place, called The Great Resignation.
Looking at research by MIT Sloan, pay is not the main driver for all this movement in the job market. Instead, it is more about human responses to long term pressure - for example, a toxic work culture, poor recognition for work and fearing job insecurity were all bigger drivers for staff to leave. While your company may not have these challenges, it is worth checking on how happy staff are and how much they feel their efforts are recognized. Just taking the time to thank team members can be an effective way to keep people happier in their roles.
Thinking about your team’s workload - and more importantly, how to automate some of the common tasks that take up their time - can also provide a way to deal with that problem, if you can find the time to work on it. Dedicating some staff time - and engaging your sysadmin peers in how to automate those tasks - can provide opportunities to engage them in a way that shows them how they are valued and where they can make a difference overall. This can help them to come up with their own ways to improve performance, keep users happy, and reduce risk around remote working.
We've featured the best online cybersecurity courses.
