Why WSUS and Remote Work are Incompatible
How do you keep a remote workforce secure? WSUS is not only a nightmare for work-from-home, it could also be putting your network at risk.
Securing Remote Devices for COVID-19
As the COVID-19 pandemic continues to stretch across the globe, many organizations are protecting their employees and communities by ordering work-from-home, creating an entirely different health concern: keeping devices secure.
Connecting these large numbers of home users to corporate resources is pushing enterprise VPN’s to a breaking point. Imagine hundreds, if not thousands, of remote devices checking-in to the same corporate environment via VPN. These devices will require security updates at least monthly, and that can cause severe contention across that same connection.
For Windows devices, which many administrators patch using WSUS, the average combined Patch Tuesday of Windows and third-party updates from December 2019 to the present is 1.5GB – 1.6GB per device. An organization managing 500 remote devices alone may expect up to nearly a terabyte of outbound traffic to keep the devices patched and up-to-date.
If you’re still using WSUS for patch management, there’s a better strategy for managing and protecting your business.
WSUS Creates Massive Headaches for Remote Work
With or without VPN, WSUS alone can be a nightmare. First of all, it’s a Windows-only solution thus limiting its usefulness. Devices require direct access to the WSUS server (whether one or many WSUS servers which increase the headache) and sync failures are common. Administrators are forced to manually approve each and every update as well as there is no support for any third-party applications whatsoever.
There’s a massive dependency on Group Policy management, which limits the effectiveness for roaming devices, as well as the on-premise content repository that must be constantly maintained. Even if patching is successful, how do you know? Reporting is always limited and end-users are known to defer reboots indefinitely. It’s hardly an update service, and more of a burden.
What should organizations do?
The simple solution is to migrate all patching services, both operating system and third-party (which WSUS cannot provide), over to a cloud-based architecture. Forget managing Classifications on-premise with WSUS. Forget standing-up WSUS replica servers, which increase administration and storage costs. Forget relying on the work-from-home users to connect via VPN to manage them.
Syxsense is a fully cloud-based solution that helps organizations better secure their endpoints through software patching, deployment, remote assistance, and vulnerability scanning. By default, Syxsense provides auto-approval strategies to ensure the right updates are approved while leaving the optional and problematic updates to the side.
The solution follows the same security protocols as VPN to adhere to any industry: 2048-bit encryption, multi-factor authentication, and even location security so that only specified networks have access for management.
Experience the Power of Syxsense
Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.