2

I'm trying to implement an automated patching program at a small SaaS provider.

When a customer signs up for our software, we provision them a Linux VM in our primary datacenter.

Each customer also gets a QA and sandbox server in another datacenter. All the servers in this datacenter are registered to a central Linux patching tool, so that we can do bulk automated patching and this works well.

However, I'm concerned with doing the same in the primary production datacenter. The Linux patch management tool has the ability to push packages/files to any machine that is registered to it. So in the event that this patch management tool is compromised, an attacker will have access to compromise all our customer servers.

In the interest of isolating each customer from each other and preventing an attacker getting access to further machines, how can I centrally manage these production servers? Are there any best practices for this type of situation, or do I bite the bullet and patch each server individually?

crab
  • 17
  • 2
  • Running health scans/hardening tests on at least one host after applying patches, before system-wide deployment, will give you an extra degree of confidence. – postoronnim Oct 03 '19 at 20:11
  • That will depend entirely on your MSAs with customers. If this is truly a SaaS provider (i.e. the VMs are just for isolating their application instance, and they're not being given OS-level access, which would be sorta unusual for SaaS apps), I've never heard of a company dictating patch *methodology*. Most will dictate patching cadence SLAs, and restrictions on multi-tenancy of their data, as part of their MSAs, but they're not going to say, "we want our own entire Puppet instance for our application instance backend". – Angelo Schilling Oct 03 '19 at 20:26
  • Thanks Angelo for the insight. The customers' don't have OS level access and we are responsible for patching - so although the SLAs are set up accordingly, the question is more from the provider's perspective of what is considered best practice for having all customers in one patch management tool. We would just inform the customer that patches have been applied but my only concern is that we might widen the attack surface by having all customers in one central patch management tool. – crab Oct 04 '19 at 14:10

0 Answers0