Explaining the Value of Live Patching To Non-Technical Stakeholders
Ever been in a position where you needed to validate an important technical purchase to a group of executives who just didn’t understand what value the business would get if they released the funds?
Here at TuxCare, we know that live patching is one of the simplest and most affordable things organizations can do to protect against cybersecurity threats, minimize downtime, and shrink any team’s patching-related workload. As a reader of our blog, you likely already know this too.
Your colleagues in the C-Suite… maybe not so much. But you can build the argument.
In this article, we’ll outline some of the common difficulties technical experts face when communicating with stakeholders about budgets, and how you can explain the critical benefits of live patching to non-technical stakeholders.
Yes, this is about encouraging live patching, specifically – but you’ll also find plenty of good advice that applies to motivating buying decisions across the IT landscape. Let’s take a look.
We Are All Working Toward the Same Goal, but…
The technical environment of sysadmins is often worlds apart from the business-minded decision-makers who have the final say over budgets. Technical experts have specific (technical) goals and use language that doesn’t always translate that easily.
Because of these differences, motivating funding can sometimes be tough. It’s all about the gap in subject matter expertise and knowledge – but also about different priorities. For example, technical managers could resist changes that may disrupt system stability, while the C-Suite could push for changes that will drive revenue.
Yet, in the long run, goals are the same of course: a stable technical environment that delivers revenue growth. Both parties must collaborate and find a balance to ensure both the smooth operation of systems and the long-term success of the company.
Communicating with Diverse Stakeholders
Often, it simply comes down to communication and sharing a viewpoint, but this can quickly get complicated because stakeholders’ roles vary so greatly. There’s procurement, legal, finance… and everyone has a different goal and priority. There are, however, a few consistent tools that can help you make a connection to a stakeholder:
- Know your stakeholder: Find out how much technical knowledge they have. Don’t oversimplify things, but don’t get too technical either. Also find out what their priorities are: what are their business goals, and what keeps them up at night?
- Avoid lingo, translate actively, and use visual aids: Eliminate technical terms and acronyms where you can, use analogies and metaphors instead. Use whiteboards, visual charts, screen sharing, and video tutorials to illustrate technical concepts.
- Focus on results: Communicate with stakeholders about what matters to them: understand their business perspective and show them how your solution will positively impact their business needs and goals. Describe the finished product, not the technology design and development process.
- Encourage questions: Even at the executive level, stakeholders can be hesitant to ask questions about technical concepts. It’s worth asking: “Does that make sense?” or “Do you have any questions so far?” This will allow you to clear up any questions before they turn into objections.
You may be starting to see a theme here. As the technical expert, you need to get to know your stakeholder very well and build your technical justification in a way that addresses their needs and their views.
The Premise of Live Patching
Moving on to live patching, first, let’s recap what we’re looking to address. It’s a recap that will serve you well as you motivate live patching to your colleagues – because you may need to start from first principles.
Cybersecurity flaws continue to emerge in every part of the technology universe. One way to address a flaw is to patch it, in other words, to apply a small software update that fixes the security vulnerability.
Easy, right? The problem is that applying the patch usually requires that you stop the software program you’re running, apply the patch, and restart it. Whichever service the software patch was supporting will therefore be out of action – requiring either a disruptive maintenance window or putting up with degraded performance.
When it comes to patching an operating system, it becomes a much bigger issue because the entire machine goes offline. The net result can be that patching doesn’t happen on time because companies can’t put up with the downtime that patching causes.
And this can mean that vulnerabilities remain in place for months, or even years, even if a simple patch could have closed a system to a critical threat.
How Does Live Patching Work for Linux?
Live patching changes the game because it removes the need to restart the service that is getting patched. This counts for operating systems too: thanks to TuxCare’s live patching solution, KernelCare Enterprise, sysadmins no longer need to reboot Linux instances just to apply a patch.
The explanation is somewhat technical, but we’ll include some alternative language. To update a Linux operating system you often update the kernel, which is the core of the operating system. TuxCare’s live patching technology does this in a really smart way.
To apply a patch, KernelCare Enterprise pauses the kernel of the operating system for a split second. It’s so fast that none of the applications or services relying on the kernel even notice, which means zero downtime. KernelCare then quickly replaces the flawed code in the system’s memory and then simply lets the kernel continue running – but using the fresh and secure code.
The net result is that a critical patch is installed without the need to reboot the machine. There’s no patching-related disruption, no scheduled maintenance operation, and patching happens about as fast as the vendor can get around to releasing the vulnerability fix.
But Here Is How You Really Motivate Live Patching
So that’s how live patching works, in simple language. You may find that it still doesn’t resonate with your colleagues – again, simply because they have priorities that are different from your own.
Keep in mind, though, that the benefits of live patching go far beyond just saving some time for sysadmins. So, here, we outline some of the broader benefits:
- Cybersecurity: Live patching allows for the quick and efficient fixing of vulnerabilities and security issues in almost real time, reducing the attack surface and minimizing the risk of successful cyberattacks.
- Organizational viability: By reducing the downtime caused by software updates, live patching improves the overall reliability and availability of systems, while also ensuring system security so that damaging cyberattacks don’t threaten the viability of a business.
- Compliance: Live patching helps organizations stay compliant with cybersecurity regulations and standards because it means that vulnerabilities and security issues are addressed promptly – thereby reducing the risk of non-compliance.
- Risk management: By fixing security vulnerabilities in real time, live patching helps organizations reduce their exposure to risk and minimize the impact of potential security breaches.
- Cost efficiency: Live patching eliminates the need for scheduled downtime for maintenance, reducing the costs associated with lost productivity and potential data loss. Its automated nature also means that less IT staffing resources are required to maintain patching.
- Operational efficiency: Live patching enables organizations to make changes to systems and software quickly and efficiently, improving tech and development team efficiency and reducing the time to market for new products and services.
- Customer satisfaction: By reducing downtime and ensuring that systems are always available and secure, you also ensure improved customer satisfaction, helping organizations to retain and attract customers.
Clearly, outlining the broad benefits of live patching in all of these terms to everyone you talk to would be quite a mouthful – and might end up undermining what you’re trying to do.
Instead, once you’ve built an understanding of your stakeholder’s priorities, choose three or so key points from the list above that align most closely with what they’re trying to achieve.
It’s All About Reading the Room
When you’re trying to motivate a complex technology purchase to a decision maker, you need to read the room.
Yes, simplify what you’re about to explain and stay away from the technical jargon. But, more importantly, focus on the viewpoints and the knowledge of the person you’re talking to. This includes when you’re talking about live patching to a stakeholder. Try and see their viewpoint – and communicate from their viewpoint.
Remember, you’re all working towards the same goal: dependable technology that drives the bottom line. With our guide, you should now more easily be able to justify live patching to stakeholders.