CodeSecDays 2024 - Join GitGuardian for a full-day exploration of cutting-edge DevSecOps solutions!

Save my spot!

CodeSecDays 2024 - Join GitGuardian for a full-day exploration of cutting-edge DevSecOps solutions!

Save my spot!

Why is updating & managing on-premise software so difficult for enterprises

We chat with Andrew Storms and Ian Zink about the difficulties when it comes to being able to manage on-prem enterprise software.

Video Transcript

a catch here it's outdated software but particularly in kind of large Enterprise environments so I wanted to maybe ask and ask you to to dive into a little bit why why is this such a problem because you know we're familiar with updating software doesn't seem that hard why is that such a difficult problem to solve when we get into the Enterprise level when we get into this and can you talk about how replicated can kind of help there um I'll take the opinion pce piece first and I'll let Ian also chime in on you know functionality and so forth um I think so the my opinion is with the dramatic rise of SAS the dramatic rise of cloud we've gotten so accustomed to delivering software in that way meaning we can just willy-nilly update our SAS products deploy it as needed and everybody gets the update and great right especially from a security perspective but also great from a product feature perspective and and the opinion I I put forth which is we've forgotten the how Enterprises manage software which is different than you know the SAS environment where they're going to have their own unique specific requirements whether that's say testing it through their internal testing systems whether it's how they roll it out internally and and there's going to be that Gap and the Gap is vendor creates software they release it maybe they cut the release they then make it available and at that point in time you're kind of hoping and waiting for your Enterprise customers to take the release and update it and and again from the security Viewpoint which is really my viewpoint here is um you want them to take it often because that could have security implications or could have fixes in there because it reflects back poorly on you as the vendor if all your Enterprises are running outdated insecure software um Ian you as well I think should chime in on this one yeah definitely um I mean I think there's a number of things that we do that are really great for keeping outdated software up to dat and we've really put a lot of effort into it recently um one of the biggest ones is we've been rolling out this new feature called instance insights that lets you know that you're having trouble with your customers running old software software that has cve and uh we've been trying to now roll that out so that folks that are even on Helm can use some of that Telemetry to see hey I have customers that are all you know running old things or they're running versions behind so I need to follow up with them I need a notification that I have a very important customer that is now you know a major version or you know five patches or whatever that particular condition is um so I think that's one of the the most important things that we're doing there as far as like you have to know you have a problem first um there's other things that we're doing to help with that and uh another one is trust so a lot of times vendors start falling behind on their software because they don't trust you they think I've I've updated my software before and it's failed and so I'm not going to update anymore and uh we're rolling out um uh a product called compatibility Matrix that will let you test against all these customer like environments for uh many different uh kubernetes distributions you know eks um and kind being a couple ones uh and uh I know open shift uh also coming up so which will be you know one ones that typically often uh can be a little bit different so uh letting cut letting knowing that every commit that you're keeping your software working and upgradeable uh is another big thing we're doing and um another feature we have is pre-flight checks so whenever someone goes to upgrade or they go to install verifying that's actually going to be successful making sure there's enough dis space enough CPU enough nodes um really helps with keeping with people keeping their software up to date which salves the CVS which really I I believe one of the most fundamental security problems is keeping up to date and it's really interesting that there's this um from a security standpoint right there's this really uh give and take for keeping up to dat right often it is the security teams that are slowing down the adoption right because they have they have a lot of processes and a lot of checklists and they want to make sure that all these things are followed strict change management and that can actually lead to slow ler adoption so it's it's a I think by building trust with the security teams that these things are going to work and working in those Frameworks it replicated can really help a lot so