December 21, 2018 at 3:21 am
Hi!
One of my customers don't care about OS or SQL updates, it forbids me to apply it, as much as I'll argue
Not they have a reason for that, but once it's installed don't touch anymore. 🙁 🙁
Look at this uptime !!!!!!
What should I do ?
|-Starting Uptime
Category Information Current_Time Last_Startup Uptime
----------- ----------- ----------------------- ----------------------- --------------------
Information Uptime 2018-12-21 10:01:13.140 2015-11-19 15:19:36.170 1127d 18hr 42min
|-Starting Windows Version and Architecture
Category Information OS_Version Service_Pack_Level Architecture Machine_Name NetBIOS_Name System_Manufacturer System_Family System_ProductName BIOS_Vendor BIOS_Version BIOS_Release_Date Processor_Name
----------- ----------- ------------------------------- ------------------------- ------------ ---------------------------------------------------------------------------------------------------------Information Machine W7/WS2008R2 Service Pack 1 64 SRVxxxxxxxxxx\P01
December 21, 2018 at 5:01 am
What do you mean what should you do? If you can't control it there's very little you can do. Have they given a reason for not following good update processes? Considering that it hasn't been updated this year then the server is most definitely patched against the Spectre and Meltdown vulnerabilities; which are major concerns. This also means that, very likely, the company isn't compliant with certain regulations within your country; certainly if you're within the EU zone, or deal with it, you are GDPR compliant and so you could be facing huge fines in the event of a breach.
If you're not the one in power, however, and you've raised your concerns and they are ignored, there's very little left you can do however. The only other thing you could consider is going down the whistle blowing route if you have/are suffering breaches as a result and the company isn't reporting them (but that only really applies if you are within or deal with the EU zone, or similar GDPR regulations).
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
Larnu.uk
December 21, 2018 at 5:15 am
Thom A - Friday, December 21, 2018 5:01 AMWhat do you mean what should you do? If you can't control it there's very little you can do. Have they given a reason for not following good update processes? Considering that it hasn't been updated this year then the server is most definitely patched against the Spectre and Meltdown vulnerabilities; which are major concerns. This also means that, very likely, the company isn't compliant with certain regulations within your country; certainly if you're within the EU zone, or deal with it, you are GDPR compliant and so you could be facing huge fines in the event of a breach.If you're not the one in power, however, and you've raised your concerns and they are ignored, there's very little left you can do however. The only other thing you could consider is going down the whistle blowing route if you have/are suffering breaches as a result and the company isn't reporting them (but that only really applies if you are within or deal with the EU zone, or similar GDPR regulations).
Hi Thom A,
The reason customer gave to me is that "Somehwere in time, one patch, gaves-me hours of work, reparing one instance. No more patching after this."
Me: "But, but, and error correction and security ? You don't have concerns ?"
Them: "I'know, I'm the customer, I'm the boss" - Something like that....
But, thank your reply give-me more points to argue.
December 21, 2018 at 5:30 am
pedro.v.cardoso - Friday, December 21, 2018 5:15 AMHi Thom A,The reason customer gave to me is that "Somehwere in time, one patch, gaves-me hours of work, reparing one instance. No more patching after this."
Me: "But, but, and error correction and security ? You don't have concerns ?"
Them: "I'know, I'm the customer, I'm the boss" - Something like that....But, thank your reply give-me more points to argue.
But surely they have a dev and UAT environment to test against. Without trying to be rude, however, if that is the attitude of the person I would really want to sever ties with them. At best, if you are responsible (in some way for them), make sure you document all your attempts to help them patch, have copies of the phone calls or emails available. Then if something does occur (like a breach) you can evidence you have tried everything to try and get the customer to update their product.
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
Larnu.uk
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply