Security Updates Require Testing, Even From Citrix
Patching Zero-Days, With Zero Risk?
I get it; it’s complicated…Yesterday, I got a message from a customer that their users faced a business standstill since Citrix Workspace App did not work anymore after applying security update CTX297155 to their Citrix ADC (NetScaler).
As the ADC acts as a gateway that everyone has to access your applications, an outage has an immediate effect, with downtime costs easily above $5,000 per minute. Quite frankly, this has happened before and will happen again. Not just for Citrix, but there are plenty of examples for other major technology players in the EUC market, e.g., Microsoft and VMware.
The problem here is that you are in a tight spot; on the one hand, you’d like to remove security risk from your environment ASAP, but on the other hand, you’re responsible if it-systems fail and people can no longer do their job. On the other hand, in the many conversations I have with IT-Admins in this field, they feel that large technology vendors are moving QA over to their customers. A model that’s come to be accepted for consumer applications but should not ever become a reality in the enterprise. QA teams are shrinking, releases come at a higher pace, and the technology stack is getting more complex.
Looking at where we are today and how the average technology stack’s complexity has grown. The rate of changes is increasing (1200+ updates to windows 10 alone in 2020), the tolerance for mistakes has never been so low, and the pressure to deliver faster and faster has never been this high.
So, what if testing didn’t have to be time-consuming or expensive? What if I could get confirmation that all my applications are still launching correctly after an update and that I could – at a glance – see what the impact would be on performance if I were to deploy a freshly updated image?
At Login VSI, we get you 100% application performance, no business standstill, and happy end-users. You can simply and quicky run all your changes through our automated testing platform, Login Enterprise, before moving them into production. We test your patch full-stack (as a real user) by simulating user activity, anywhere, anytime 24/7.
Sounds too good to be true? Give it a try here.
There are many estimates of what downtime can cost a company, and they vary based on the size of the company and what systems are down. Here are some of the estimates we found in our research:
- Ponemon Institute Research conducted a study of multiple data centers. It estimated the average cost of data center downtime was approximately $7,900 per minute, and the average incident length was 86 minutes (Ponemon.org, Cost of Data Center Outages 2013)
- CIO Insight found that when systems are down, employees can only work at 63% efficiency (cioinsight.com, IT Downtime Carries a High Pricetag)
- Gartner makes a very conservative estimate at the hourly cost of downtime at $42,000 (networkworld.com, How To Quantify Downtime)
- Enterprise Management Associates puts the cost of application downtime at $45,000 per hour, averaged across low mid-tier to large enterprises (zdnet.com, Real Cost of Application Outages)
Based on these reports, we can see that there’s little consensus on what downtime costs, but we can use this to develop some conservative estimates. The Ponemon numbers are the most referenced and have the most backing data. We’ll use the CIO Insight research to assume users can still work at 63% efficiency while systems are down—good employees will still find ways to do their job, so this conservative result bakes in some user ingenuity into the equation.
Using these guidelines, we’ll assume that a VDI outage costs a company, on average, $5,000 per minute of downtime.