Cornerstone is a nationwide company with about 100 locations across the U.S. and 2,300 endpoints to manage. Their internal team was made up of 7 then-burnt-out IT professionals who were trying to keep up with their necessary patching.
Four times a month they were stuck on phone calls lasting anywhere from 3-8 hours to discuss the deployment schedule and issues needing to be remediated. Patching took even longer. Often they had to spend Friday nights working late, which was obviously not a popular way to begin the weekend.
As a result, the team was spent. They struggled to find the energy and resources to tackle vulnerability remediation in addition to their other work. This resulted in the same issues popping up on problem servers every month in the patching cycle. Lots of man-hours were being put into deploying and remediating software updates, but compliance was still an issue.
Collaborating With Cornerstone To Automate Patch Management
We spent the first 3 months working learning Cornerstone’s processes from their internal team. After that, we took the lead on managing their monthly patching cycle. We identified areas of inefficiency and applied automation where it made sense to do so. This freed up Cornerstone’s internal resources to work on other value-added tasks.
Next we moved to servers, which proved to be an additional challenge. Cornerstone had varying types of server infrastructure on-premises and in the cloud. Different people had access to different systems, and only certain employees could log in and verify.
We worked closely with the internal team to track, report, and remediate permission issues, ensuring we could take over patching of all systems. We then centralized access and remediated many of the servers to get them caught up with patching.
Finally, we automated the test system patch installation process. Patching and restart were automated in several update rings. The only task that needs to be done manually today is validating updates. As Cornerstone gets more confident in the process, more rings can and will be automated.
Saving Cornerstone 85k/Year In Man-Hours Alone & Driving Compliance North
Our primary objectives from Cornerstone were reducing the man-hours required each month from the internal Cornerstone team, as well as increasing endpoint security compliance and first-time patch install success.
As part of taking over the patching cycle, we emphasized remediation of not only the patch installation failures, but also broken MECM clients or OS corruption. And while Cornerstone is still in the process of remediating certain servers, 283 servers are now 98% compliant. Automating these processes is saving approximately 35 man-hours a month for the internal team and driving compliance north.
We estimate that Cornerstone is saving over $85,000 per year in just man hours saved by not having to manually patch, near the same price as hiring a full-time FTE.
We continue to work with Cornerstone to implement, review, and come up with recommendations for automation. Their internal team members have more time with their families and better work-life balance, now that they don’t spend long hours manually patching, and compliance and security have improved across the board.