Upgrading network device firmware/software is a task that IT operations often avoids, given that it introduces change (and therefore risk) and it requires a highly-coordinated effort to minimize downtime. As a practice, most IT organizations try to limit Firmware/Software (FW/SW) changes on their network equipment to once a year and for many, it is an expensive and arduous process.
There are three primary factors that drive the requirement for a firmware update:
- A security vulnerability identified by a device vendor
- A requirement to enable features that are not currently available on devices, or
- The currently deployed version is going out of warranty with the vendor
The security vulnerability is often the most urgent requirement which forces an IT team to plan and execute a FW/SW upgrade to minimize risk. These days security vulnerabilities are on the top of the priority list for most CIOs/CTOs. This is because high profile hacks can negatively impact a business financially, operationally and publicly. Any delay in addressing a known vulnerability will reflect poorly on a company, especially if it is exposed and impacts business continuity.