By Every security patch carries an operational risk: take the system offline to apply the update, or leave it running and accept the vulnerability. Large maintenance windows mean late nights, unpredictable rollbacks, and systems that are either exposed or unavailable. Neither outcome is acceptable for production workloads.
In this interview on TFiR, Dave Bermingham, Senior Technical Evangelist at SIOS Technology, breaks down how automation, infrastructure as code, and high availability design are converging to eliminate that trade-off entirely.
Guest: Dave Bermingham, Senior Technical Evangelist at SIOS Technology
Show: TFiR
Here is what every platform engineer and IT operations team needs to know.
Technical Deep Dive
Q: How is patch management evolving to reduce disruption for production systems?
Dave Bermingham, Senior Technical Evangelist at SIOS Technology, says patching will become significantly less disruptive as automation, infrastructure as code, and more resilient infrastructure designs reduce both the time required and the downtime incurred. The shift is already underway, with organizations moving away from large, high-risk maintenance events toward smaller, more frequent incremental updates. Systems are being designed to absorb those changes while remaining online, removing the pressure of coordinating late-night maintenance windows where failures can cascade.
“Instead of big maintenance events where everyone stays up late hoping nothing breaks, updates will happen in smaller increments and more frequently with systems designed to absorb those changes while staying online.” — Dave Bermingham, Senior Technical Evangelist, SIOS Technology
Q: What role does high availability play in making patching less disruptive?
Bermingham identifies high availability and automation as the two primary drivers that will make near-invisible patching possible. HA architectures allow workloads to remain online while underlying systems are updated, because the infrastructure is designed from the ground up to tolerate change without service interruption. Automation then handles the coordination, sequencing, and verification that previously required manual oversight and extended maintenance windows.
“High availability and automation will play a big role in making sure that happens.” — Dave Bermingham, Senior Technical Evangelist, SIOS Technology
Q: How does infrastructure as code change the patching process?
Bermingham points to infrastructure as code as a key factor already reducing the time required for patching and minimizing downtime. When infrastructure is defined and managed programmatically, updates can be applied consistently, tested predictably, and rolled back reliably, removing the variability that makes large maintenance events risky. This consistency is what enables the move to smaller, more frequent update cycles.
“Automation and infrastructure as code and more resilient infrastructures are already reducing the amount of time required for patching and minimizing that downtime.” — Dave Bermingham, Senior Technical Evangelist, SIOS Technology
Q: What does it mean for patching to be invisible to end users?
Bermingham frames the end goal as patching that happens without any user-facing disruption: security updates are applied, systems stay stable, and the organization never has to trade availability for protection. This is not about hiding patching activity but about building infrastructure resilient enough that updates no longer require scheduled outages or service degradation. The result is that security and uptime stop being competing priorities.
“The goal is to make patching almost invisible to end users, so security updates will still happen, systems will stay stable, and organizations do not have to choose between protecting their systems and keeping them available.” — Dave Bermingham, Senior Technical Evangelist, SIOS Technology
Resources & Documentation
- SIOS Technology, high availability and disaster recovery software for critical workloads on-premises and in the cloud
***
👇 Click to Read Full Raw Transcript
Swapnil Bhartiya: How do you see the future of patch management evolving? I think patching will become much less disruptive over time. We’re already seeing that automation and infrastructure as code, and more resilient infrastructures are already reducing the amount of time required for patching and minimizing that downtime. So instead of big maintenance events where everyone stays up late hoping nothing breaks, updates will happen in smaller increments and more frequently with systems will be designed to absorb those changes while staying online. So high availability and automation will play a big role in making sure that happens. But the goal is to make patching almost invisible to end users, so security updates will still happen, systems will stay stable, and organizations do not have to choose between protecting their systems and and keeping them available.
