There are some phrases that immediately put pressure on an IT team.
“Our servers aren’t completely up to date. Can we do it this week?”
On paper, the answer seems obvious. An unpatched system is potentially exposed, and every day of delay can be perceived as an additional risk. However, in the field, acting quickly is not always synonymous with acting well. In some contexts, the most responsible decision is to wait. Infologo, an IT service provider based in Geneva and Lausanne, has been helping SMEs in French-speaking Switzerland with this type of trade-off for years.
This article is based on a real-life customer case, enriched by the technical analysis of our teams.
A recent case: the updates are ready, but the window is missing
At one of our customers, the server updates were ready. Access rights were in place. Our outsourced IT infrastructure management contract authorized us to intervene. But one element was missing: a truly secure intervention window.
A few months earlier, a reboot had gone wrong on production clusters, i.e. the groups of interconnected servers that run the company’s mission-critical applications. Nothing catastrophic, but enough to create a lasting distrust of any operation involving a reboot. Added to this was the absence of the in-house technical contact, the only person who knew the precise history of the clusters, application dependencies and backup procedures. Without him, taking action meant working without a safety net.
So the real question was not “can we technically apply these updates?” but “under what conditions can we do so without creating a more serious problem than the one we’re trying to avoid?”
We have formalized three things with the customer in anticipation of this window.
- A precise inventory of outstanding updates, system by system, with an assessment of the actual level of exposure – not all overdue updates present the same risk.
- An action plan conditional on the referent’s return, with the order of operations, checks before each restart and predefined fallback scenarios.
- And explicit agreement on what would justify speeding up in spite of everything: typically, a critical vulnerability actively exploited on the systems concerned.
As soon as the technical consultant returned, operations were completed cleanly and without incident.
The maintenance window is not just a time slot
A server maintenance window is a set of conditions brought together simultaneously: the right skills available, a clear understanding of the infrastructure, documented back-up procedures and controlled communication with users. Reducing this to a night-time window is a common mistake.
In Switzerland, the OFCS recorded 35,727 cyber incidents in the first half of 2025, a level that is stabilizing and rising. In this context, every unpatched system is one more potential attack surface, and one more reason not to improvise maintenance operations.
Our engineers regularly observe this at customers with continuous operations. Tolerable interruptions are very short, sometimes non-existent, and restarts have to be orchestrated with precision. High-availability mechanisms – the ability of a system to switch automatically to a backup resource with no discernible interruption – can limit the impact, but they do not dispense with rigorous preparation.
Another customer, active day and night, ran for several years with very short nightly restarts, without any notable incident. During a recent update, a restart took longer than expected and revealed a latent malfunction that had been invisible until then. The incident highlighted a problem that might otherwise have had far more serious consequences. Restarting is not the main risk. It is often the revelation.
What we recommend at Infologo
Forcing updates on a sensitive infrastructure, without the right contacts and without a backup plan, isn’t proactive. It’s recklessness masquerading as efficiency.
Our position: doing nothing is not a strategy, but knowing how to wait can be. When the right conditions are not in place (e.g. absence of a referent, history of incidents, poorly documented dependencies), postponing an update is sometimes the most responsible decision. Provided that the wait is active: risk analysis, action plan prepared, acceleration criteria defined.
It’s also to avoid these situations that many of our customers define regular maintenance schedules in advance. Updates are no longer one-off events, but anticipated operations.
If your servers are accumulating a backlog of updates and you can’t tell the difference between what can wait and what needs to be processed immediately, contact us.
At Infologo, we always start by taking stock of the situation before opening any maintenance windows.
