How applying a Critical Drupal update costed a Drupal agency 1,750.00€ minimum

How applying a Critical Drupal update costed a Drupal agency 1,750.00€ minimum
This article is meant to be a further step to raise agencies’ and also customers’ awareness of the huge expenses when it comes to update management in Drupal.
It’s not about promoting a single solution or product. It’s about getting more sensitive for processes which could or should be way smarter and more efficient than they are in most companies right now. It’s about creating processes which are resource friendly, customer focused and support automation.


But let’s start with a proper overview.

On February 21, 2018, the Drupal Security team released a Critical Drupal core update, SA-CORE-2018-001.
Drop Guard users were informed about it by the update management platform, so the update could be applied, got tested and - after the testing by the user or customer was successful - was pushed to live right afterward by the tool. Drupalers with manual update processes also received this message, directly via newsletter, social media or other channels or some time (or even a day) afterward, so they also started the process, but manually.
In this case, this agency shared their story about this manual process with us so we had the chance to experience it at first hand. Here’s what led to the blown amount of financial and personnel resources:
The update process claimed the whole team around 35 hours, which means 1,4 hours for each site (25 sites overall). Not taking the spent nerves on this annoying process into account, of course.
20 hours were spent managing the whole process. That included communication with the team, re-assurance of completed tasks, testing (if needed: bug fixing or re-rolling of failed tests) and communication with the customer. Not to mention the time spent on recording all steps and to-dos to make the process transparent in case something failed. So, this project manager (in this case it was a person which took the responsibility to manage the Critical update within a support team’s range of duty) spent 0,8 hours per site. And now, over 14 days after the release of the Critical update, some customers still need to test it, so the whole support team is still waiting for their feedback. This might also produce some needed resources and time spent on the feedback, but that’s only hypothetical for now.


Around 15 hours were spent by the development team, beginning at detecting the update to pass through the whole update workflow until it’s delivered successfully to the customer.
We already wrote an article about the single steps a developer has to accomplish to apply updates manually in this previous post, and we calculated optimistically 30 minutes per site. In this real-life case here the developers needed average 0,6 hours per site for applying, testing, assigning, re-checking, fixing, finishing one single project.


If we assume the average cost per team member, including all allocatable costs, are 50.00€ EUR (which is quite realistic in Central Europe), we can calculate

(20h + 15h) x 50.00€ = 1,750.00€. 

Ouch. Avoidable.

This honest feedback from an agency showed us that companies with high process standards, high-quality workflows, and great success stories struggle to hold their smartness “in place” within update processes. And it’s just human.
So, updating Drupal website manually will consume the budget you could’ve spent on more profitable activities and education. We asked them what they would’ve accomplished or done when they had 1.750,00€ on hand. They talked about social events for their team building, workshops and advanced training for team members - which might raise the success of a project in immeasurable ways - , just additional budget (and especially time!) for each project or more marketing budget or special customer interactions.
And now, imagine the value if the 35h of work effort spent on the projects for bug fixing, feature development or general optimizations.
There are various options the agency could’ve spent this time and money more efficiently. Applying updates manually consumes more resources than it gains value. And you know this too.


If you generally want to learn more about update automation in Drupal or if you are already on fire to stop wasting resources on manual update processes, contact us or browse through our blog. We’re looking forward to hear from you.