In systems that include a cloud-based component and a remote (on premise) component, it is often necessary to dynamically update commands that run on the remote component based on instructions received from the cloud-based component. In certain deployments, such as government and financial institutions, there is a requirement that network devices provide secure and continuous services. This, however, can be difficult to enforce, particularly when the software running on remote devices needs to be dynamically upgraded or patched due to security concerns. For example, dynamically upgrading commands to run on remote components, while known in the prior art, may cause security vulnerabilities that can be exploited, e.g., insertion of malicious code into the updated commands. In such deployments, therefore, it may be necessary to securely reconfigure remote network devices, on demand, without causing a loss of network services or the execution of malicious code, e.g., viruses, worms or Trojan horses.