IT Strategy and Planning

Three strategies for keeping current with Patch Management

Print
Check out this page on Dell.com! Email
Rate
1 out of 5
2 out of 5
3 out of 5
4 out of 5
5 out of 5

By: Ron Woerner (1/26/2011)

Application patches: You can’t live with them and you can’t live without them. Most enterprises and people are getting the message that the best way to prevent security breaches is to stay up to date with patches. However, it’s a challenge on many fronts. On one hand, you have the vendors that supply large quantities of patches, which must be evaluated, tested and deployed. On the other hand, you have your business users, who won’t give you the time to install even the critical patches. This is why it’s important to have a patch management strategy approved by management to stay current with vendor application patches. Here are three ideas for getting your patch management strategy in place. Consistent timelines and processes: Microsoft set the lead almost 10 years ago when it created “Patch Tuesday,” as the second Tuesday of every month. Many other vendors such as Oracle and Adobe have followed that lead with their patch cycles. This makes it easy for systems administrators to anticipate patches to these products and establish a set timeline and process for their evaluation, testing and deployment. You should document your product support process and timelines and get in the habit of following your process every time a new patch comes out. This improves their prioritization and helps with scheduling, since it’s a well known event. Automate as much as possible: The more you can automate the process, the less work and stress there is for everyone, including systems administrators. Microsoft once again has set a standard with its patch deployment products like Windows Server® Update Services (WSUS) and System Center Configuration Manager (SCCM). There are also third-party products that can install patches and updates for multiple vendors’ products, such as BMC Software, BigFix™ (now an IBM® company) and ConfigureSoft (a division of VMWare®). All of these products prevent the sys admin from having to manually touch every PC, system and server in the enterprise. Managerial support: The leadership of your enterprise should understand and support your strategy. They need to understand the importance of staying reasonably up to date on software versions in order to assure system functionality as well as security. There are some shops that don’t have this and need to fight to install patches even once every 18 months. That’s too long for most major software packages to stay unpatched. Enterprise leadership needs to be the champion for the software update process to ensure a well-functioning organization. There are many tactical and operational steps that fall under these three strategies, such as the patch evaluation, testing and deployment processes. All of this should be documented in your enterprise’s software patch and update standard. A written document allows leadership, systems managers and users to understand your underlying philosophies and practices for patch management. If it’s not written, then you can’t expect everyone to follow it. At this point, patch management should be a science for most enterprises. We’ve been doing it long enough. By following the strategies outlined here, you can ensure your organization is up to date, efficient and secure with its software. For more information, see: IT Security Design: No More Soft, Chewy Centers Why Security as a Service Makes Sense Making Whitelist-Based Security Work for Your Enterprise

Application patches: You can’t live with them and you can’t live without them. Most enterprises and people are getting the message that the best way to prevent security breaches is to stay up to date with patches. However, it’s a challenge on many fronts. On one hand, you have the vendors that supply large quantities of patches, which must be evaluated, tested and deployed. On the other hand, you have your business users, who won’t give you the time to install even the critical patches. This is why it’s important to have a patch management strategy approved by management to stay current with vendor application patches. Here are three ideas for getting your patch management strategy in place.

Consistent timelines and processes: Microsoft set the lead almost 10 years ago when it created “Patch Tuesday,” as the second Tuesday of every month. Many other vendors such as Oracle and Adobe have followed that lead with their patch cycles. This makes it easy for systems administrators to anticipate patches to these products and establish a set timeline and process for their evaluation, testing and deployment. You should document your product support process and timelines and get in the habit of following your process every time a new patch comes out. This improves their prioritization and helps with scheduling, since it’s a well known event.
Automate as much as possible: The more you can automate the process, the less work and stress there is for everyone, including systems administrators. Microsoft once again has set a standard with its patch deployment products like Windows Server® Update Services (WSUS) and System Center Configuration Manager (SCCM). There are also third-party products that can install patches and updates for multiple vendors’ products, such as BMC Software, BigFix™ (now an IBM® company) and ConfigureSoft (a division of VMWare®). All of these products prevent the sys admin from having to manually touch every PC, system and server in the enterprise.
Managerial support: The leadership of your enterprise should understand and support your strategy. They need to understand the importance of staying reasonably up to date on software versions in order to assure system functionality as well as security. There are some shops that don’t have this and need to fight to install patches even once every 18 months. That’s too long for most major software packages to stay unpatched. Enterprise leadership needs to be the champion for the software update process to ensure a well-functioning organization.

There are many tactical and operational steps that fall under these three strategies, such as the patch evaluation, testing and deployment processes. All of this should be documented in your enterprise’s software patch and update standard. A written document allows leadership, systems managers and users to understand your underlying philosophies and practices for patch management. If it’s not written, then you can’t expect everyone to follow it.

At this point, patch management should be a science for most enterprises. We’ve been doing it long enough. By following the strategies outlined here, you can ensure your organization is up to date, efficient and secure with its software.

For more information, see:

IT Security Design: No More Soft, Chewy Centers

Why Security as a Service Makes Sense

Making Whitelist-Based Security Work for Your Enterprise