Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Ignore Patches at Your Peril

With the rapidly increasing numbers of attacks on vulnerabilities in enterprise systems and software, data center managers face a mounting challenge to receive and apply the appropriate software patches. The pressure is on to protect the organization's applications and assets from hostile intentions, so data center managers need to be sure that patch codes are safe, are appropriate for their own configurations, and can be implemented without interrupting vital business services.

Viral and worm-based attacks can damage the data center, resulting in:

  • Damage to the integrity of application functionality;
  • Data theft; and
  • Damage to the operation of enterprise services (denial of service).

This is almost an arms race between the good guys and the bad. Many attacks will result shortly after vulnerability is announced by software vendors. The most commonly used solution to this problem is the deployment of patches that sequentially address each new vulnerability discovered (although occasionally a patch can itself give rise to a new set of problems). Overall, the importance and sheer number of patches demands that they be effectively managed and carefully deployed.

Patch management needs to take into account the business factors that are most important to the organization, such as the availability of business systems, which might dictate only a small window of opportunity for patch deployment. The management process should also first allow time for assessment of the patch and for testing in a controlled environment that mirrors the effects of the patch in a live environment.

Other issues arise from the complexity of the enterprise infrastructure, both inside and outside the data center. For example, the patch may have to be deployed across hundreds of servers, some of which may have to be visited at remote locations. Furthermore, large organizations are likely to be using thousands of desktop workstations, and each must also be monitored for compliance to the patch deployment.

  • 1