Patch Management: Is Your IT Support up to Patch?
With GDPR on the horizon, data security is not just climbing up the IT support agenda. Keeping personal and business data private is a top security priority and looks set to remain that way for the foreseeable future.
Accordingly, maintaining software and systems by ‘patching’ is extremely important. The case for patching was made crystal clear as early as 2015 when an article in SC Magazine stated that:
“Disregard for patching represents a growing problem for many businesses. Untrustworthy software is responsible for over 90 percent of data breaches worldwide.”
If you haven’t yet factored patching into your IT support and maintenance priority list, you should do this. In particular, if you work with an IT Support provider you should discuss this with them.
In this article we will look at what patching is, why it is so important, and why taking a random approach to it is simply not enough to address the complex cyberthreats inherent in today’s connected organisations.
Why is patching important?
Every time a major new security breach or software vulnerability is announced, analysts and vendors alike always stress the importance of keeping IT systems up to date.
If you have been hacked, or your network has suffered any kind of breach in the recent past, the chances are that your systems may not have been fully up to date.
At this point we must say that if you’re an Alliance Solutions IT support customer and we take care of your patch management requirements, this doesn’t apply to you!
For this reason, it is vitally important to ensure you have a process in place to ensure that all your software systems are patched i.e. updated in a timely manner.
As we wrote in an article back in 2016: Security risks: Why it pays to keep your IT software and systems up to date, this doesn’t just apply to Microsoft systems like Windows; it applies to every software application that runs in your business.
What is patching?
In a nutshell, a patch is a small (or occasionally large) download for an existing software application or operating system.
The updates are also known as ‘patches’, and are issued by software vendors, mostly as free downloads which are applied automatically or require some manual implementation.
These patches are usually provided to add new features, improve a user interface, fix a bug or address a newly discovered security vulnerability. Sometimes the patch releases achieve multiple goals. For the most part, patches are intended to improve the overall functionality of the software.
Key reasons why patching is so important include:
- A large proportion of targeted security exploits typically target older, known vulnerabilities i.e. specifically software applications that have not been patched.
- Hackers know that patching is a cumbersome and ‘easily ignored’ process, so they produce malware to exploit what is actually a human problem in this regard.
- Hackers also know that many business owners and directors adopt an attitude of “it won’t happen to us” or “surely we can’t be a target” – which plays right into their hands.
- In an article incorporating series of Technology Forum videos made in 2015, SC Magazine says that “Disregard for patching represents a growing problem for many businesses. Untrustworthy software is responsible for over 90 percent of data breaches worldwide.”
Why ‘manual’ patching isn’t enough
Patching can be a complex and time-consuming process. Done in a manual or random way, it is also prone to mistakes and omissions, particularly in rapidly growing organisations with new network users coming online and new software applications being deployed on a regular basis.
Applications from the massive enterprise software providers such as Microsoft or Apple are not necessarily the issue. These organisations have well-structured software roadmaps with regular (often weekly) update and upgrade programmes, and respond quickly to vulnerability discoveries and outbreaks.
It’s the myriad ‘other’ applications which pose more of a challenge, with the many brands and versions.
For these reasons, patches are best applied in a structured process and in a timely way.
Should patching be left to professionals?
Given the sheer number of applications in use in a typical business (estimates range from 20-30 in smaller organisations to hundreds for larger ones) it is increasingly unwieldy, confusing – and risky – to operate a DIY patching policy.
Good reasons exist to leave the job of patching to IT specialists who have the knowledge, skills and highly evolved patch management software to the job properly.
Here are a few reasons why this makes good sense.
- It’s difficult to keep track of all your software versions: Without a complete inventory of all the software installed on every device, and an accompanying list of version numbers, it is virtually impossible to know what needs patching and when. IT support professionals have systems to keep a tight control on software inventory and the version in use on each device.
- There’s a huge and growing number of software applications: The greater the number of applications, versions, users and devices at an organisation, the more complex the process of patching becomes. The time requirements for keeping on top of all patching of all software are only going to spiral as the organisation grows.
- Software versions are often incompatible with each other: Occasionally, a patch issued for one application may render it incompatible for operation with another – which means timing of patch applications can be a major headache. Should patches be applied as soon as they are released? If not when is the best time to do it? These are complex decisions best left to professionals.
- You need the ability to roll back to a previous version if it goes wrong: The compatibility issues described above may only become apparent following implementation of a patch and subsequent system failure. If such a failure occurs with critical operational system during core business hours, rolling back your software version to an earlier version quickly is vital, requiring specialised knowledge and skills.
Alliance Solutions advice
Alliance Solutions is an IT Support and solutions provider which, among its services, offers a full system and software maintenance programme that includes patch management.
As part of its service, Alliance Solutions can manage your complete software inventory, ensure all software applications, versions, licenses, locations, users and in-use devices and their ‘status’ are logged and managed.
Included within this process is the task of identifying ‘at risk’ applications i.e. those that are unpatched, keeping track of available updates and patches and applying those patches in a structured and timely manner.
Alliance Solutions can also monitor known threats and vulnerabilities that may put systems at risk, as well as carrying out regular scans of system software to discover ‘unknown’ vulnerabilities. We can then source patching solutions as needed.
Next steps
For further information about the importance of patch management and to discuss your organisation’s specific IT support requirements, please contact Alliance Solutions on 0800 292 2100 or email.