Patch Management Strategy

Author: Janet Peter

Introduction

In the It industry, a patch is an update meant to fix a flaw in an application code or software. Patches are contained in service packs and rollups, and they are regularly released by vendors of software especially after the identification of a security concern that results in the identification of vulnerability in software. It is vital to not that not all patches are meant to solve exploitable flaws or security vulnerabilities. Other patches are meant to offer functionality corrections in flawed software. The term patch management refers to processes for identifying and implementing these updates in a technical environment. The discussion in this paper pertains to the issues in patch management particularly in an enterprise environment where the are many interconnected systems.

One of the greatest challenges to patch management is that ill-intended people are continually developing and releasing malicious codes in large numbers so as damage or steal enterprise information (Guade, 2004). Those malicious codes attempt to compromise or disrupt the information flow as well as assets and other systems in enterprises. In the current information technology, there are several systems that are distributed and interconnected, and it, therefore, becomes hard to manage the patches that are meant to curb those security threats to the information system (Cisco Corporation, 2013). Moreover, the systems being affected are the ones that are running on the Microsoft operating system that is widely used in enterprises. Therefore, the security teams will not escape the need to faced challenging situations in light of the need to have security patches and manage them properly.

Another nightmare regarding patch management for Microsoft customers is that Microsoft’s many products have their tools and methods for offering software updates. The many product versions, product differentiations, and language versions mean that companies have to issue multiple patches for a single vulnerability (Bosworth et al., 2009). The problem is exacerbating because the product versions and the language versions are continually being released. And because the tools of the vendors use different path infrastructures, enterprises see different results when using such products as Microsoft Software Updates, SUS Pack, and Microsoft Security Analyzer among others. Microsoft admits that it often offers incomplete and inadequate patch management information and inadequate assessment tools, and it also offers inadequate, poor quality patches. That means the enterprises using Microsoft products are likely to face challenges when managing patches in Microsoft products.

Another problem faced by the organizations is that they do not have the necessary expertise for managing the patches effectively, and many of them carry the process manually. They do not have in place the latest patch management technologies and that makes the patch management process lengthy and prone to human error (Felicia, 2012). Those manual processes that many organization uses includes patch assessments, distribution of patch packages, monitoring and updates, continual monitoring processes, and installation confirmations (Zhang, 2007). Based on the extent of the distribution and the size of their systems, it is obvious that they are a problem to find it challenging to manage patches.

The other problem that organizations face while managing patches is that it is hard for them to meet the compliance requirements. A patch management process that is effective plays a crucial role in meeting the compliance requirements that are specific to the industry (Souppaya & Scarfone, 2013). That makes it expensive for the enterprise that has limited budgets as they are likely to face hefty fines in case they fail to meet the needed standards in patch management. That makes the data and system administrators to fear in accomplishing the patch management bearing in mind that they may not be fully aware of what is supposed to be done.

Enterprises are also using a variety of devices to connect to their networks including desktops, laptops, servers, mobile devices, security appliances among others. Many businesses only focus on the security of the devices installed in their systems, and they overlook the managing patches for their mobile devices (Felicia, 2005). A comprehensive patch management process should be tailored top protecting the major components of an information system as well as the computing devices that are used to connect to it so as to make sure there are integrity, confidentiality, and availability of their information. Another challenge that exists to patch management in companies is that they test the applications before implementation. It is crucial to test the patches so that one can be sure of the stability of a new patch on their current environments (Warkentin & Vaughn, 2006). However, testing of the patches is still difficult in many organizations as they lack the required hardware and software for testing the patches in their environments.

Conclusion

Patch management is a vital task that is meant to correct the issues in software applications that the attackers are likely to leverage and attack systems or the issues that make the applications not to work as desired. It is important for enterprises to have a system administration that has the required skills for effectively executing patch management. They should ensure that they address the problems mentioned in this document and other issues as they may identify.

References

Bosworth, S., Kabay, M. E., & Whyne, E. (2009). Computer security handbook (5th Ed.). Hoboken, N.J: John Wiley & Sons.

Cisco Corporation (2013). Patch Management Overview, Challenges, and Recommendations. Felicia M. (2005). Curing the Patch Management Headache. Taylor & Francis Group, Boca Raton, London: NY. Felicia M. Nicastro (2012).Security Patch Management (2nd Ed.). Taylor & Francis Group, Boca Raton, London: NY. Guade, D. (2004). Using proactive depth in defense strategy to ease ptach management problems.

Moeller, R. R. (2010). IT audit, control, and security. Hoboken, N.J: Wiley.

Souppaya, M., & Scarfone, K. (2013). Guide to enterprise patch management technologies. NIST Special Publication, 800, 40.

Warkentin, M., & Vaughn, R. (2006). Enterprise information systems assurance and system security: Managerial and technical issues. Hershey, Pa: Idea Group Pub.

Zhang, G. Y. (2007). Three essays on managing information systems security: patch management, learning dynamics, and security software market. University of Washington.

Sherry Roberts is the author of this paper. A senior editor at Melda Research in professional research proposal writing services if you need a similar paper you can place your order for a custom research paper from research paper services .

Bottom of Form