For organizations that want to keep their computer network secure, the most basic thing they can do is to keep it patched.
It’s not necessarily the most glamorous work out there for your overworked and overstretched IT people (which is why so many organizations are ignoring patching, at their peril). But your servers, network systems, routers and switches need to get patched regularly to prevent vulnerabilities. When systems don’t get patched, organizations can end up with a data breach.
The good news is that security patches are often automated. The bad news is that oftentimes, you will need to configure your system to receive those patches. Patch management also must be monitored carefully to avoid security threats that could try to take advantage of a fully-automated approach. Install-and-forget isn’t an option.
Some critical keys to successful security patch management are the development of a rigorous schedule and expertise to conduct patch testing to check that promised security improvements are actually working (and if not, finding a fix for that). As well, regularly-scheduled assessments should also be done to ensure that patched systems are truly compliant with both your business needs and regulations. For instance, the process of data transferral should be assessed to ensure confidential information is encrypted or otherwise secure.
There are numerous software packages which allows for central management across many OS platforms and applications. No IT department should be without one.
IT departments ought to continue to devote their time to developing solutions that meet business needs, but should also be scheduling time to take care of security patching. It’s not glamorous, but neither is finding that your organization has suffered a data breach.
Contributed by Vaclav Vincalek, PCIS President and author of the Pacific Coast Informer Blog
make sure you subscribe to my RSS feed!