6 steps for a solid patch management process

Patch management is simply the practice of updating software – most often to address vulnerabilities. Although this sounds straightforward, patch management is not an easy process for most IT organizations. Here are the steps you need to take.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

The criticality of software patches is one again in the spotlight, as cybersecurity officials worldwide are contending with Spectre and Meltdown – a collection of security flaws affecting most computer chips made in the past 20 years.

That’s because available software patches can address the flaws, although the tradeoff could be chip performance.

Today’s situation echoes last year’s stories around the WannaCry and Petya ransomware, both of which exploited software that hadn’t been updated with available patches that came with their own potentials for complications.

Such tradeoffs begin to show the complexities of patch management, a discipline in which IT and cybersecurity need to understand the security risks and weigh them against the risks of business interruptions and IT infrastructure malfunctions that can arise when patches are applied.

What is patch management?

Patch management is simply the practice of updating software with new pieces of code – most often to address vulnerabilities that could be exploited by hackers but also to address other problems in the existing program or add new functions to it.

Although the practice sounds straightforward, patch management is not an easy process for most IT organizations.

Applying software patches in modern enterprises that have complex, often customized environments with multiple integration points could slow down hardware or software, as is the case with the patches designed to fix the Spectre and Meltdown vulnerabilities. Patches could close ports, disable critical pieces of infrastructure, could crash systems or cut availability – potential scenarios that could leave businesses without the systems they need to operate or handle transactions.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.