Patch Management Strategies
Patch management has accelerated during the last five years due to the widespread adoption of wireless networking technologies, public and private WiFi and the escalation of security threats designed to take advantage of design flaws in browsers and operating systems. The intent of this analysis is to evaluate the risks of patch management and provide a series of cost-effective measures that increase the probability of success for patch management implementations.
Risks with Patch Management
Of the many risks of patch management, from lack of complete coverage of a user base, to a partially effective software patch, to the use of patches when the dependencies on the operating system and other applications are not known, the greatest is that patches will not be installed even if delivered to users. Lack of user adoption and change management strategies are the primary cause for patch management programs not being as effective as they could be (Brandman, 2005).
The risk of implementation a patch program without a suitable change management strategy drastically reduced adoption and leaves significant numbers of systems vulnerable (Brandman, 2005). The greatest risks of patch management therefore are in having an initiative to update systems across a population of users fail for lack of participation. If this occurs getting additional software patches downloaded and installed becomes even more challenging and long-term in scope. Often organizations will resort to having their senior management work with each department or division manager to ensure 100% compliance to patch management initiatives. The use of automated patch management systems is a solution that is delivering excellent results; yet getting users to opt in and actually install the downloads and if necessary update them is critical (Gerace, Cavusoglu, 2009).
A second major risk of path management is when a software company releases a patch is it only marginally effective and deals with just a few of the many potential threats to an operating system or browser (Gerace, Mouton, 2004). This has been the case especially in wireless and WiFi-based networks where there are often more complex and potentially conflicting hardware, operating software and systems configuration requirements (Higby, Bailey, 2004). A recent study of Gartner Group revealed that approximately 90% of successful Internet-based attacks are specifically designed to overcome the most difficult-to-defend areas of an operating system (Higby, Bailey, 2004). Clearly the quality of the patches is more of an issue than many organizations realize as attacks are aimed at the most complex areas of network and WiFi configurations to protect. This leaves a significant gap in security coverage as a result for entire networks.
The third significant risk is that of the patch not fully addressing the dependences of the operating system and browser variations in the total user base. Related to the second point, this is a major challenge at colleges and universities with wireless and WiFi networks where hundreds of types of laptops and mobile devices are used (Higby, Bailey, 2004). The sheer variety of laptops, PCs and mobile devices make patch management in larger colleges and universities a continual and costly challenge.
Cost Effective Measures for Patch Management
You’re 66% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.