In-Depth
For every little patch you make
- By Johanna Ambrosio
- February 1, 2005
A comprehensive patch-management approach needs to start with a complete IT inventory assessment, which can be the most time-consuming piece of the job.
Most patch-management products will tell you when patches are successfully installed. However, there's no realistic way to determine policies or practices to use patch management tools unless you know where your systems are when you start. What's the latest release for all your major applications, and where are your systems in relation to it?
Some other advice from the experts:
• For every patch you consider installing-whether with a third-party tool or some other way-do a risk assessment. Have a team that's charged with keeping up with patch releases; these folks should be versed in security and systems management issues.
• Questions to ask when doing your risk assessment depend on whether the patch is worth installing. One key variable is how critical the vendor has determined this patch to be. Also, is there some exploit or malicious code that's known to be taking advantage of something that's already been patched? Other factors to consider, experts say, include how important the application is to your business operations and whether it's an internal or external (customer-facing) type of system.
• Determine rules and policies that the patch-management system can implement. Do you want to test the patches for a certain amount of time, and then roll them out to everyone? Or do you start with a handful of machines and then later expand the deployment? What happens if a patch breaks something-what's the procedure for rolling it back? Who's responsible for overseeing this and communicating with management and end users?
• How will you decide that patches are successful? What are the guidelines you use to verify this?
• Verify that all systems have actually been updated. Most patch-management tools have reporting functions, for example, to notify IT when machines have not been rebooted, so the staff can remind end users to do it.
About the Author
Johanna Ambrosio is a freelance writer based in Marlborough, Mass., specializing in
technology and business. Contact her at [email protected].