5 Benefits of Automating Patch Management
In a previous article I wrote about software patches and why relying on auto updating systems of individual applications is not a practical solution for corporate networks.
You need a patch management solution for proper patch management. But what are the benefits of automating patch management for these companies?
1. Security
Security is the most obvious reason as to why companies would want to have an automated patch management solution in place. One of the main reasons why software vendors release new patches is to fix security vulnerabilities that can be exploited by malicious software or people intending to damage the IT systems or network.
Applying security patches in a timely fashion highly reduces the risk of having a security breach and all the related problems that come with it, like data theft, data loss, reputations issues or even legal penalties.
2. Company Productivity
An efficient system which deploys patches network wide helps to improve the productivity of the company in many ways. Often patches come with performance improvements for the products they apply to, or fix crashes. Helping employees get rid of these issues will lead to a productivity boost. The improved security also helps productivity. In the majority of cases the worst effect of malware is not the stealing of company sensitive data, but rather the downtime that badly affects productivity. The effect varies from congested networks or slowed down systems because of malware activity, to breakdowns of business critical applications and to systems which are totally compromised and need to be reinstalled from scratch.
3. IT Department Productivity
Productivity gain is easily measured within the IT department. You just need to ascertain how many people and working hours are required to patch the systems manually, and how much you save by using software that automates the process. In fact, for companies that have more than 20-25 computers in their network, the headaches and time required to perform manual patching are so high that, if the company does not have a solution to automate patch management, they probably do not do it at all or it is limited to critical servers only.
4. Compliancy
Recently compliancy has become an important driver for companies to implement a patch management solution. There are more and more laws and regulations that are imposing security best practices on companies and having the systems fully patched is one of the most important security rules.
Government institutions, companies offering financial services and healthcare organizations are among the most affected by these regulations, but the trend is that all companies will need to be secure enough to be able to protect the privacy and data of their employees, customer and partners.
Here is a list with some of the most important standards related to IT infrastructure security: Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), Sarbanes–Oxley Act (SOX), Gramm–Leach–Bliley Act (GLB/GLBA), Federal Information Security Management Act (FISMA), Family Educational Rights and Privacy Act (FERPA), Government Connect Secure Extranet – Code of Connection (GCSx CoCo).
Failure to comply can result in losing opportunities, incurring legal and financial penalties or even losing your business.
5. Keep Up with New Features
Patches can contain new features, adding new functionality or extending support for additional platforms. For organizations this often translates into opportunities to improve or extend their services.
About the Author: Cristian Florian
Cristian Florian is product manager at GFI Software. Starting as a software developer, he developed his career step by step gaining more than 12 years of experience in network security and software development. He currently oversees GFI LanGuard, a successful network security scanning and patch management solution.
I’ve also read your previous article on the pitfalls of auto updating systems. They were very solid points all around but it’s good to see that you guys are also doing articles on the other side of the coin.
Personally, our company has been on an auto updating system for quite some time. But since we’ve been suffering from the same problems you outlined in your last article, we’ve been trying to devise ways on how to get around it. However, it’s still true that auto updating does afford you an amount of convenience making it worth the effort.
We currently have to do without our auto-patching management system, especially after a recent patch development screw up set us back a full week. Because of pressure from the coming holidays, a patch was pushed out way too early before it could go through the normal barrage of tests. The patch eventually went live, but we later discovered critical functionality problems. We eventually had to force all our systems to rollback, which took far more time than we could afford.
Our company has actually reached an impasse on whether to adopt an automated patch management system or not. A good number of points have been raised both for and against an automated patch management system; and most (if not all) those points were raised in the two articles posted here at the GFI blog. We’re currently working without one, but I’m wondering if it may be time to make the switch based on the points raised in this article.
To be completely honest, I don’t believe that there’s anything wrong with auto patching per say, but rather, there are key concerns with the current system of auto patching in our industry today.
Though there are many pitfalls to auto patching, this article accurately highlights it’s undeniable benefits. I think, in due time, future iterations of auto patching systems will be able to incorporate the security and versatility of non-auto patching systems with the convenience of current auto patching systems.
Thank you all for your comments. I’m glad if this helps you and if you can see additional benefits feel free to increase the list with items that I have missed.