June 21, 2011 - 12:00
GFI® Software survey of IT patching practices highlights the problems caused by poorly developed software patches and failure to keep systems secure and up-to-date
GFI Software, a leading IT solutions provider for small and medium-sized enterprises, today released survey results that reveal half of businesses have suffered at least one business critical IT failure as a result of installing a bad software patch.
The research also revealed that a quarter of those surveyed suffer recurring IT failures and lost productivity resulting from software bugs and incompatibilities introduced by badly developed software updates. The survey of 256 senior IT decision makers in the UK was conducted on behalf of GFI by independent market research company Opinion Matters.
Commitment to deploying critical updates quickly is clear, with 90% of those surveyed applying patches within the first two weeks after they are released. However, for many the process remains a manual one, with 45% not using a dedicated patch management solution to distribute and manage software updates. This lack of automation is a major contributing factor that explains why 72% of surveyed decision makers do not deploy within the all-important first 24 hours after a critical patch is released to the public.
Additional key findings
- 51% of those surveyed said their organisations did not have a rigid policy regarding the installation of critical software updates
- 25% of respondents have suffered multiple IT failures as a result of buggy patches or compatibility issues created by a software update
- The legal (43%) and healthcare (40%) sectors struggle the most with recurring IT problems caused by bad patches
- The personnel sector is the biggest user of dedicated patch management solutions, due to the lack of dedicated on-site IT support in most recruitment offices
- 29% of the survey group consider security to be the most important benefit of prompt software patching
- Improved productivity within the IT department, added security and compliance are the main drivers for investment in patch management solutions
"The stark figures revealed by this research reinforce the importance of testing patches before deploying them in a production environment. Patch management solutions help keep the balance between maintaining productivity - testing patches to make sure they do not interfere with the business environment - and applying security patches in a timely fashion to avoid compromising security," said Cristian Florian, product manager at GFI Software.
"Patch management solutions such as GFI LanGuard 2011 can also roll back problematic patches and get the company back to work in a fraction of the time compared with a manual uninstall process or, worse still, a PC rebuild," Florian added.
Small companies with nine users or less are the quickest to deploy patches, with 45% deploying within 24 hours. Slowest to deploy are companies of between 250 and 500 users, with 63% taking up to a week to deploy known patches. The legal and construction sectors are the most conservative when deploying patches, with 71% of each vertical taking up to a week to deploy a patch. HR businesses are the most proactive, with 50% deploying in the first 24 hours, closely followed by financial services with 46% deploying inside a day.
The research revealed a clear shift within the financial services sector, which following the implementation of stringent compliance regulations such as Sarbanes-Oxley and Basel II, has moved from being cautious regarding IT change to being more open to deploying updates and critical patches as soon as possible in order to reduce the risk of data loss, theft or reduced oversight over financial activities.
The research was conducted anonymously using 256 UK-based business IT decision makers, selected from a cross section of vertical sectors and business sizes ranging from sole traders to organisations with 500 or more users. Respondents were independently selected by Opinion Matters. The sample was surveyed between April 27 and May 4 2011. A detailed summary of the research is available on request.
GFI Software provides web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions for small and medium-size businesses (SMBs) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMBs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner.