Effective Patch Management

There is no doubt that patch management is crucial for any IT services / product based company no matter what size they are. It is just a matter of updating the patches on all servers and workstations in the company’s network to minimize your business exposure to the unexpected threats.

As the time between the inventory of OS or application vulnerability and the emergence of an exploit is decreasing, several patch production systems are constantly being released in the market. This mandates every organization to keep updated with the continual release of new patches.

Patch Management Process

An effective patch management process includes several phases based on the organizational structure, size or established procedures. The basic process of a patch management consists of four phases:

 Effective Patch Management

Image Source: http://tutorial.programming4.us

Assessment Phase

The process starts with an assessment of vulnerabilities and security threats that you might face and also whether your organization will be able to respond to new software updates. As the assessment phase is ongoing just like the entire patch management process, you always need to know how to protect your computing assets and how to ensure that the software distribution architecture will support patch management.

This includes:

  • Assess operational effectiveness
  • Assess security threats and vulnerabilities
  • Inventory of existing computing assets
  • Assess the existing software distribution infrastructure
  • Determine the best source of information regarding new software updates

Identification Phase

Identification phase refers to the invention of new software updates and to determine whether those new updates are relevant to your production environment. In addition, you should also determine whether the update requires an emergency deployment or a normal process.

Identifying when new patches are released is imperative to rev up the patching engines. Therefore, to receive email alerts on new patch releases, you need to sign up at some resources such as http://www.microsoft.com/technet/security/bulletin/notify.mspx. There are also other resources that provide notifications about new patches.

Once you receive notification, review the Microsoft Security Bulletin associated with the patch, which helps to understand that whether the patch will be suitable to your environment and how you can classify the patch for deployment. If the patch is suitable to your organization, download the source files and start testing the patch. Prior to testing, verify that the files will install and uninstall correctly, as mentioned in the security bulletin.

Evaluation and Planning Phase

Evaluation phase represents the importance of releasing a patch. Some patches may suit only to a small area of your computing environment and some patches may affect your entire organization, which should be deployed with the utmost speed. Based on the organizational needs, patch classifications and related deployment timeframes may vary.

The evaluation and planning phase majorly includes:

  • Make a go/no-go decision to deploy the software update
  • Determine the essentials to deploy the update
  • Test the software update to identify whether it compromises business-critical systems and applications 

The testing procedure depends on the type of classification you give such as critical, high, medium or low. Thus, you should test the package in your lab environment (either real or virtual) and then conduct a pilot test in the production environment while confirming that it does not ruin your business applications.

Deployment Phase

Once you have approved the patch update after the testing procedure, then it is ready to deploy across your production environment. Initially, you need to inform everyone in your defined communication channel, which consists of the representatives from various areas of your company that the patch is pending deployment. Now, you need to deploy the patch using your technology of choice while monitoring and reporting on the progress of deployment and handling failed deployments. If the deployment is unsuccessful, then you must stop the rollout, uninstall failed updates and redeploy them. Finally, gather your deployment statistics and update your baseline to prepare for the next assessment phase.

Every company has its own set of challenges and hurdles to surpass. As part of its Infrastructure Management services, Vmoksha helps customers choose the right technology for their environment and modifies the patching policies that meet their specific needs.

About Tejaswi

Sree Tejaswi is a passionate blogger, who loves reading books and enjoys traveling around the world. She adores writing fun and informative articles on technology as well as health updates.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>