No kid likes to keep their room clean. Without supervision, soda and food will begin to pile up and before you know it you’re on the phone with the exterminator lying through your teeth as you say, “I don’t know how these bugs got in here!”
The same applies to the most mundane of security tasks: keeping systems fully patched on a regular basis. And just as bugs can do real damage to a house if not prevented, keeping unpatched systems in your network can expose your entire organization to real risk.
Beyond the hyped headlines of “data theft” and “state-sponsored cyber-crime” though, the most likely risk is ordinary data loss, corruption or systems not performing as they should. If a computer isn’t allowing a user to check their email because a patch wasn’t applied, it is cold comfort to a user that they “haven’t been compromised by a criminal”. They merely want their email to work.
That’s why the security triangle has always been confidentiality, integrity and availability. Most of the focus (and media attention) focuses on the confidential aspect of security, but keeping data from becoming corrupt, or becoming inaccessible, is equally important. Here at New Signature, we want to focus on all aspects of security risks, not just one.
If patching is so critical to all three areas, why do so many organizations do such a poor job of it? One answer is that in the past, many systems for patching workstations and servers were difficult to manage and hard to understand.
There are three separate layers of patches that tend to be applied to the average workstation. The first are operating system patches that affect performance and a user’s ability to perform work. Security flaws in these patches are critical to get patched immediately. Operating systems like Windows 7 certainly are more secure than Windows XP, Vista or Mac OS X, but even 7 receives regular patches that need to be applied. The second level of patches we normally see are for commonly used applications such as Microsoft Word or Outlook. These too receive regular patches and tend to be the most targetted for security holes. If a problem in Internet Explorer can be used to target the underlying operating system, it’s imperative to keep both patched, in real-time. The final level of patches are for 3rd party applications, such as Adobe Flash or Acrobat. These tend to be the most difficult, as centralized patching solutions are expensive to setup, but are still incredibly important to update. Flash and Acrobat regularly receive patches, and even being one version behind can result in increased risk.
New Signature has been working with setting up automated patch systems with clients for years. Give us a call today to let us perform a security audit of your existing environment, to see if our solution could greatly lower the risk in your office.