Human Factors Can’t be Skipped in Automated Patch Management
If you’ve been losing sleep over the pros and cons of automated patch management, you’re not alone. And you probably know that as essential as automated software tools have proven to be in deploying patches across entire systems, a thorough patch management process calls for a system – including all apps running on it – to be tested for full functionality after automated patching is complete.
Don’t expect automation to have the observational and technical skills needed to perform this testing.
By the same token, don’t expect automation to design and create a patch management process that meets the needs of your business while – and this is important – conforming to the standards of ITIL, the authoritative Internet Technologies Infrastructure Library, whose best practices have been instrumental in aligning IT to the needs of business.
Even within the ITIL framework, automated patch management is only as effective as the expertise of the technicians who deploy it. Which is why, whether entrusting your applications and data to your own IT department or to a cloud provider, you want to make sure that skilled and experienced, flesh-and-blood technicians perform this role.
Ideally, your IT staff or your service provider uses quality automated software to install patches, rigorous human supervision to monitor them, and a thorough post-patch test process to ensure security. With these operations in place, you can outsource your data with confidence in its safety. The full process, as performed at Chi Networks, can best be described in four stages.
The Four Stages of the Chi Networks Patch Management Process
|Design. Using internal or external customer input, IT engineers design a patch management process that conforms with the five ITIL management processes of:
|Deployment. Technicians then deploy this customized process by installing two kinds of patches: scheduled (normal or routine) patches and zero-day vulnerability patches.
Scheduled patches for entire systems are usually deployed monthly or, as is often requested by Linux server customers, less frequently. They are scheduled at a customer’s convenience, minimizing system downtime, with a reminder the day before.
Zero-day vulnerability patches are performed on an urgent, ad-hoc basis, for they are carried out in response to vulnerabilities that have just been discovered by the Internet security community. IT staff and cloud providers should not only closely monitor a variety of security sources for announcements of these vulnerabilities, but are obligated to instantly notify their customers to these threats and ideally, patch them the same day.
|Testing. After scheduled and zero-day vulnerability patches have been completed, technicians should manually test the customer’s entire system on the basis of all the operating details and business applications on hand. In practice, few actually take the trouble. Particularly with complex systems, this can be an extensive undertaking.|
|Reporting. Finally, you, the customer, should be notified in writing when all patches have been completed and are closed out. An accumulating record of these notifications should be maintained in an always-accessible portal.|
There you have it: an automated and hands-on patch management process that’s designed, overseen and completed by trained, intelligent humans. At Chi Networks our cloud customers sleep well, knowing that these processes and hands are at work.