Essay on Issues and Concerns With Patch Management
Number of words: 927
Introduction
Upgrading operating systems regularly is one of the effective ways an organization can fight against cyber-attacks; however, many institutions are continuously finding it difficult to effectively carry out a patch management process (Dissanayake et al., 2020). Different studies have shown that a more significant percentage of companies have attributed that their breaches in the organization arise as a result of the vulnerability of the operating systems not being parched. Additionally, another portion of the companies was unaware that the operating systems were at risk of attack. The idea of patching has been around for an extended period, and individuals think that the issue has been solved or feel that it is solved. However, the problem still exists as there are many security breaches and cyber-attacks on many major companies.
Arising Issues and Concerns
Patching and checking upgrades for risk management is continuously a challenging activity for the Information Technology team in the company, mainly because it takes up only a minor task in the daily routine of the tiny IT staff (Lee & Kim, 2017). In ideal situations, organizations tend to update their policies, including security management strategies and goals, in a couple of years due to their actionable achievements to ensure business continuity. It is important to note that small and medium business enterprises regularly perform better in patching up their operating systems than large, more complex organizations. In recent months due to the coronavirus pandemic, organizations have been forced to adopt remote working arrangements to track and update the systems regularly, and it has even become more complex and tiresome.
The issues and concerns arising from patch management that make it a complicated process for companies include; having a team that is not connected effectively leads to a significant challenge since maintaining the operating systems up-to-date requires cooperating with several staff members (Dissanayake et al., 2020). It has been noted that in order to check on vulnerabilities in an operating system, the security and operations team need to come together to identify and fix them.
The patching team under Information Technology needs to consult with upper management to ascertain which systems should be patched. After the patch is done, the IT and security teams need to connect a second time to ensure that the risk has been mitigated and no such incident is bound to occur. This back and forth between the teams is time-consuming and taxing, resulting in disconnection (Anand et al., 2020). Another primary concern with patch management is when companies manage their assets and try to be at the top of patches. They do not have a complete understanding of their operating systems. This issue has only continued to get even more complicated with the prevailing Covid-19 pandemic as companies are forced to work remotely. The organization can have a complete picture of their assets but do not necessarily have the same vulnerability the assets contain (Lee & Kim, 2017). Due to their complex structure, large companies do not have tools that entirely understand the exposure they may face. They lack configuration and risk management measures needed to maintain operating systems patched.
The most successful cyber-attacks tend to use well-established vulnerabilities that have undergone the process of patch management by the IT staff. Large organizations tend to have an overload of vulnerabilities that information technology and security team do not have the planned insight of which poses the most risk to the enterprise leading to the risk management becoming a probability game on which vulnerability should be prioritized (Dissanayake et al., 2020). The other issue that concerns patch management is when the company does not have policies, procedures, and measures required to patch the operating systems in these organizations. A large business enterprise comprises several assets that range from mobile devices to desktops and laptops to servers, and each of these assets does require their particular measure for patching (Lee & Kim, 2017). For a business enterprise to have the needed tools for patching, buy-ins and assistance from upper management are required. The upper management should understand that keeping the operating systems updated is essential in maintaining the safety of the technological environment (Anand et al., 2020). When there is no support from upper management, the IT and security teams have difficulty acquiring the tools required to accomplish the needed activity. They also have a problem in enforcing patching policies as are necessary for maintaining the operating systems.
Conclusion
While patch management is considered a significant limitation to a more effective cyber security risk management, adopting a repetitive measure through the patch management process greatly reduces the time spent performing vulnerability evaluation. Companies need to be fully aware of the internal and external variables that can be misused to allow breaches. Therefore, patch management processes need to evolve to continuously cater to the growing market and the ever-changing advancement in technology. This will eventually push many business enterprises towards a more informed cyber security tactic.
References
Anand, A., Bhatt, N., & Aggrawal, D. (2020). Modeling software patch management based on vulnerabilities discovered. International Journal of Reliability, Quality and Safety Engineering, 27(02), 2040003.
Dissanayake, N., Jayatilaka, A., Zahedi, M., & Babar, M. A. (2020). Software security patch management—a systematic literature review of challenges, approaches, tools and practices. ArXiv Preprint ArXiv:2012.00544.
Lee, J.-H., & Kim, H. (2017). Security and privacy challenges in the internet of things [security and privacy matters]. IEEE Consumer Electronics Magazine, 6(3), 134–136.