Mobile // Mobile Applications
Commentary
12/12/2010
09:59 PM
Dave Methvin
Dave Methvin
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Will You Patch This Tuesday?

The Microsoft security sleigh will be laden with patches this coming Tuesday, a bag full of 17 bulletins patching 40 different vulnerabilities in Windows and Office products. With this being a hectic time of the year for many companies, it can bring up some tough choices. What is your company's policy for applying these patches in December?

The Microsoft security sleigh will be laden with patches this coming Tuesday, a bag full of 17 bulletins patching 40 different vulnerabilities in Windows and Office products. With this being a hectic time of the year for many companies, it can bring up some tough choices. What is your company's policy for applying these patches in December?There are some pretty serious issues fixed by this batch of patches. Putting off this December batch for a month may not be such a good idea, certainly on desktop PCs. Many companies have a skeleton crew in place over the holidays, so this might be the perfect time for bad guys to stage an outbreak based on one of the patched exploits. And, whether company policy allows it or not, employees may be browsing to recreational and non-business sites while so many of their co-workers have taken time off. Those are the kind of sites that may mean trouble.

On the other hand, if your company has significant holiday-driven traffic, for example e-commerce on on web servers, security risks need to be weighed against the risks of downtime or other problems when updating those servers. It's often easier to control server environments or mitigate the risks of these exploits via firewalls and other security measures.

A few years back, I worked with a company that put their public-facing web servers into lockdown starting in mid-November. Their concern was that any configuration changes past that date might endanger their post-Thanksgiving traffic and holiday sales, which made up almost half of their annual sales. Nobody wanted to apply a patch that brought down any of their servers for any amount of time.

Given all the variables and risks, I'm wondering what policy your company has for managing these upcoming patches -- and whether you think it's reasonable.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.