The Microsoft security sleigh will be laden with patches this coming Tuesday, a bag full of 17 bulletins patching 40 different vulnerabilities in Windows and Office products. With this being a hectic time of the year for many companies, it can bring up some tough choices. What is your company's policy for applying these patches in December?
The Microsoft security sleigh will be laden with patches this coming Tuesday, a bag full of 17 bulletins patching 40 different vulnerabilities in Windows and Office products. With this being a hectic time of the year for many companies, it can bring up some tough choices. What is your company's policy for applying these patches in December?There are some pretty serious issues fixed by this batch of patches. Putting off this December batch for a month may not be such a good idea, certainly on desktop PCs. Many companies have a skeleton crew in place over the holidays, so this might be the perfect time for bad guys to stage an outbreak based on one of the patched exploits. And, whether company policy allows it or not, employees may be browsing to recreational and non-business sites while so many of their co-workers have taken time off. Those are the kind of sites that may mean trouble.
On the other hand, if your company has significant holiday-driven traffic, for example e-commerce on on web servers, security risks need to be weighed against the risks of downtime or other problems when updating those servers. It's often easier to control server environments or mitigate the risks of these exploits via firewalls and other security measures.
A few years back, I worked with a company that put their public-facing web servers into lockdown starting in mid-November. Their concern was that any configuration changes past that date might endanger their post-Thanksgiving traffic and holiday sales, which made up almost half of their annual sales. Nobody wanted to apply a patch that brought down any of their servers for any amount of time.
Given all the variables and risks, I'm wondering what policy your company has for managing these upcoming patches -- and whether you think it's reasonable.
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Top IT Trends to Watch in Financial ServicesIT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Join us for a roundup of the top stories on InformationWeek.com for the week of October 9, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."