Previously “Never touch a running system” was a very common tradition/saying in IT administration. Once software is installed on a system, it will be never touched again as long as software does the job properly. Nowadays, this common tradition has changed.

Updating software does not only bring new features into the product, it may also contain patches or bug fixes for your appliance that are necessary and important. Besides fixing malfunctions in a software product, patches also close severe security holes in the appliance or change the way in which the affected appliance collaborates with 3rd party products.

Attacks on code are a real risk for small and medium sized companies, and as we have seen in the recent global Sony event we have learnt that any reasonable measures such as patching your system or updating your appliance is one important step to boost your IT defence protection or prevent cybercriminals from harming your company’s reputation.

Not keeping your IT system secure may bring about major downtimes, increased expenses in system maintenance and could negatively affect your business. It is obvious that patch management is an essential part of maintaining your IT infrastructure.

Do you have a strategy for your patch management?

No? A strategy for patch management is very important as entering patch management territory blind may harm your system infrastructure and also your business. There are different approaches you can take to add quality to your patch management strategy and I’ll be tackling one such approach.

  • Read Me

Before applying any updates or patches on software, it is essential to carefully read and understand the “Read Me” file. A “Read Me” file contains important pieces of information about the patch itself, and explains the main purpose for which the patch was built. Furthermore, it will list the relevant requirements for the installation procedure that must be fulfilled (before you decide to apply this patch on your system).

It is always recommended to do some research about the patch you wish to install on your system. Forums, knowledge base articles and search engines provide valuable information about the patch. A patch may solve the main issue, but it may also introduce new problems into your system. Users report problems they have experienced recently with the patch.

Get a first impression about the patch and consider the advice from experienced users that were given on the forum. If you have questions about the patch, then ask them on the forum.

  • Scheduling

There are thousands of patches available for software and since you will (obviously) not be able to apply all patches at once, try to classify the patches into different severity categories. Consider patches that are relevant for your system and try to prioritize the relevance of patches that you wish to install.

Never install a patch immediately into your productive environment. Always try to schedule a suitable time where you may install the patch without affecting your business and try to have sufficient time for a possible roll back, if something should go wrong.

Use the opportunity to test the patch in your test installation, because this will minimize the likelihood that something will go wrong into your productive environment. Testing prevents stress for IT administrators in critical situations.