![Reasons for the IT person who thinks the "update button" is a "button to ruin everything": six reasons for patch application [3rd]](https://website-google-hk.oss-cn-hongkong.aliyuncs.com/drawing/article_results_9/2022/3/24/eb5683bada6c38a212950ec0a8d3b98c_0.jpeg)
Reasons for the IT person who thinks the "update button" is a "button to ruin everything": six reasons for patch application [3rd]
When a company applies a patch that needs a server restart, the application that operates in the production environment stops and confuses the end users.Unexpected compatibility issues due to patching may cause confusion into mission -critical systems.
In some cases, version control, testing, and quality assurance checks may delay patch application."Companies cannot apply all the available patches," said Doug Cahill, a senior analyst at TechTarget's subordinate research company, Enterprise Strategy Group.
Video Distribution Service HBO MAX's highest information security officer (CISO) Brian Rosada has adopted a "risk -based security strategy" to determine when and how to apply patches.Specifically, Rosada's team determines a certain vulnerability correction priority based on business risks.If the priority is considered to be high, we will then examine which light -reducing measures are strategically the most reasonable."Patching may have a greater disadvantage than the advantages. It does not always work, and it can cause more problems than solving problems. Applying properly requires a lot of effort."He)
If Rosada's team decides that patches must be applied, the security and IT will cooperate to test and reduce compatibility issues.The process must change the work speed in accordance with the imminent risk of Exploit (attack code) and the potential impact on the business of patching.Rosada advises that the decision on these tasks is that "the technical department and the security department should jointly implement it."
Since the current IT system is large and complicated, some companies do not know the latest inventory (list of owned assets) or the whole picture on assets such as applications and endpoints.The IT product "Shadow IT", which employees use without the approval of the IT department, further confuse the problem."If you don't know what your company has, you don't know if it's vulnerable or if you need to apply a patch," says Cahill.
Peter regards patch applications as technical issues and business issues.He stated, "There is no good way for the IT department to apply patches to the server who did not know the existence, and there are some specific reasons that have a system that has not applied patches for years.I will list it.
Eric Nielsen, a senior DevOps engineer of Technical Training Company Infosec Institute, has the same opinion.Nielsen once worked for a company that does not know his system.The company was inevitable due to the inadequate management of a crisis."It was like a shambles," he recalls.
We will carefully select the latest technical explanations, products comparison in the focusing fields, and IT products introduction of IT products from overseas companies from abundant articles in TechnoRget in the United States.