IT organizations understand the importance of applying current security updates, or “patches”, to the operating systems and software applications running in their environment. However, many are reluctant to do so for fear of “breaking” their systems and causing outages.
And, for good reason—these fears are very well-founded. Most IT professionals have had first-hand experience dealing with the aftermath of a failed patch attempt.
A patch is applied only to leave systems in a downed state, requiring an emergency intervention, often in the middle of the night.
How do patches cause outages?
- Flawed patches. Ironically, an update designed to fix a flaw can itself contain flaws. For this reason, many take a “wait and see” attitude and delay applying patches indefinitely.
- Reboot issues. Applying a patch often involves rebooting systems. These can hang or restart out of order.
- Application incompatibilities. Even patches that have been found to be generally stable can be incompatible with specific applications and environments.
- Deployment failures. As with the loading of any software, patch installations can fail during the deployment process.
Bottom Line: Security updates are configuration changes, the most common root cause of system failures. Therefore, a robust patch management process must anticipate and mitigate the causes of failures associated with patching.