Another Brick from the Wall - Leadership thoughts
Jericho Forum
Subscribe to this blog
About Author
The Jericho Forum is an international group of organisations working together to define and promote the solutions surrounding the issue of de-perimeterisation. Members include top IT security officers from multi-national Fortune 500s & entrepreneurial user companies, major security vendors, government, & academics. Working together, members drive approaches and standards for a secure, collaborative online business world.
Contact Author
Email JerichoPatches, patches, everywhere...
But not much security in sight.
Published 15:10, 13 October 10
So Tuesday was a mega-patch day, we had both Microsoft and Oracle with their biggest ever patch offerings.
The good news is they are at least they are sending out patches.The less positive news is how long it will take organisations to install them, including those organisations that run systems and applications as a service.
Successful collaboration in the cloud depends upon, among other things, information assurance. Information assurance is the ability of an organisation to manage risk to the governance, compliance, confidentiality, integrity and availability of its information. One key piece of this is configuration and patch management, with timeliness of deployment being the critical metric.
If you use an {X}-as-a-Service and you haven’t already asked, then ask the service provider about their patch management process and how long it will take for the systems to be brought up to date.
A great deal of ‘noise’ is made around the patches released by household software brands, but what about the others with a lower profile? What about Open Source packages? Security is only as strong as the weakest link, in this case the unpatched vulnerability which has become known to all.
By Guy Bunker, Jericho Forum board member
The good news is they are at least they are sending out patches.The less positive news is how long it will take organisations to install them, including those organisations that run systems and applications as a service.
Successful collaboration in the cloud depends upon, among other things, information assurance. Information assurance is the ability of an organisation to manage risk to the governance, compliance, confidentiality, integrity and availability of its information. One key piece of this is configuration and patch management, with timeliness of deployment being the critical metric.
If you use an {X}-as-a-Service and you haven’t already asked, then ask the service provider about their patch management process and how long it will take for the systems to be brought up to date.
A great deal of ‘noise’ is made around the patches released by household software brands, but what about the others with a lower profile? What about Open Source packages? Security is only as strong as the weakest link, in this case the unpatched vulnerability which has become known to all.
By Guy Bunker, Jericho Forum board member
Print
Email
