Posted by Mike Boyle, TCC Director of Business Development
Keeping up to date with information assurance vulnerability notifications that address needed patching or updates at the OS and application layer is a critical component in thwarting bad actors looking to do harm to the enterprise.
So, what patch levels are your servers on? Many companies prefer to stay at the second latest revision or “N – 1” so they can avoid the headaches of implementing patches that are not completely error free. Sometimes, this is perfectly acceptable for ensuring that your production systems are online without production outages. Do you have a Development environment that allows you to test the patches? Even more importantly do you have time and resources to review the patches, read notes, and determine if they will impact productions systems affecting the business? Unfortunately, the answer is usually no.
Ensuring servers and applications are patched and reducing the security vulnerability footprint is becoming more and more critical as is the ability to show the organization that you are at the correct revision\patch levels. Imagine if all your contacts, customers and vendors, your critical business applications and all business data, were suddenly gone or locked by ransomware.
Utilizing a standard patching cycle is a good first step in ensuring your organization understands the importance of patching and security updates. Do you utilize something like Amazon EC2 Systems Manager? Guaranteeing you have a scheduled timeline, deployment system and reporting system reduces the potential attack vector, minimizes deployment time and alleviates manual reporting to the organization.
Ensuring that your systems are protected is a top priority, and providing guidance to your end users is crucial. Inadvertently clicking on a link that introduces malware into your system is a real possibility if your employees are not informed about potential threats.
For more information on TCC’s IT Managed Services and our AWS expertise, please visit our website http://www.e-tcc.com/managed-services or contact Mike.Boyle@e-tcc.com.