Software patching: Are you guilty of corporate stupidity? (Viewpoint).ROI (Return On Investment) The monetary benefits derived from having spent money on developing or revising a system. In the IT world, there are more ways to compute ROI than Carter has liver pills (and for those of you who never heard of that expression, it means a lot). (return on investment) is a key concept in IT spending today. The board is much more likely to spend money on IT, if ROI can be demonstrated in a reasonable period of time. It's a very sensible, sound business idea. Yet, many companies are actually practising what could be called negative ROI - they choose IT products which cost them more money the longer they have them. In the current business environment, this could be described as corporate stupidity. I'm talking I'm Talking was a 1980s Australian funk-pop rock band, noted for launching vocalist Kate Ceberano. History After the break-up of the Melbourne-based experimental funk band Essendon Airport in 1983, members Robert Goodge (guitar), Ian Cox (saxophone) and Barbara Hogarth about the vexed question VEXED QUESTION, vexata quaestio. A question or point of law often discussed or agitated, but not determined nor settled. of security patches. Using software which requires frequent patching, due to security problems, means you're pouring money down the a drain. It creates a situation in business akin to anarchy. What's more, it's a situation which is totally unnecessary because there are solutions to the problem. When a security patch alert is issued you have two options. You can stop whatever it is that you are doing, no matter how important or crucial, and you can spend the day (or next several days) applying patches to servers. Or you can decide that what you had intended to do, before you knew about the patch, is vital and cannot be postponed. You then hope nothing will happen. Other factors come into play as well. Installing patches is boringly repetitive and an uninspiring uninspiring Adjective not likely to make people interested or excited Adj. 1. uninspiring - depressing to the spirit; "a villa of uninspiring design" inspiring - stimulating or exalting to the spirit chore, which usually requires expensive, skilled technical staff (probably in short supply) to carry it out. Servers often have to be brought down, so the natural tendency is to postpone patching. The thinking may be to wait until the next patch in required and install both of them together. When you postpone patching, as many people do, you are accepting insecurity as a way of life. This is a situation that hackers want and expect. They know people delay patching, so when a security problem is announced, they target it - knowing it's unlikely to be fixed immediately. A clear example of this situation happened with the SQL SQL in full Structured Query Language. Computer programming language used for retrieving records or parts of records in databases and performing various calculations before displaying the results. Slammer A worm that caused a billion dollars worth of damage on the Internet on January 25, 2003. Slammer infected computers all over the Internet by generating random IP addresses and causing the computer's buffer to overflow with its own instructions that replicate itself and start the process worm, which affected an estimated 35% of the world's SQL servers by exploiting a security risk in SQL Server 2000. A fix for this problem was actually issued in July 2002! On the other hand, if you do take the route of fixing patches immediately, where does that leave the IT department . When skilled staff are engaged in firefighting, commitments given to deliver in other areas go out of the window, leaving the IT department's reputation in tatters tat·ter 1 n. 1. A torn and hanging piece of cloth; a shred. 2. tatters Torn and ragged clothing; rags. tr. & intr.v. . Instead of being driven by business need, the IT department (and by consequence the company) is driven by problems with software they may have bought years earlier, and by the actions of hackers. As for strategic planning Strategic planning is an organization's process of defining its strategy, or direction, and making decisions on allocating its resources to pursue this strategy, including its capital and people. and management - they don't even get a look in. It's no longer a question of 'What can the business deliver today?' It's a question of 'If we don't install these patches and something happens, we could be in serious trouble and someone might lose their job.' The financial implications of patching are considerable. Skilled IT staff are scarce and valuable, so employing them to firefight fire·fight n. An exchange of gunfire, as between infantry units. is a waste of money. In larger companies, the task of applying patches to multiple servers could keep someone occupied full time (if anyone wanted the job!). Then there are the costs of being unable to follow through on business plans because of delays from the IT department; and of having systems out of action while servers are being fixed. There are solutions to the problem of security patching. Firstly, choose software such as the Zeus Web Server Zeus Web Server is a high-performance web server for Unix and Unix-like platforms. It is developed by Zeus Technology, a software company in Cambridge, England. The original authors and company founders were University of Cambridge graduates Damian Reeves and Adam Twiss. which is more secure and has minimal need for patches. And also be aware that there are often significant ongoing costs associated with so-called 'free' software. Free can mean cheap to begin with, but much more expensive in the long run, Figures recently released by Zeus Technology, illustrate the problem. They show a huge difference in the annual cost of applying security patches to the three leading web servers - Microsoft IIS, Apach e and Zeus. Zeus estimates that in 2002, it cost Microsoft US users around GBP GBP In currencies, this is the abbreviation for the British Pound. Notes: The currency market, also known as the Foreign Exchange market, is the largest financial market in the world, with a daily average volume of over US $1 trillion. 30,000 annually to apply security patches to 10 servers, it cost Apache users around GBP7,000 and Zeus users around GBP 120. For larger organisations with 100 servers, it cost IIS (Internet Information Services) Microsoft's Web server. IIS runs under the server versions of Windows, adding HTTP server capability to the Windows operating system. users around GBP3 12,000, Apache users around GBP60,000 and Zeus users around GBP 1200. Although Zeus is the only web server of the three which is specifically paid for(Apache is free and Microsoft IIS comes with the NT operating system), the low maintenance costs shown by these figures mean Zeus achieves payback within months. It is then very significantly cheaper to maintain than the other two leading web servers. Security. Sales of integrated security appliances have risen recently as organisations have recognised the case of their deployment, even at remote sites where technical skills can be scarce. Conclusion Given the availability of options, as well as the increasing costs and risks involved with security patch deployment, it's hard to understand why some people will continue to waste time, effort and money on patching. Increasingly, the great majority will switch to secure web servers or security appliances. This will give them not only increased security, but also what everyone is looking for Looking for In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with. - positive ROI. www.wickhill.com |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion