Web Server Patch Management - Free Paper Sample

Introduction

In a time of escalated cybersecurity threats, the management of a computer network is crucial. Any errors that arise or obsolete systems must be corrected to ensure that the system is safe from hacks and external attacks. One of the ways to continuously expedite system security is through the patch management process (Gerace & Cavusoglu, 2011). The process involves a distributed application of updates to the software. Other than making all the changes at the same time, the process allows for partial changes from time to time, just ensuring the system is up to date and foolproof. The process must be well strategized and planned to be a successful one. Medium-sized companies have become fond of using web-apps to make sales. This is especially common with e-commerce businesses that sell on the web or mobile applications.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Components of a web application include an operating system, web browser, web application server, and database server (Gerace & Cavusoglu, 2011). The components of the system must interact effectively to ensure that their intended functions are well expedited. The following diagram shows the interaction between the different components and users of the application.

Patch Management Process

The patch management process can be taken step-wise to ensure that the organization is always up to date with its software and web applications. According to Odilinye et al. (2017), the steps could be as follows:

• Assess and check the application environment
• Discover new patches
• Test, validate and plan the deployment of the corrective measures

Deploy the Approved Patches

If the organization follows the above processes cyclically, it will ensure that there is always an evaluation and fixation of the application to keep it safe. The frequency of assessment must be predetermined to ensure that any vulnerability is sealed at the right time. Every month, the first step would be taken, which would determine whether to proceed to the next step or not.

When undertaking the patch processes, it is vital to ensure that the system is not in peak use. Disruption of the normal flow of activities is usually a costly affair, and hence the business should target times when it’s not very busy (Odilinye et al., 2017). For instance, a path on the consumer end could be worked upon in late night hours, say between midnight and 6am. If the patch was at the end of the administration, it could be done on weekends when the system is not very busy. Timing is paramount and must cause the least amount of disruption possible (Gerace & Cavusoglu, 2011). The system administrators must check times when traffic into the system is low and make use of that time. It is also fundamental to inform users about planned downtime, such that they can plan well about their use of the system.

At the organization, the head of technology should ensure leadership in the execution of patch processes. The organization’s human resource should include in the job description of the head of technology the duty to check availability and approve the deployment of patches as may be necessary from time to time. It should also be the duty of the same individual to inform users about downtown through different means. It could be posted on the platform that scheduled maintenance shall disrupt the normal flow of services on the system. Further, the communication should also be made through their cellphones and email addresses. Where the organization has the resources, it could also be announced on mainstream media about downtime. Social media is also a powerful tool to communicate about such disruptions.

Sometimes, patches may not work as fast and as effective as they were intended. Therefore, an implementation should not happen in full until there is enough proof and justification that the system is functional. This could involve pre-testing on the backend, and then deploying the patches bit by bit. The original system should also be left intact, such that any backfiring of the new patch may see a reversal to the original functioning system (Hayhurst, 2019). A complete overhaul is never advised without certainty that the introduction of the new patches shall work fluently without disrupting the system (Hayhurst, 2019). The information technology team at the organization should babysit the patches until they can function fully.

Conclusion

Thus, patches are recommended to occur as a matter of urgency because of the risk involved if they are not adopted. In such instances, some protocols have to be broken, and the business may opt to interrupt the activity flow to salvage the situation. The process may be affected such that the process jumps from the identification of patches to their deployment. Such could happen if a recommendation came from the software supplier and with a genuine reason of a high-level risk with possibilities of immense impact on the business. The persons entrusted with the process would need to act outside the usual scope of the process to keep the organization’s network in good shape.

References

Gerace, T., & Cavusoglu, H. (2011). The critical elements of the patch management process. Communications Of The ACM, 52(8), 117-121.
https://doi.org/10.1145/1536616.1536646

Hayhurst, C. (2019). Getting Smarter: the promise and potential of artificial intelligence in healthcare. Biomedical Instrumentation & Technology, 53(2), 92-101.
https://doi.org/10.2345/0899-8205-52.2.92

Odilinye, L., Butakov, S., & Aghili, S. (2017). Audit plan for patch management of enterprise applications. IT Convergence And Security 2017, 168-175.
https://doi.org/10.1007/978-981-10-6454-8_22.