Security Watch

16 Patches: So, Are We Losing The Security Battle?

Almost 50 vulnerabilities addressed in one month.

What?

Sixteen patches.

Huh?

That was the symbolic reaction of many Windows security observers when Redmond dropped its advanced bulletin on our heads last Thursday.

It's a heavy burden for just this month. But what does it mean in the aggregate for patch management and in the long term for security? When all is said and done, 2010 will be remembered as a banner year for bulky patch releases, a year that will also illustrate the growing conundrum among some of the world's largest enterprise IT and software companies including Microsoft, Oracle and Adobe. It's a conundrum that really begins with several key questions major tech companies should be -- or actually are -- asking themselves:

  • How fast can we patch any given vulnerability?
  • Are we losing the battle to patch products and systems quicker than exploits can be spawned?
  • Should we roll out more pervasive patches?
  • And if we need to patch more, should we increase our frequency?

And here's the biggest question of all: "Will IT administrators using our products and services have any hair or patience left as the security situation locally, nationally and globally becomes more relevant -- or worse -- more perilous?"

Microsoft, Oracle, Adobe: Triple Whammy
IT security administrators will already have a busy week with Microsoft's patch releases, but admins who also run Oracle and Adobe systems will be buried. Following a big security update from Adobe comes news that a secret meeting occurred on merger talks between Redmond and Adobe systems. Aside from the obvious product synergies, Microsoft has also had to bear the some of the brunt of Adobe's security problems.

Against that backdrop: Microsoft's patches and a jaw-dropping 81-vulnerability patch from that other business software giant, Oracle.

Indeed, "Super Tuesday" no longer applies to elections.

Survey: IT Audits Reveal 'Significant' Security Problems
A survey of about 350 IT managers and network administrators conducted in the middle of last month found 45 percent of respondents said they've had an outside organization conduct a formal security audit at least once a year.

VanDyke Software commissioned Amplitude Research to conduct The Sixth Annual Enterprise IT Security Survey. Comparatively, a survey from the same period in 2009 shows 35 percent had reported conducting such an audit at least once a year. That means audits are growing, which could be seen as a good thing.

But there's always a flip side. That flipside is that more than half, 56 percent, expressed that the audits resulted in identification of significant security problems. Still, it's better to know than live in ignorance.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • OneDrive Users To Get Storage Options, Plus New Personal Vault

    Microsoft announced a few OneDrive enhancements, including storage-option additions, plus a new "Personal Vault" feature for added security assurance.

  • Cloud Services Starting To Overtake On-Prem Database Management Systems

    Database management system (DBMS) growth is happening more on the cloud services side than on the traditional "on-premises" side, according to a report by Gartner Inc.

  • How To Replace an Aging Domain Controller

    If the hardware behind your domain controllers has become outdated, here's a step-by-step guide to performing a hardware refresh.

  • Azure Backup for SQL Server 2008 Available at Preview Stage

    Microsoft added the option of using the Azure Backup service to provide recovery support for SQL Server 2008 and SQL Server 2008 R2 when those workloads are hosted on Azure virtual machines.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.