How Device Patch Management Can Streamline Technology Updates

By: Fran Howarth| - Leave a comment


Software updates and patches are designed to fix vulnerabilities or provide new functionality that improves productivity. Ensuring all devices in an organization are updated in this way is essential protection against attackers who are looking to exploit an enterprise’s weak points — it’s also growing more difficult thanks to the proliferation of the bring-your-own-device (BYOD) movement.

To create strong security, organizations need comprehensive device patch management to effectively support their software and devices through necessary updates. It only takes one vulnerable device or machine to expose the organization to risk, but it may only take one patch to protect it.

Because some devices and software have been found to contain significant bugs and vulnerabilities themselves, these updates couldn’t be more important. For example, recent problems found with the Microsoft Windows 10 release caused certain devices to malfunction, causing users to face incompatibilities with antivirus products, increasing their risk as a result.

The Device Patch Management Process

Managing updates can be complicated for any business, especially as their networks expand to encompass an ever greater array of devices, operating systems and applications — and as organizations expand their mobility programs.

A patch management program needs to be comprehensive and include a number of components: patch management and download, patch testing, patch approval, patch deployment, patch verification and compliance management. These components ensure that a patch or update doesn’t put the organization out of compliance with configuration baselines.

Every organization should make one person — or a team, in a large organization — responsible for staying current regarding available updates and security issues that could impact the business. To be most effective, it’s useful to have a comprehensive asset management program in place so the team can ensure all devices and applications are accounted for.

When Employee Devices Warrant a Patch

Determining when to patch and upgrade can be based upon patch or upgrade availability, or even on a time system such as having a quarterly update cycle. The first is preferred for critical updates such as security patches, while the latter has the advantage that any bugs contained in the initial release will have been ironed out.

Whichever is chosen for a particular upgrade, it’s wise to weigh it against a requirements profile — which enterprises typically create when evaluating new software, according to CIO. This allows the company to consider its potential for new security vulnerabilities and the impact it can have on the organization’s core needs (and its users, who may need time to learn an unfamiliar version of an application). Luckily, vendors often provide indications of the criticality of the patches and updates they release in order to help teams decide when to implement them.

Once a patch or update has been acquired, testing is essential and should be continued through to acceptance testing after it has been deployed. It should be verified to ensure that it is valid, and then placed in a test environment where possible — one that closely mirrors the environment in which it will eventually be implemented.

For organizations that allow BYOD, information should be sent to users regarding major upgrades and updates when they become available. Where an update is considered critical, it’s a good idea to offer users a company “cheat sheet” when rectifying less serious fixes. This may include identifying the URL to connect to the application, how to report a problem, requirements for using the application (such as supported browsers and operating systems) and how to access online support documentation.

If there aren’t enough resources in the enterprise to manage the process, there are technologies that can help automate device patch management to ensure it runs smoothly. And although some fixes can be buggy when first released, updates should be made as soon as possible, especially if those problems have been fixed in the latest version.

Topics: , ,


About The Author

Fran Howarth

Freelance Writer

Fran Howarth is an industry analyst and writer specializing in cybersecurity. She has worked within the security technology sector for more than 25 years in an advisory capacity as an analyst, consultant and writer. Fran focuses on the business needs for security technologies, with a focus on emerging technology sectors. Current areas of focus include cloud security, data security, identity and access management, network and endpoint security, security intelligence and analytics and security governance and regulations. Fran can be reached at

Articles by Fran Howarth
See All Posts