Why Patch Management Matters in the Private Cloud
Authored by: Himalay Oza, Director - Software
The allure of cloud services like Microsoft’s Azure or Amazon’s AWS is to minimize time and resources spent on infrastructure and to promote agility across the organization. And, while many financial institutions, rejected cloud early-on due to security concerns, most have embraced the technology realizing that a hybrid or private cloud/data center model can give them the infrastructure they are seeking while still allowing the security and data privacy required for certain data. Yet, even with a hybrid or private model, those organizations still have to undertake infrastructure maintenance activities such as capacity planning, patch management, procurement, decommissioning and other assessments, albeit over private cloud now.
The challenge then becomes how to adapt these processes to the hybrid environment. For example, would maintenance activities, established practices, processes, talent and knowledge base be the same on private cloud environment? What would my planners do? What would my patch execution team do? Let us try to answer some of these questions.
Patch Management in Traditional Data Centers
Patch Management is the business oversight of ‘patch’ information moving from a vendor to the company or vice versa. This can be any piece of software designed to update a computer program whether for security, bespoke customization or other. Therefore, ‘patches’ are incredibly important to the businesses security and operations.
Patch management requires a controlled environment in which to test patches, engaged application managers to test their integrity and plan a seamless rollout of new patches and engineers to conduct rigorous testing for exceptions and failures, communicate completion or changes, close the patching event and report.
These operations and technology requirements are generally well-defined in any financial institution, running in a traditional data center, but can often be overlooked with private cloud implementations. Firms should consider their traditional patch management process and how they will need to be re-architected in a private cloud environment.