IT Pros Facing Challenges Patching Software Holes

IT and security professionals face a tough time trying to keep up with software patches, at least according to a new study from security vendor eEye Security.

In a survey of almost 2,000 IT and security administrators by eEye, 60 percent said that a quarter of their Microsoft (News - Alert) applications are unpatched. Further, 40 percent of those polled said that anywhere from 25 percent to 100 percent of their applications have unpatched security holes.

Why do so many programs go unpatched? The respondents pointed to a number of factors. A lack of sufficient staff, no integrated patch management program, and the inability to patch remote devices were among the leading causes. Some also cited the inability to recognize zero-day vulnerabilities.

And though the people surveyed didn’t specifically point to this as a factor, the sheer number of supported applications can also affect the ability to keep them all properly protected. Among those questioned, 73 percent said that their organizations have deployed up to 100 different applications.

As always, it’s important to note that the company conducting the survey does have a vested interest in the results as eEye sells security management tools. But that doesn’t negate the message that IT pros do face real challenges and roadblocks trying to secure all the software in their environments. It’s a challenge that my former company faced when I worked in the IT department, as well.

Certainly, the number one goal should be a patch management program with clear procedures for testing and deploying new security patches as they’re made available from the vendors. After trying to deal with patches on a manual basis, my company eventually implemented a full patch management program, which helped immeasurably.

But I found it interesting that the study also cited the huge number of applications that IT admins are often required to support. This was a challenge that my former company faced as more and more software just proliferated throughout the user ranks until it all became unmanageable from the IT side.

At that point, the company was forced to make a decision to start restricting and standardizing on the number of supported applications. So, as a example, rather than support five different graphics editors, we would support only one or possibly two. Though many of the users weren’t happy about losing their favorites programs, over time this policy did help reduce the sheer number of applications that IT had to juggle.

Keeping your environment safe and secure sometimes requires making hard choices. But given the damage that even one severe security breach can cause, it’s important for IT and security admins to make this a priority.

To compile the report, eEye Security polled 1,963 IT security professionals across a variety of businesses, including government agencies. The company said it also looked at customer research and reports from analysts and other industry experts.