There is a lot of attention being paid to continuously updating servers to patch security vulnerabilities on Linux servers running in data centers – a basic step underpinning technology infrastructure in every industry. Yet, staff resources to deal with maintaining servers are not sufficient to meet the workload, said 55% of respondents in a worldwide survey by CloudLinux.
Dealing with insufficient staff resources with automation
The survey finds 76% are deploying automated patching procedures and that live patching to fix vulnerabilities is commonly used (47%) to avoid downtime that is normally associated with patching. This is not surprising given the volume of vulnerabilities that are discovered and patched every week. There are simply too many patches to apply to do so manually and IT professionals are using automated tools to help keep up with the volume.
Yet, the survey found that manually researching vulnerabilities online is the most commonly used method (75%) in vulnerability management. It suggests that while automation has a place, some organizations have not fully embraced automation – and that automation may not cover all aspects of vulnerability management.
“There is no doubt that organizations of every size are struggling to keep their server fleets up to date in their efforts to patch security vulnerabilities,” said Jim Jackson, president and chief revenue officer, CloudLinux.
Waiting for the next periodic maintenance window to apply patches
It was learned that 45% said they cope with vulnerabilities simply by waiting for the next periodic maintenance window before applying patches. This means that during that period of time their servers remain vulnerable — a less than optimal situation.
A notable finding is that 73% of respondents rely on a single operating system in their server fleets suggesting that organizations value the ease of maintenance of using a single Linux distribution rather than utilizing specialized Linux distributions for different roles. Most commonly used were either CentOS or another CentOS fork.
Respondents were asked what features they would like to see in a patch management tool with the three most desired cited as: fast responses to new critical vulnerabilities and exposures (CVEs) (88%); live patching (75%); and automated comprehensive reporting (70%).