Granted, it was only two conversations. But they each put a new perspective on a growing, if not new, problem.
That problem is patching. And while the prospect of sorting through 700 or so patches a year may not be your idea of time well spent, for many of you it also happens to be necessary.
Vulnerabilities and patching are nothing new. But with a rise of the former — 3,784 vulnerabilities were reported in 2003, according to the CERT Coordination Center, up from 1,090 in 2000 — the latter is becoming an increasingly time-consuming task. And with risk of not being diligent higher than it has ever been, harried IT staff must find ways to get the job done.
And it’s these accumulated headaches that may push some midsize firms in Canada to look seriously at IT service providers.
Kevin Francis, former head of Xerox Canada, is now CEO of CenterBeam, a San Jose-based IT infrastructure provider. He recently generated buzz after an opinion piece he wrote appeared on a major U.S. news Web site, in which he compared patching Windows software to the story of Sisyphus, who, after offending the Greek gods, was doomed to forever roll a giant rock up a mountain, only to have it tumble again to the bottom when he reached the summit. In other words, an utterly futile effort.
I got a chance to sit down with him while he was in Toronto recently, and he said the patching problem is a tough one for smaller firms to solve. “Microsoft could be developing a patch, but their objective is to fix the flaw in their software. The issue, though, is that their software doesn’t sit in an island,” Francis said.
Although switching platforms or boosting quality measures are options, another is to “adjust to anticipate changing marketplace requirements,” or hand the job to someone else.
Robert Offley, president and CEO of Fusepoint Managed Services in Mississauga, Ont., echoes that view. He uses his dedicated, 24×7 staff dedicated solely to patching as a sales pitch when meeting with potential clients. “(Their) sole job is to patch,” Offley said. “The patches are available…before the virus hits.”
Of course, both Offley and Francis have a vested interested in their predictions. But the climate around IT expenditures has changed, and it isn’t likely that the need for patching is going away anytime soon.
And with patching, if something is going to bend, it’s increasingly likely to be coming from your side of the fence.