It’s remarkably easy to put off patching and because of this, database administrators (DBAs) have historically been lukewarm in their approach to applying patches.
There are a range of factors that explain this seeming reluctance to patch. For a start, applications are not always tested up to the latest database version which binds a DBA’s hands. Updating a database could lead to application performance issues – or even failure – resulting in downtime.
This means that DBAs can invariably find themselves in a situation where they have to balance the risks of patching vs not patching.
For example, failing to apply security patches can lead to critical performance issues and potentially even downtime. Perhaps this could be solved by applying the latest patch. However, applying a security patch update too soon, prior to rigorous testing, risks introducing bugs that have yet to be ironed out.
In this respect, it’s no surprise that DBAs are faced with decision paralysis, and choose not to patch as soon as they perhaps ought to.
A patch management strategy is designed to alleviate these concerns. Putting patch management policies and processes in place help DBAs arrive at a conclusion that addresses an organisation’s specific needs.
In fact, implementing a proactive patch management strategy can save time and money – plus a range of additional key benefits, as discussed in this article.
Patch Management Strategy Benefits
1) Enhanced Security
The cyber crime industry is now worth around £1.1 trillion, with databases a prime target for hackers. This is unsurprising, given that the database typically holds an organisation’s most valuable information.
And whilst it’s true that most exploits are typically found via unpatched applications running on the database, rather than the database itself, an unpatched database still remains a security risk.
To meet these risks, Oracle, for example, publishes quarterly CPUs (critical patch updates) in January, April, July, and October. The most dangerous vulnerability period (bar a zero-day exploit) is the time between the date when a patch is made available and the date when the patch is applied.
Implementing a patch management strategy helps your organisation roadmap out future updates and plan precisely when these patches ought to be implemented.
This, in turn, helps bolster your business’s security.
From purely a security perspective, the sooner you apply a patch, the better. However, it isn’t always that simple. You need to also account for patch supportability and the occasional risk posed by teething issues following a patch.
2) Bug and Performance Management
Many DBAs opt to wait for a particular amount of time to pass before applying a database patch.
And there’s a good reason for this.
Early patch installation can lead to unexpected performance issues and bugs. This is because not every single application will be compatibility-tested by the database vendor.
And if one of your applications on a production database does turn out to have a conflict with an update, it can cause a whole range of issues including sluggish performance, even rendering software unusable on that version.
A proactive patch management process can dramatically reduce the likelihood of this happening. This involves scoping out the key applications and services your business uses, and then testing the updates in a non-production environment to ensure any patches do not cause adverse effects.
3) Downtime Prevention
The avoidance of downtime is essential under any circumstances. And if your organisation is relied upon to deliver a 24x7x365 service, this is especially true.
However, as previously discussed, choosing not to patch isn’t a realistic option. Failing to use any form of patch management process creates unnecessary security risks and unstable, unpredictable database performance.
But how can you apply patches if your environment is required to be always running?
This is where planning out a patch management process can help. Taking high demand periods into account, your patching strategy offers a logical, practical approach to patching.
For example, instead of patching all databases as soon as updates are released, and potentially causing unexpected downtime, your patch management strategy will help identify the critical patches for your system and schedule them accordingly.
In short, prioritising updates according to risk.
You may, for example, choose to patch the standby server first, before allowing your main server to then fail over to the newly patched standby, whilst the main production server is patched.
Creating a patch policy standardises your patching process and can improve efficiencies when it comes to performing updates over the long-term.
Simply put, a patch management strategy opens up a range of benefits to businesses when it comes to applying patches and fixes in a safe & timely manner.
But how do you formulate an effective patch management strategy that fulfills all the necessary criteria?
Check out our proactive patch management strategy for tips on how patch more effectively in a disruption-free manner and, ultimately, avoid costly downtime.
Xynomix has unrivalled experience across the full range of Oracle and Microsoft SQL server database environments. As industry-leaders in managed database services and consultancy, we are perfectly positioned to offer independent enterprise-grade support to keep your critical systems up and performing perfectly. Get in touch now on 0345 222 9600 or via [email protected].