Volume1: Online security: Patch Management Package Selection: Two Prime Considerations

This is Connectikpeople series in partnership with csoonline, is aiming to help you  improve your security online step by step. Today, we focus on Patch Management Package.

In fact a primary decision is whether to turn to a configuration management system for its patch capabilities or to a point product that may or may not also offer configuration capabilities. According to Colville, the reasons organizations choose the latter is they're not ready to commit to a full lifecycle configuration suite, or their current configuration management tools don't provide a best-of-breed patch management capability. The trade-off of having both in your environment, of course, is the need to deal with multiple agents and consoles.

Eric Maiwald, an analyst at Burton Group, suggests first evaluating your configuration management system for its patch management capabilities, since it might be advantageous and less expensive to maintain the same architecture for both functions, especially if it already works well in your environment. However, if you change your mind, the functionality will be more difficult to remove because the single-vendor approach means the software is embedded more deeply into your architecture.