What is patch management?

Unlike bridges or buildings, which are designed, built, then largely left alone, software is ever-changing and evolving. At the foundation of every computer is the operating system, which is software that controls the hardware and provides a conduit for other software to access the hardware. The most common operating systems are: Windows, MacOS, Linux, iOS, iPadOS, and Android. These operating systems are constantly improved in order to keep up with new hardware and better ways of handling data, but just like every other piece of software, they aren't perfect. They sometimes have holes, which we commonly refer to as "bugs." 

Many times, these holes in the operating system affect the security of the system. They are then referred to as a "vulnerability" within the system. These vulnerabilities can vary in severity from minor to critical, allowing full system takeover. In order to keep systems secure and running well, "patches" are released regularly to cover up the holes. Despite their name, the patch is often a proper correction of the hole, rather than a "quick and dirty" fix.

While applying operating system patches is usually simple and straightforward, it is typically put off because it takes time and often requires a reboot of the device. Patch management ensures that patches which are released on a regular basis are actually applied to the affected systems, so that the holes are covered up. This is basic hygiene to ensure a strong device security posture. When there are less holes to be exploited by a threat actor, there is less of a chance of a vulnerability becoming a security incident.

Tridium includes patch management as a foundational part of all of our managed services packages.