Regular patch management is crucial for the security of the computer network of your business.
Whether it is from Microsoft, Adobe, Quark, Océ, Kodak, Xerox, or for SmartBoard, PitStop, Quite Imposing etc., patches are released by software vendors usually to address security issues or to provide bug fixes. Occasionally they enhance or add new features.
Because software security vulnerabilities are the most common ways through which malware can penetrate your computer network, patch management is a good security blanket. While antivirus solutions are great for detecting and removing malware once it is detected on your system, security patches are aimed at closing the doors that malware can use to reach to your system.
The large majority of security vulnerabilities can be fixed by applying the latest patches provided by software vendors. But as we know, commercial printers have unique environments with sometimes ridiculously outdated hardware and software – Novell 3.1 anyone? How about that DocuTech 1.0 with software that can only be fixed by that guy in California?
Then you have Canon, Xerox, and Océ with their servers and workstations that no one knows what they are doing other than we “just send files to them”.
If you need more proof about the critical nature of patch management, recall that notorious worms like the “I Love You” virus, SoBig, Conficker etc. had patches that fixed the vulnerabilities exploited by the worms, but due to lack of patching, they continued to spread, infecting millions of computers worldwide.
According to the SANS Institute:
Unpatched client-side software is currently the primary initial infection vector used to compromise workstations that have Internet access, and it often receives less attention than lower priority risks.
For example, in an environment we manage, we came across a printer front-end running Windows 7 that had over five hundred (500!) patches pending. The truth is that most of these devices are just sitting there often forgotten (especially the servers), yet they have full access to your computer network shares, databases, user directories etc.
What is even more disturbing is that the printers, servers and workstations also have full unrestricted access to the Internet, and many of them need administrator-level access to function.
Granted, in this unique world of commercial printing, there are a couple of reasons that make up-to-date patching a bit impractical. For one, there are usually no dedicated network administrators. The end result is that a hapless and overworked prepress operator or graphic designer is saddled with the task of also managing the network.
The problem here is that with the ever looming deadlines and demanding customers who want stuff done now, these conscripted “network admins” do not have an overview of what patches were installed on which machines, are not notified about update failures and really have no control over which patches will be applied and which will not – especially if the technician from Canon or Kodak or Xerox tell them not to mess with the settings of the workstations or servers.
Sometimes patches can have bugs or enforced security can prevent some applications from working. This is especially true in the commercial printing environment. Many of the servers and workstations that power the printers cannot even function when an antivirus software is installed.
And in some cases, some software will not work with newer operating systems – for example, PrismaPrepare will not work in Windows 10 unless you’re willing to pay for a very expensive ‘upgrade’.
The complex nature of the commercial printing environment makes managed patching even more critical. As a best practice, the patches may need to be installed in a test environment first, to make sure that applications critical to getting the job out the door are working fine before deploying them in the production environment.
Solution for Patch Management
To ensure that your commercial printing business network is secure and working flawlessly, it is essential to have a proper patch management system that ensures computers, devices, and proprietary software have the latest security patches applied on time and with minimal effort.
Benefits of Automated Patch Management
The security of your computer network is one of the most important reasons to consider an automated patch management solution. Software vendors release new patches to fix security weaknesses and holes in their products. If left unpatched, these vulnerabilities may be exploited by mischief makers who are intent on disrupting your business, holding you to ransom or working for the competition.
Compliance with Federal and State Regulations
As a commercial printer, you come in contact with all kinds of sensitive documents that could require compliance with industry, federal or state regulations.
Here are some relevant regulations tha may affect you:
- Payment Card Industry Data Security Standard (PCI DSS) – for credit card use;
- Health Insurance Portability and Accountability Act (HIPAA) – for those medical records and forms you print;
- Sarbanes–Oxley Act (SOX) for financial records you receive, print and store;
- Gramm–Leach–Bliley Act (GLB/GLBA) – for the protection of customer financial information;
- Federal Information Security Management Act (FISMA) – for the security of information about government computers that you may print;
- Family Educational Rights and Privacy Act (FERPA) – for the security of educational information and records,
You are required by law to protect the privacy and data of employees, customers and partners.
Compliance violations can lead to heavy fines and may result in losing business opportunities (with a state agency, for example), legal and financial penalties or even negative business reputation.
The need to stay in compliance of these numerous regulations which are imposing security best practices on companies, has become one major reason businesses are implementing a patch management solution.
Employee and Business Productivity
When the devices on your computer network are patched using an efficient system, it reduces the stress on employees, especially non-technical employees who are saddled with the double duty of acting as ad-hoc network administrators.
This ultimately helps to improve the productivity of the company in many ways, whether through performance improvements for the products they apply to, or they made help in resolving computer or printer crashes – the most frustrating experience for any prepress operator or graphic designer in the middle of a composition, or ripping of huge files to the printer.
When there are unpatched systems in a computer network, they can become slow, behave erratically, or become infected by malware. The net effect of this is not only the potential loss of sensitive data that belongs to customers or the company in case of an infection, but also the downtime that comes with it. This can be especially devastating in the commercial printing environment.