- Constant patching and updates to security products is overwhelming IT shops caught in a nightmare that won't end until vendors wake up and provide better software and automated tools.
Analysts predict it will be at least six months until security products have the automated tools required to simplify these processes, leaving IT shops struggling to cope with the sheer volume of constant security fixes.
IT managers who spoke to Computerworld Australia say vendors advise companies to install every patch that is issued, but say the process is unrealistic because many organisations use hundreds of servers, adding: "Why can't new operating systems be tested more thoroughly before going to market?"
According to a study by UK-based security provider Activis, a company with an IT infrastructure consisting of only eight firewalls and nine servers would have had to make 1315 updates to those systems in the past nine months alone, which is equal to five updates per working day.
The estimate of fixes is based on the total number of updates and patches released during that time by the main software and security vendors.
This means IT managers at companies of that size would handle more than 500,000 log file entries every day as each firewall generates an average of 200,000-plus log entries and 20 alerts per day.
Even with automated installation, the downtime related to rebooting servers after patches are installed is still a significant issue the security industry must address.
"Rebooting servers all the time is not good for the system, not to mention the downtime when users have to log off the server when installing patches," an anonymous IT manager says.
"There are often more changes and details to track than there are people to do the work."
An IT manager at an airline charter company said products are released with too many "holes", and the process of patching requires constant vigilance.
"We have enough to do already without installing patches and updating all the time. Perhaps software vendors could make the process a little friendlier by better automating their update mail listings," he says.
Australian Broadcasting Corporation application services manager Wayne Barlow agrees with the study but pointed out many security vendors use the "fear factor" to their advantage with claims like, "your company is doomed if you don't use this right now".
Barlow says there is also a lot of product choice in the area of security, which only adds to the problem and forces users to deal with a number of vendors.
"The problem is further exacerbated by the fact that security vendors want to keep secret how their products work for obvious reasons," he says.
Jan Schreuder, technology risk partner at PricewaterhouseCoopers, says vendors like IBM and Symantec are trying to develop automated tools to make it easier for users, but they won't hit the market for at least six months.
He agrees with the study but pointed out it is physically impossible to test software 100% prior to its release.
The Activis study looked at a typical configuration used by most companies including Microsoft's NT servers, SQL Server and Exchange, Checkpoint firewall products, Sophos antivirus applications and Internet Security Systems' RealSecure network and server scanners.