A different approach to patch management

Posted by Eran Feigenbaum, Director of Security, Google Enterprise

Editors note:This post is part of a series that explores the top ten reasons why customers trust Google with their business data. A complete top ten list can be found here.

In the previous post in this series, we described how Google’s cloud data centers are designed and built to protect the data that customers store in Google Apps. One of the benefits of this architecture is that our customers don’t have to maintain the systems that run Google Apps, we do it for them. This reduces both costs and risks for our customers.

One of the risks organizations face comes from malicious software (a.k.a. “malware”) that attempts to exploit vulnerabilities in operating systems and applications. As vulnerabilities are exposed, technology vendors issue patches to fix them in what has become a seemingly never-ending routine. This can be costly and time consuming as it becomes a race to patch vulnerabilities before they’re exploited. When organizations support multiple versions and types of operating systems and applications, the challenges increase rapidly. Using Google Apps eliminates servers and reduces the number applications that need to be patched, which helps reduce risk.

Customers such as Brian Hobbs, IT Director for Hunter Douglas have this to say about patch management in Google Apps: “The company saves money but even more importantly, I save time in administering licenses, installations, security patches, and training.”

Many organizations that I talk to describe how they have developed a proficiency in deploying patches in their legacy environments. They’ve done so out of necessity - there really was no choice. But these proficiencies carry high costs in terms of human resources and 3rd party patch management systems. Google Apps allows organizations to change this mindset and reduce the number of IT resources and 3rd party systems dedicated to the patch management process.

Andrew Murrey, Vice President of IT Infrastructure at Cinram North America, had this comment: “we calculated that we could be saving 60% on email alone by moving to Google Apps for Business – a clear winner when it came to price per user – but we also knew we’d save serious time on IT management, freeing my team up to do more strategic work.”

IT security professionals often ask me how we address patching. In our data centers we take a different approach to patch management. Rather than many different types of systems, we have a very homogeneous architecture that allows us to be highly efficient in deploying patches. The data center machines are specifically designed and identically configured in ways that reduce the potential number of vulnerabilities within our systems compared to traditional on-premise, so called “private cloud” and hybrid technologies. When a patch is required, our architecture allows us to deploy it very quickly across all our systems. And it’s seamless and invisible to our customers, which allows them to take a different approach to patch management as well: one that reduces risk and cost.

In the next post in the series we’ll look deeper into strong authentication. In the meantime, for more information about the data protections in place for Google Apps, please visit our Google Apps Trust page.