Applying available patches against known vulnerabilities is fundamental to securing networks and data and mitigating the legal risks associated with data breaches. Some of the largest data breach enforcement actions in the world cite a lack of appropriate patching against known vulnerabilities as a contributing factor to the record fines levied against companies that experienced data breaches. This is true even though the data breach was the direct result of a malicious actor exploiting the vulnerabilities, and not the mere presence of the unpatched vulnerabilities.
Patch management is an integral part of reasonable security measures for protecting personal data. And although not all patches are necessary to secure the privacy of data, a patch management system is considered a standard feature of a reasonable security program . The patch management system provides a systematic and scalable means of evaluating individual risks associated with a given bug or vulnerability. Failure to implement a published patch against a known vulnerability can considerably limit an enterprise’s ability to defend against data breach lawsuits.
Patch management can also be a key driver of digital transformation efforts. Enterprises can take advantage of shared responsibility models that delegate hardware and infrastructure patch management to cloud service providers. NetApp customers using Cloud Volume Services on AWS or Google Cloud, or customers using Azure NetApp Files can contract with Amazon, Google, or Microsoft to patch the underlying hardware and firmware as part of their cloud services agreements. This frees up enterprise resources to manage applications and data rather than patch management infrastructure.