5.14 Maintenance Part 1: Patch Management

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

9 hours 48 minutes
Video Transcription
now our next section, we're gonna talk about maintenance. And again, this generally happens at the cloud Service Providers environment. And we want to make sure their cloud service provider has accommodations
for just the basic maintenance of their devices. Right. Server upgrades, hardware upgrades, firmware upgrades,
whatever those may be so way. Want to make sure that how the vendor handles maintenance is specified in our contractor service level agreement. What are we what's gonna happen in that instance? Are we regulated to a separate section of the network or we
down for that time? You know, we've certainly
gone to service providers. I don't know if you've ever gone somewhere three in the morning because you can't sleep and thought, I can't live unless I check my balance for Netflix. Something on on you go to that servant says we're shut down for maintenance.
Well, you know, that's a possibility. And that may be okay with us. Or are they guaranteed that up time? Even in maintenance?
Now there is a specific mode called maintenance mode, where customer access is walked. It's not allowed, Um, and this could be testable, so maintenance mode. You can't access it. However,
logging is still enable. So any attempted access or any sort of activity is still walk. I'm not sure why that's significant enough to
To be testable is kind of seems just logical to mate. But yet logging still happens. But access is disabled. Um, hosted v EMS again. They're hosting our virtual machines. Are those migrated prior to maintenance?
Well, they would have to be if we're gonna have that high availability
through the maintenance face. Right. So the bottom line is, everybody has to have time for maintenance. Do we get 24 7 access, Even through maintenance, there better be accommodations or we down for that period in maintenance mode where the access is blocked. But we still have logging
now, along with maintenance patch management. And I'm not gonna, you know, read the patch management steps. These air say the same again as on Prem. But this goes with maintenance, right? How patches are
determined to be significant versus non significant winter patches rolled out. How's that automated
again? Things that I have to know from my cloud service provider
automation makes patch management life easy, right? Having a server like us, W s U. S server, and I'm just pulling that off the top of my head. Having a patch server that downloads the patches from the Internet.
Administrators approve, and then clients perhaps connect in and download those patches. So how is that automation handled is handled through policy? What sort of automation technologies
are we able to ensure that there's most severe or those most relevant patches? Can we guarantee that they get pushed out as soon as possible? Because we know not all patches air created equal. Our main concern is the security of the systems at all time.
We also don't want to box things down by getting patches pushed out on our segment. That air just irrelevant. Tow us right? Sometimes patches make modifications. So do we have a way of making sure there's patches are tested?
Got to, um, are they documented? Do we have rolled back mechanisms? All those things were normally concerned with patch management. You know, standardization is a huge problem. It's becoming less so. You know, one of the beauties of software is a service, right? I don't care about patching because that's not what I do.
I'm using the software that you patch and that you deal with.
So you know it's not my problem so much anymore. But in infrastructure is a service, I have to make sure that my software's patched, you know, and I have to make sure that I have a mechanism to handle those patches that can grow is necessary.
A lot of time system need systems, need reboot after patching how we're gonna deal with that. What about different time zones? I don't want patching going out during, you know, the 8 a.m. rush hour somewhere. Also this idea of snapshots
or perhaps even suspending via mes But the snapshot process before patches air rolled out
to make sure that we're able to go back very quickly. So Patch Management always produces its own set of challenges.
Up Next
Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By