Integrator Enjoys Northern Exposure
The government needed a patch management solution that would ensure its networked desktops and servers were patched within five to seven days and critical patches were distributed within 24 hours.
After the blackout of 2003 and the vicious Blaster worm that rapidly spread later that summer, Dale Tasker, manager of IT security operations for the province of Ontario, knew it was time to make a change.
“We operate in a regionalized environment where we have eight IT clusters operating under line of business, so we had different solutions in different clusters. Some were very much a manual kind of solution; others were using different products with different success,” Tasker said.
A request for bids and proposals brought in Conexsys, an integrator based in the Toronto suburb of Mississauga, which offered up an enterprise-class patch management solution from PatchLink and ultimately transformed the way the Ontario government monitors and manages its network.
The software from Scottsdale, Ariz.-based PatchLink sends agents to each device to keep track of the system’s status regarding which patches are applied and which are missing. The agents then transfer that information to a server.
A three-person team from Conexsys spent a year evaluating how best to integrate the different branches of the government under one system while learning how each functioned.
“Everybody looks at the government as one gigantic fiefdom when in reality it’s a number of discreet ministries all wrapping up into discreet clusters,” said Les Llewellyn, vice president of professional services at Conexsys. “If you look at the Ministry of Health, for instance, they deal with hospitals, doctors, etc. They have specific requirements as to how they conduct their business. Each of those individual groups has unique requirements for patch management.”
“This is a 70,000-site implementation, but again, you’re talking about desktop solutions; the product is relatively easy to deploy, and once you get over some of the initial hurdles of architecture design, actual implementation isn’t overly difficult,” Llewellyn added. “Within a year they’ve gone from relatively zero— a hodge-podge of solution sets—to a standardized, centralized, manageable patching solution.”
Conexsys has a contract to supply and install the PatchLink software, and the government pays an annual maintenance fee. It also uses Conexsys’ professional services for training and troubleshooting, as well as its help-desk service. In addition, PatchLink has worked with Conexsys and the Ontario government to develop patches for custom applications.
The government has its own IT staff perform patch testing throughout the network before deployment.
“I know we’ve gone through a couple of critical patch windows where they have successfully met the critical patch deadline of having 90 percent patched within four hours,” Llewellyn said. “[The government is now] much more confident in their ability to sustain and avoid a malicious attack. All of those things are bound to be significantly positive.”
Tasker is pleased with the solution so far.
“It was one of our few enterprise solutions bought for the entire organization and those eight clusters. It’s working out quite well as a corporate solution,” he said.
Regarding his experience with Conexsys, Tasker said, “They’ve been very responsive to our needs. They had an early understanding of our architecture and our business needs and made sure we were on track to deliver those kinds of things with their partnership. I think it’s been a true partnership with them in terms of them understanding our needs and helping us deliver the solution we’re looking for.”