VIctorian-based Kingston City Council has rolled out an automated patching system to ease internal audit requirements and ensure remote workers use secure corporate equipment.
In recent months, Kingston City Council has purchased 25 Patchlink licences for an internal IT team of 19 staff. Previously the council had been using a “tick the box” process of downloading and installing patches for their desktop and server environment.
At the same time the Kingston City Council has been tackling a massive VMWare server virtualization project with 80 percent of it’s environment already virtualized.
But internal support for some 40 different applications was lacking forcing the council to look at an automated way of collating, testing and rolling out patches to its fleet of desktop PCs and servers.
Applications range from financial to aged care, planning and health.
The council’s ICT services director Duncan Kelly, said the local government authority is responsible for a lot of remote sites and desperately needed to automate patching.
Kingston City Council has around 30 remote sites and two large sites with 350 and 150 PCs.
What makes patching difficult, Duncan said, is that some sites are only operational for two hours a day.
“We’ve gone from three major premises to two and have 30 remote sites,” he said.
“These sites sites are only open for two hours of a morning and two hours of a night so workers don’t want an IT person coming in and taking over their PC.
“As PatchLink do their testing we actively test as well to ensure we don’t blow away two-thirds of our fleet with one single Microsoft patch.”
Kelly said the council has a strong focus on compliance liaising with internal auditors every year.
And while Patchlink undertakes extensive testing for all its patches, Kelly said the council has actually increased its internal Q&A testing since rolling out the software.
“It is just used as a patch aggregation tool and from the initial 48 hours after a patch is released it could be another two weeks before we roll it out depending on our testing and workload. We don’t have an IT security person on staff whose main responsibility is to look after patch management,” he added.