Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
2x a month. No spam.
January 24, 2023 - Tech Evangelist
Anyone that’s committed to a five-nines mandate will dread the idea of a cybersecurity breach. It’s a fast way to lose service continuity and it can lead to a long recovery period.
Frustratingly, one of the best ways to protect systems against breach success – vulnerability patching – is also one of the things that can easily get in the way of maintaining the five-nines mandate, because patching degrades performance, sucks up sysadmin resources, or causes outright downtime.
What is a hard-working sysadmin supposed to do?
System uptime always matters because an application or service cannot serve its purpose if it’s not available. The degree of availability is also pertinent. If the HR system in a small business is inaccessible for an hour a day once or twice a month, it’s hardly going to upset someone.
The same outage on an online retailer’s website could lead to a six-figure revenue loss – or even more. In some instances, availability is critical: think about emergency services or critical infrastructure, for example.
It’s not reasonable to expect, however, that a system is online 100% of the time, because uncontrollable events can and do happen.
Five-nines availability refers to a system that is available 99.999% of the time (it gets its name from the five “nines” in the percentage). This translates to a system that is down for no more than 5 minutes per year. It’s a benchmark for highly reliable systems or mission-critical applications, but it’s also a common standard in the technology world that would apply to cloud infrastructure, for example.
What can sysadmins do to maintain a five-nines directive? Well, we all know the drill:
If all goes to plan, you should maintain high levels of uptime and never get in trouble with stakeholders or things like SLAs where you agreed to 99.999% availability.
Maintaining five-nines availability is achievable with a mix of strategy, resourcing, and planning. But even a perfect strategic mix can clash with broader goals, including maintaining the security that ensures availability.
Patching newly discovered vulnerabilities is one of the key steps in maintaining that security. If you don’t patch in time, you run the risk that a breach might occur soon after the vulnerability is discovered. That breach can make mincemeat of your five-nines efforts and it could take you months to recover.
On the flip side, patching requires either taking a system offline (which will probably break five nines) or, for high availability, entails reduced performance – which can spill over into brief or longer disruptions that also break the five-nines availability mandate.
It’s a tough conundrum because sysadmins need to either intentionally impact availability or delay doing so while taking on the risk of something far worse going wrong.
Thankfully, sysadmins tasked with five-nines availability have an alternative to the patching conundrum. It’s called live patching, and it’s a simple way to ensure that security updates are applied consistently – but without the need to restart the service being patched.
We discuss live patching in more detail here, but – in summary – live patching is a tool that enables sysadmins to apply critical security patches without needing to restart the underlying system.
It means that sysadmins can patch for vulnerabilities without causing a break in service continuity. In fact, live patching happens so seamlessly that vulnerability patching can occur without affecting the performance of high-availability systems. There’s also little risk that performance would degrade so much as to result in a service disruption.
Live patching supports five nines by reducing the risk of a disruptive cyberattack, and by minimizing the performance impact of patching-related activities.
Sysadmins have many tactics available to them to help pursue their five-nines goal. Live patching should be part of that toolset because live patching solves two major concerns with availability. First, live patching ensures much tighter, more consistent vulnerability patching that protects systems against threats.
And, second, by removing the need to disruptively restart services for patching, live patching also solves another key five nines issue: avoiding downtime. If you’re a sysadmin tasked with maintaining fives nines, you should review TuxCare live patching services to see how it can help you support your availability objectives.
Learn About Live Patching with TuxCare
Regulations and standards guide companies toward a consistent cybersecurity response....
Hackers frequently target payment card industry (PCI) data. To help...
Cybersecurity insurance policies are considered by many to be a...
It’s the making of a horror film: a cyberattack that...
As expected, 2022 was a tough year for cybersecurity, with...
To meet organizational requirements, compliance mandates, and regulatory requirements, Managed...