The Challenges of Patching
Patching is a challenge, but vitally important.

Sometimes I forget that my dad knows a hell of a lot about financial IT. The man is pushing seven decades on this planet, with about four of those decades spent building data centers for various insurance firms and, finally, Avon. (Yes, my Bronx-born-and-raised, Marine father finished his working career at the global beauty products behemoth...and he actually really enjoyed working there, ironically enough.)
Anyway, in passing I mentioned that I'm working on a story looking at running patches after a new vulnerability is discovered or a software upgrade is necessary. Sure enough, he knew the subject well and regaled me with some tales.
After talking with my old man, and several industry CIOs/CTOs, here are a few broad takeaways that I'll look to delve into more deeply in the April issue of Waters:
1. As an IT specialist, you'll receive absolutely no praise or rewards for keeping the firm safe from cyber attacks by keeping up-to-date on patch releases. These patches take a fair amount of manpower ─ usually on weekends or late at night ─ and if you do your job well, no one outside of IT will have known that you've done your job well.
But, if something gets screwed up, or, in the worst-case scenario, a hacker sneaks in and takes information out, heads will roll.
2. There isn't a great science behind patching; it's more about logistics, operational cohesion, and diligent back testing. The key is to make sure that by running a patch on one system, you don't inadvertently throw off another linked system.
3. As with anything in security, you're in a perpetual up-hill battle when trying to defend against vulnerabilities. So many things at a financial institution are interconnected that in many ways, you're working on a hope and a prayer.
4. Patching is time consuming. The weekend is valuable time in IT, and the more time that is dedicating to patching and then testing, takes away from building and testing for more business-oriented projects. Again, it's not fun, you don't get any credit for it, and it can serve as a time-suck. But in today's day and age, it is absolutely, positively critical.
As I said before, I'll be writing more in-depth about this for the April issue, which will be dedicated to cyber security. The magazine will profile a prominent chief information security officer (CISO), and it will have a round-table of CISOs discussing how this position has taken on importance on Wall Street in recent years, and what makes for a good CISO. (Hint: There's no one right background...everyone seems to have their own theories.)
The issue will also take a look at security vendors in the space and layout all the major hacks from the last 10-20 years, and what firms learned from these breaches.
As for my patching story, if you have any insight, I'd love to hear from you. You can reach me at anthony.malakian@incisivemedia.com or give me a call at 646-490-3973.
The Sunny Shores of Florida...Oh, and FIA Boca 2015
Tomorrow I'll be flying down to Florida for this year's FIA Boca (Raton) conference. My slate is fairly-well filled up with meetings, but please don't hesitate to pull me aside for a quick chat if you see me ─ I'm the guy with the shaved head and bushy beard...I kinda stand out.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@waterstechnology.com
More on Emerging Technologies
Standard Chartered goes from spectator to player in digital asset game
The bank’s digital assets custody offering is underpinned by an open API and modular infrastructure, allowing it to potentially add a secondary back-end system provider.
Saugata Saha pilots S&P’s way through data interoperability, AI
Saha, who was named president of S&P Global Market Intelligence last year, details how the company is looking at enterprise data and the success of its early investments in AI.
Data partnerships, outsourced trading, developer wins, Studio Ghibli, and more
The Waters Cooler: CME and Google Cloud reach second base, Visible Alpha settles in at S&P, and another overnight trading venue is approved in this week’s news round-up.
Are we really moving on from GenAI already?
Waters Wrap: Agentic AI is becoming an increasingly hot topic, but Anthony says that shouldn’t come at the expense of generative AI.
Cloud infrastructure’s role in agentic AI
The financial services industry’s AI-driven future will require even greater reliance on cloud. A well-architected framework is key, write IBM’s Gautam Kumar and Raja Basu.
Waters Wavelength Ep. 310: SigTech’s Bin Ren
This week, SigTech’s CEO Bin Ren joins Eliot to discuss GenAI’s progress since ChatGPT’s emergence in 2022, agentic AI, and challenges with regulating AI.
Microsoft exec: ‘Generative AI is completely passé. This is the year of agentic AI’
Microsoft’s Symon Garfield said that AI advancements are prompting financial services firms to change their approach to integrating AI-powered solutions.
Inside the company that helped build China’s equity options market
Fintech firm Bachelier Technology on the challenges of creating a trading platform for China’s unique OTC derivatives market.