Customer Success Story

Global Sources

Manual Patching to Automated Patch Management

Overview

For international business-to-business media company and trade enabler Global Sources, IT security across multiple platforms and locations around the Asia Pacific region is paramount. Global Sources chose Lumension^® Patch and Remediation to handle automated vulnerability assessment, patch remediation and reporting throughout its organization.

Established in 1971 in Hong Kong, Global Sources is one of the most popular business-to-business Internet websites in the world. In 2000, Global Sources became the first Asian-based pure business-to-business company to trade on NASDAQ. In 2005, the Global Sources community comprised more than 463,000 merchandise buyers worldwide.

Like other multi-national corporations, Global Sources operates a complex IT environment and has several thousand workstations and servers located in regional offices in China and other parts of the Asia Pacific region. “As a NASDAQ-listed company and subject to SOX requirements, we take security very seriously,” says Bill Georgiou, Global Sources’ CIO in Hong Kong. “Our aim is a comprehensive approach extending all the way from the policy level to the network & individual applications and desktops ”

Challenge: Manual Patching Takes Time

To maintain security across its systems, Global Sources in the past implemented security patches manually, keeping close track of every vendor’s updates.

But as Internet vulnerabilities and threats multiplied, the company increasingly realized that this manual process was less effective and time-consuming, taking up valuable IS resources away from other value adding operations.

Solution: A Choice for Automated Patch Management

“We looked to find a cost-effective solution that provided automated patch management and had the capability to react quickly and appropriately to the latest Internet threats and vulnerabilities. After looking at the market, we came to the view that Lumension^® Patch and Remediation was the answer to our call,” says Georgiou.

Implementation of the solution was straightforward. The process took just two weeks, during which time, IS staff from the company trained on the product and worked jointly with an expert SI recommended by Lumension. No end user involvement is now required in detection, scanning and patching. Reporting is also done automatically to ensure that all computers in the organization are up-to-date.

Security Comes First

Georgiou recognizes the challenges of judging the value of investment in security. “Measuring security ROI is inherently a challenge” he says. “Identifying the benefits of replacing manual security procedures is straightforward. But assessing the opportunity cost of a security breach and its impact on business is more subjective and complex. In that sense, narrow financial ROI criteria should be tempered with broader company goals and strategies. At the end of the day who would rather trade a 15% ROI from a $20K security project for shutting down the business later to recover from hacking made possible through an unpatched computer.”

Georgiou adds: “Lumension^® Patch and Remediation provides a security solution that fits into this approach.”

 Global Sources