������Ƶ

Vehicles require regular maintenance to perform properly and safely for their entire lifetime. Software is no different. Everything is a computer today (including your vehicle), and those computers require regular maintenance in the form of patching and upgrades.

Software patching is the process of applying vendor-provided updates to an application running on your device. This may be an internet browser on your laptop such as Google Chrome or your favorite video game on a gaming console. The method of applying updates will depend on the device but patches all address the same two components: usability and vulnerabilities. 

Usability and Vulnerabilities

You may notice usability patches in the form of new features on a device. For example, major iPhone or Android OS updates may change the user interface with your phone. They include new ways to interact with applications, graphical changes, and may silently improve the efficiency of processes running on the device. 

Vulnerabilities are addressed by security updates included in the same or similar patches. Vulnerabilities are weaknesses in software that leave potential for exploitation or misuse of a technology. When a vendor, such as Apple, identifies a vulnerability in an application or operating system, they develop a fix to “patch” the hole that the vulnerability left in the application. Although security patches may not provide new and fancy features, they keep your device secure and your data safe!

Patching is an important and ongoing process to ensure your devices and software operate effectively, efficiently, and safely. Applying patches in a timely manner ensures your devices and applications remain secure and keep your sensitive data safe from bad actors. 

Patching Devices

Faculty, staff, and students interact with sensitive data in their regular work. Any device that stores, processes, or transmits sensitive data is required to ensure a minimum level of security to meet legal, regulatory compliance, or policy requirements. In every case, those devices are required to meet patching requirements defined in the ������Ƶ Patch Management Standard.

The Patch Management Standard defines patching requirements for ������Ƶ-owned devices. Patches are automatically delivered to university-owned and managed devices, while non-managed devices require manual steps to apply updates. It is important to note that your device may require a reboot to apply the patches. If you are unsure whether your device(s) are up to date, follow the steps in this Knowledge Base article:

Securing University Work at OHIO

In addition to patching, university-owned and managed devices must meet the requirements defined in the Secure Computer Management Standard. These requirements include configuration of encryption, firewall, and other endpoint protection mechanisms. That is a lot to manage! Fortunately, if you have a university-managed device, these configurations are already managed by OHIO IT. Using a university-managed device ensures that university data remains safe and alleviates the burden of device management from all employees.

There are other requirements for devices that are not managed by ������Ƶ but are still used for university work. These devices may include self-managed university-owned devices or personally-owned devices. It is important to understand the responsibilities of the department and employee when an alternative device is being used for university work. Specific requirements for each device type are defined in the . In either alternate device scenario, data classified as high criticality is not permitted to be stored, processed, or transmitted. Additionally, the devices must continue to comply with university policy, and endpoint security controls must be applied and remain up to date.

A preferred method for accessing sensitive data and performing university work is through ������Ƶ’s . The VDI service provides a web-based interface with authenticated access to OHIO resources and securely stores, processes, and transmits sensitive data within OHIO’s virtualized computing infrastructure.

Contact Us

For more information regarding patching, secure endpoint management, and beyond, contact the ������Ƶ Information Security Office.

����������: security@ohio.edu &�Բ�����;
Website:  
Phone: 740-566-7233