How To Prevent Hosted Cloud Services from Increasing Patch Vulnerability

Implementing hosted cloud services into one’s enterprise is a huge win for any business, especially those in the data-driven financial sector. However, Champion often sees a key caveat to hosted cloud service migrations: These efforts by and large do not take into account the level of patching the hosted service is running on, especially when the service is shared across multiple businesses with differing service requirements. When the shared hosted service is unpatched, it leaves itself in an elevated risk of exploitation.

Once you have identified that a hosted service is unpatched, it is time to take action. What I recommend to financial clients is the implementation of an all-encompassing tool that goes beyond simply identifying a vulnerable, unpatched cloud host. By using a more complex tool, you will be able to analyze and take immediate and automatic action when a vulnerability due to missing patches is identified via continuous monitoring. For this task, I turn to BigFix.

Monitoring Hosted Services

BigFix covers all of the basics: monitoring, identifying and analyzing, and taking actions based on what the first two steps find. The first question that people ask me is, “How is this possible, given the unlikelihood that a shared, hosted application will have or allow us to run the BigFix agent on hosted application servers?” The beauty of BigFix is that it can monitor both agented and non-agented systems, whether or not they are hard wired on an organization’s network, over VPN, or if they are cloud-based devices. This means that any devices an organization wants to include within its patch management security scope will be subjected to continuous policy monitoring by BigFix to ensure that all devices meet specified compliance levels.

For those of you in the regulatory-rich financial industry, this is especially important. The clients for whom I have integrated a BigFix patch management environment have shown marked improvements in maintaining the patching side of established security postures. Adding more to the richness of BigFix patch management, the out-of-box reporting of compliance status is provided in real-time. These reports are easily viewed and illustrated in a robust, web-based dashboard, and can be quickly adjusted to include historical data. I am personally a fan of the historical data reporting, as it is a great aid in holding cloud service hosts responsible for correcting any vulnerabilities BigFix detects which fall outside of an organization’s allowed security policies.

Identifying And Analyzing Detected Vulnerabilities

Once BigFix patch management monitoring has been set up and is running, most of the heavy lifting has been completed. At this point a business is seeing every missing patch that a hosted application needs, and has the documentation to go along with it thanks to the previously mentioned BigFix dashboard and reporting capabilities. But sometimes this isn’t quite enough, especially for those of you in the financial industry who need to adhere to certain PCI requirements.

Time and time again, I have watched system administrators chase down vulnerabilities that do not apply to their systems, especially in terms of hosted applications. BigFix is geared to prevent administrators from chasing ghosts in the cloud by automatically analyzing the statuses of the devices being monitored by using IBM’s Fixlet® technology, which works to reduce the number of false positives. This greatly improves patching remediation response times throughout an organization, and makes vulnerability remediation an efficient and automated process.

Additionally, BigFix can automatically escalate or de-escalate pending patches based on the rules that are set. This allows a financial institution’s IT security staff to quickly bring to a close any regulatory violating vulnerability incident while the entire process is monitored via closed loop verification. And, as vulnerability identification and analysis takes place on the device itself, any patching of vulnerabilities will have a very limited impact on an organization’s network bandwidth.

BigFix Is The Ultimate Self-Starter

The really big win for using BigFix for hosted cloud vulnerability detection and patch management comes in its ability to resolve issues in real-time without the need to await a response from an administrator. This means that any vulnerability detected from managed, unmanaged or hosted environments will be remediated and will generate alerts and reporting of all activities, including notifications of when remediations have successfully been completed and validated.

BigFix offers a central point from which organizations ensure all internal endpoints—as well as cloud-based devices and applications—remain up to date in regards to patching provides a bonus for businesses in the financial sector, as well as for others needing to comply with PCI requirements.

Take Control Of Hosted Application Vulnerabilities

In utilizing BigFix as a central, one–stop tool for patching detected vulnerabilities, financial organizations ensure security compliance of internal devices as well as hosted cloud applications. Champion will guide financial institutions through this process so that your business can move into the shared services arena with ease.


IBM and SAP's S/4HANA are Transforming How Enterprise Businesses Function


Close IoT Security Gaps with Windows 10’s UEFI


Erick Bacallao joined Champion Solutions Group in 2015 after a career of Software Development in Cuba at the National Cancer Care Institute of Cuba, followed by moving to the States with allAware.


Champion acquired allAware and its properties and Erick has utilized his extensive background and expertise in IT and Software Development to rise to VP of Product Development in less than 5 years. During this time, Erick has been involved with key projects that led to the launch of numerous products including CSP Boss, Inscape platform and 365 Productivity Insights.


Erick has a Bachelor of Science in Computer Science from the University of Havana. He won Gold Medals for Programming from the Ministry of Education in Cuba, and he is certainly still a Gold Medalist for Champion!


As President and CEO, Chris is responsible for the development of key strategic alliances and solution portfolio. He leads Champion’s go-to market and execution strategies for integrated offerings in the cloud, in security, and in digital infrastructure, always focusing on improving the customer experience and driving transformative business outcomes.


He also aligns key partner initiatives with company strategy and oversees corporate marketing and messaging to gain mindshare with customers and partners. It’s his vision and innovativeness that have catapulted Champion up the ranks to become a $100M+ organization—and one of the most respected solution providers in the industry.


Over the past two decades, Chris has also focused on mergers and acquisitions, as well as innovative product development. He is the original founder and an active member on the Board of Managed Maintenance, Inc., a SAAS provider and consulting firm that utilizes their award-winning One-View Portal to help the IT Channel and its customers manage their IT Maintenance.


Chris is also the original founder and chief strategist behind one of the original storage cloud providers, Storage Access / BluePoint. During the course of a few short years, he had raised $20M and took that company public on the Toronto Stock Exchange. It has since been acquired by Pomeroy.


In 2012, Chris led the acquisition of MessageOps and continued the product development and worldwide launch of its premier SAAS, 365 Command. Built on Microsoft Azure, 365 Command is currently managing over 1 million seats of Microsoft’s Office 365. After achieving this phenomenal milestone, 365 Command and other MessageOps O365 utilities were sold to Kaseya.


Over the past 35 years, Chris as worked tirelessly to not only advance his own career, but those of his employees. In addition to leading a $100M organization, Chris can also be found sitting with sales teams, cold calling and coaching, and validating why Champion has been listed on Best Places to Work by both South Florida Business Journal and Computerworld.

Ultimately, the success garnered by Champion Solutions Group, its associated companies, and their employees is due in large part to the leadership of its President and CEO. Perhaps the most fitting award Chris has earned is South Florida Business Journal’s 2013 Ultimate CEO Award.