Virgin Atlantic airline takes off with patch management

Established in 1984 with one plane, Virgin Atlantic Airways is now Britain's second-largest airline operating long-haul services out of London Heathrow and Gatwick airports and flies to 22 destinations worldwide with a fleet of 29 aircraft.

Virgin Atlantic is headquartered in Crawley, near Gatwick airport in London, and has offices in the US, Caribbean, South Africa, Hong Kong, Tokyo, Shanghai, Delhi and Lagos.

Virgin Atlantic is also the third-largest airline to carry across the North Atlantic. The airline has enjoyed tremendous popularity, winning top business consumer trade awards from around the world. The airline has pioneered a range of innovations, setting new standards of service, which competitors have subsequently sought to follow. Despite Virgin Atlantic's growth, the airline remains customer-driven with an emphasis on value for money, quality, fun and innovation.

While the primary focus in the aviation industry since 9/11 has been on making it more difficult for hijackers to take over an airplane and use it as a weapon, IT departments have been busy hardening their systems, making them much less visible to attackers. Their main concern and responsibility is protecting the data security and integrity of their networked infrastructure.

This responsibility has become increasingly more daunting since commercial software applications are far more complex today than they were 10 years ago. For example, Windows 2000 contains more than 50 million lines of code, with no one the wiser.

Matt Harding, senior support analyst, who works in the IT Systems Operations Department at Virgin Atlantic, implemented Lumension Security's PatchLink Update in February 2004 after Microsoft began releasing monthly patch updates on the first Tuesday of each month. PatchLink Update aggregates and automatically distributes and installs patches and software updates for multiple computing platforms, easing the burden of addressing increased patches by vendors such as Microsoft.

Among its many features, PatchLink Update has highly distributed architecture, which uses standard protocols such as HTTP. Other features such as versatile patch compliancy functionality give systems administrators the ability to assess patch status by groups of computers and application of severity, easing the workload of administrators within the IT department.

“Patching 4 000 machines manually takes far too much time within busy IT departments, as you can imagine,” says Harding.

“PatchLink Update also provides us with the ability to know what resides on each server and desktop within our network, which is especially helpful.”

“Upon evaluating the patch and vulnerability management software product through Lumension Security's UK distributor, TCL Group, we found that having a policy-based solution enables our company's systems administrators to enforce the security setting and minimise the patches according to company standards,” adds Harding.

According to Harding: “Our experience with PatchLink Update is that it is easy to install and also easy to use. The savings we experience in terms of reduced labour, together with knowing that our systems are less vulnerable and better protected, makes us more confident and satisfied with our selection of PatchLink Update.”