Choose your language:

Hong Kong
New Zealand
United Kingdom
United States

Building a Patch Management Foundation for a Large Financial Services Organization


Download PDF

A large financial services institution required support on its patch management initiative. TEKsystems provided foundational support in building out the client’s patch management and software currency program to enable the client to achieve regulatory and government compliance and mitigate potential security breaches.

Client Profile

The client is a large diversified financial services institution that provides consumer and small business banking; wealth, asset and investment management; residential mortgage banking; and specialized financial services for corporations and government agencies. TEKsystems has had a business relationship with the financial institution for several years.

Technologies Supported

BMC BladeLogic, Oracle Exadata, Oracle Solaris, Red Hat Enterprise Linux, Windows

Industry Landscape

Preserving the confidentiality of personally identifiable information (PII), or any information that can be used to distinguish or trace an individual’s identity1, is critical to maintaining public and customer trust and safety, and remaining compliant with government and regulatory requirements. In industries with access to customers’ PII, such as banking and financial services or healthcare, the stakes are high and the regulatory policies are constantly evolving. Organizations cannot be complacent. Potential data breaches have the ability to not only damage a company’s reputation, public trust and future sales, but also incur legal consequences and significant remediation costs.

Patch management is a common IT practice that helps organizations maintain secure environments and prevent vulnerabilities by continuously updating to the latest version of operating systems and applications. A proper, smooth-running patch management process ensures seamless and continuous patching. But without a patching process already in place, the backlog of required patches can grow quickly. While automated patching can help keep the backlog low, organizations need to first establish a foundational patch management framework before introducing automation into their environments.

1 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)

Recommendations of the National Institute of Standards and Technology


Several years ago, the client, a large financial institution, merged with a very large bank. As to be expected when bringing two different worlds of technology, people and processes together, there were some growing pains from this merger. Meanwhile, the client continued to grow organically as well as through acquisition, buying several regional banks.

While the client continued to expand its footprint, their end customers remained a top priority. The client aimed to ensure customers had a consistent, high-quality experience regardless of location, retail branch or service provided. They did not want customers to notice any impact from the merger and acquisition activity. Yet during the growth process, technology—a critical component to organizations in the digital age, especially in the banking sector—fell to the wayside. Back-end network infrastructure, servers and registered data centers were not integrated into the enterprise as a whole, rather they were disjointed. As a result, some common IT processes and best practices were nonexistent—including patching.

Patching, or implementing computer program and software updates and fixes, is essential for keeping an environment secure and limiting or eliminating vulnerabilities. The client did not have a patch management program in place to proactively apply patches and bring systems up to current versions across the growing business. As a result, every software product within the organization was inconsistent and systems were out of date on many different servers.

As a financial institution with a vast amount of confidential data, the client was under intense pressure to meet federal regulatory standards. In order to keep customer information secure, prevent failure and improve recovery, the client needed to move their server environment to a new, cloud-based data center and establish a continuous patch management program. This would enable all systems to get updated seamlessly across the enterprise and ensure reporting, governance, controls and automation were consistent in the future.

But because patching is a rather manual, labor-intensive activity, the client lacked internal bandwidth to lay the groundwork for a patch management program. They not only had a significant patching backlog, but they also had a resource gap. They did not have the technical resources required to apply the patches nor manage the scheduling of patching and maintenance—which needed to happen during business downtime.

Support from an external IT staffing and services provider was required to establish a patch management foundation. And although there was no automated patching process yet, once the foundational framework for enterprise-wide patch management was in place, the client would be well-positioned to adopt a patch, configuration and compliance tool that would enable automated, faster and more efficient patching.


The client needed a third-party partner to assemble a flexible, scalable team that could implement the patching and set the foundation for future patch management. Their IT was disjointed and lacked consistent processes due to the large merger and continued growth. The partner of choice would need to consider how this growth impacts patching. There were several other key considerations that would need to be factored into the solution and delivery.

Key considerations

  • Resource requirements: The nature of patching is very manual and time-intensive. In addition to the right technical skills, the team would need to be detail-oriented, patient and consistent in their delivery. They would also need to be willing to work flexible hours, evenings and weekends included, so as not to disrupt regular business operations.
  • Time-to-productivity: Client management’s level of involvement in screening would be taking them away from other strategic priorities. Plus, expectations for rapid onboarding were high. The client wanted flexibility and scalability to onboard outside of their existing program using a vendor management system. The faster the patching team could be sourced, screened and onboarded, the faster those resources could address the growing backlog.
  • Location: The team would need to be physically located in the Pittsburgh and Cleveland markets. Ensuring consistent skills and quality of delivery across both locations was essential.
  • Co-employment concerns: Because this initiative would require one year of work, the client was concerned about the potential risk of co-employment among consultants. The partner of choice would need to mitigate this risk by closely monitoring consultants.

Our recommendation

TEKsystems’ Technology Deployment practice proposed delivering a managed services solution that would require approximately one year to implement. We would assemble a team of IT professionals with the required server support skill sets (e.g., Linux, Windows/Intel, Exadata, Solaris). The team would be on site at the client’s Pittsburgh and Cleveland locations. TEKsystems would take ownership of sourcing and screening the IT talent required, enabling the client to focus on other strategic priorities. We would provide delivery management and practice oversight of operational activities and deliverables.

Our implementation approach would involve three phases:

Phase 1: Onboarding (Week 1-2)

To initiate this engagement, we would hold a kick-off meeting with client stakeholders to define critical success factors and key performance indicators as well as establish reporting criteria. An on-site delivery manager and remote practice architect would lead technical and cultural screening as well as onboarding management. TEKsystems would deliver onboarding and financial reporting.

Phase 2: Knowledge Transfer and Integration )Week 3-6)

The delivery manager and practice architect would facilitate tools and process integration, as well as change and release management. We would perform knowledge management activities, including transferring knowledge to the client and TEKsystems’ IT professionals, establishing baseline reporting metrics and providing detailed financial reporting.

Phase 3: Steady State Support (Week 7 onward)

Our team would deliver patch and release management for the client’s core server infrastructure. We would develop knowledge base articles for future reference when patch management is handled in-house. With a focus on continual service improvement, we would report on KPIs, root causes/failures and detailed financial implications. To alleviate client concerns associated with co-employment, we would also manage our team from an HR perspective, freeing up the client from tasks such as performance management and time reporting.

Based on our recommended approach, the financial services institution selected TEKsystems to build a foundational program for patch management. Given our long-standing partnership, and as one of their top IT staffing partners, TEKsystems had proven our ability to recruit qualified IT professionals that were the right fit for their culture and business. We had also demonstrated the high quality of our IT services via several service engagements, including a Windows 7 migration and an application packaging initiative. Our excellent past performance gave the client peace of mind that we were the optimal partner for this initiative.


TEKsystems successfully implemented the first two phases of the patch management initiative, and we are currently providing steady state support, transitioning knowledge management back to the client. Initially, this project was slated to take 52 weeks, but has since extended to 65 weeks. Our support has encompassed the entire life cycle, giving the client a holistic view of cyber security across the client’s network.

Our team includes on-site delivery managers in Pittsburgh and Cleveland, a remote practice architect and a team of on-site IT professionals spread across the two locations. Specifically, we sourced and screened 13 highly technical server support engineers who are delivering patch and release management for the client’s core server infrastructure. The server support engineers provide technical expertise in systems administration in one or more products and servers, namely Linux, Windows/Intel, Exadata, Solaris and AIX.

The delivery manager worked with the practice architect to ensure continuous improvements. Under the managed services model, the delivery manager was responsible for interviewing, hiring, onboarding and training new hires; ongoing performance management and performance planning; retention strategies; and overall leadership and oversight of the day-to-day operations. The practice architect was responsible for quality and governance, and provided subject matter expertise in network infrastructure, IT Service Management, communications platforms, information security and support services. Our delivery manager and practice architect have remained consistent with providing practice oversight and ensuring operational activities and deliverables are met.

With our support, the client achieved the following key benefits:

  1. Enabled proactive workforce planning, including faster time to productivity among new resources 
  2. Reduced risk for co-employment through improved knowledge management
  3. Improved resource and delivery management, including increased accountability among product vendors that require patching (e.g., Linux, Windows) and consolidated reporting and billing
  4. Strengthened oversight for the entire program by simplifying budget, accountability and resource levels
  5. Increased speed of screening and onboarding processes while ensuring consistent skills and consistent quality were delivered

We continue to hold weekly status meetings with the client to ensure the project remains on track. As a managed services approach, we have scaled and flexed the team as the project needs have evolved—including extending the duration of our support. To optimize our delivery support and lower the client’s total cost of ownership, we continue to provide the following deliverables:

  • Resource pools report: Provides resource and onboarding metrics, such as time between request for resources to resource start date, current compliance status, and historical information on technology screening and interviews; this report helps the client more effectively plan their workforce, eliminate co-employment risks and anticipate future team needs
  • Financial report: Provides detailed information on project spending, such as overall project cost by week and labor tracking by individual to keep the project on track from a financial standpoint
  • Weekly status report: Keeps the client informed and involved by providing an overview of weekly project updates, updates pertaining to specific technology areas, any open issues, upcoming actions planned and any reminders

Our patch management support has helped the client reduce the backlog of patches; integrate their back-end network infrastructure enterprise-wide; adhere to regulatory compliance; and strengthen information security. To prevent a cumbersome patching backlog from accumulating in the future, our support provided a foundational framework for the client to adopt a server automation, configuration and compliance tool. Specifically, they plan to implement BladeLogic which will enable automated, faster and more efficient patching.

Open Communication

Maintaining effective and open communication with project stakeholders—from the client-side and among the TEKsystems team—was critical to our success with this patch management initiative. To cultivate an ongoing dialogue, we kept the client managers and leadership informed of project status and updates on a weekly basis; this enabled the client to monitor our performance and establish a feedback loop. Whether off site or on the ground in Pittsburgh or Cleveland, the TEKsystems team worked to ensure effective collaboration. We used various tools for real-time communication, screen sharing and exchanging files, such as Sametime® messenger tool and WebEx. This enabled us to not only keep the lines of communication open for the client, but also ensured our team was aligned and delivering consistent support.

Local and Practice-based Expertise

With offices across the U.S., TEKsystems understands the IT market on a localized level. Our in-depth knowledge of local labor markets, including Pittsburgh and Cleveland metropolitan areas, enabled us to source and attract the technical support engineers the client needed for this patching initiative. Along with our local market knowledge, our practice-specific expertise strengthened our ability to screen talent to ensure they met the skill requirements and culture. For example, we increased the speed of screening and onboarding processes by working with recruiters at two of TEKsystems’ local offices to source qualified talent, and a network services practice architect to perform the technical screening activities of each potential candidate.

Client Understanding

As one of the client’s top IT staffing providers, TEKsystems has been engaged on numerous projects and delivered IT professionals with a range of skill sets, such as development, architecture, network administration, business analysis and project management. Beyond staff augmentation projects, our people have also delivered high-quality IT services prior to this engagement. Over the years of our partnership, TEKsystems continues to strengthen our understanding of their business culture and work environment. This enables us to find only the best-fit people who not only meet skill demands but are also a good fit culturally.

Send Us a Message
Choose one