A patch management process lays out the steps associated with updating software and hardware. Every patch management process shares a few core similarities, but with so many tools for managing patching in so many different kinds of setups, no two IT teams’ patch management processes look alike. What does your patch management process look like? Are you always ahead of the game and ready to patch on time, or are you usually behind schedule and not sure where you’re getting stuck?

This blog will be the first in a three-part blog series where we explore the benefits of the GitOps practice, how to get the most from GitOps, and how to measure and maintain success. Here is what you can expect from the series: Let’s start at the very beginning — what is GitOps? If you want to start to build a single source of truth for both your code and your infrastructure, if you want to ensure your deployments are automated and reliable, you’ll want to know GitOps.

Configuring virtual machines (VMs) is an important task for any organization. Users across departments depend on sysadmins, engineers, and the rest of the IT ops and infrastructure teams to get VMs secured and ready to use, whether you’re spinning one up for a quick test, a new database server, or standing up a whole fleet of dev-ready machines. That need for variability AND consistency can also make VM configuration one of the most tedious sysadmin tasks, especially at enterprise scale.

As a part of Perforce, we are committed to maintaining the highest standards of security for our products and our customers. Recently, we had the opportunity to further strengthen our security practices thanks to valuable input from an independent security researcher. This experience has not only reinforced our robust security protocols but also provided insights that we're eager to share with the wider tech community.

The consequences of not patching are everywhere: remember the Log4j vulnerability that grants hackers complete access to your devices? The best way to prevent this from happening is to use a patched version of Log4j — so why did this become a catastrophic and prolific security vulnerability event? A: Because people hate, forget, or simply dismiss patching as a labor-intensive part of managing their infrastructure.

Computing environments are more dynamic, distributed, and complex than ever. Observability tools help collect, monitor, and interpret the data they generate — like logs, metrics, and traces — to give IT teams and leaders real-time insights that can help detect issues, troubleshoot solutions, and improve the reliability of their IT systems. But observability tools can’t do their job without a strong infrastructure foundation and the right tools to manage it.

Continuous compliance and risk management can help keep your organization safe as the threat landscape changes and expands each year. The IT operations team is no longer just responsible for a few machines; they are managing complex environments that span across technologies, across teams, and at scale. They're expected to work fast while simultaneously considering the often-conflicting requirements of cost, compliance, and even workforce skills gaps.

When’s the last time you did something without knowing how it could turn out? Surprises can add a little excitement to your day-to-day, but one place they’re not really welcome is in infrastructure code. That’s why we have change impact analysis, a method of predicting the effect one change can have on other parts of a system before you make it. Software change impact analysis, as you might imagine, assesses how changes to a piece of software can affect other parts of the same system.

CIS Benchmarks are important for security and compliance. In this blog, you'll get an overview, plus learn how to enforce CIS Benchmarks with Puppet.

Security is and will always be a huge concern, and Platform Engineering is here to stay: so, what are some Platform Engineering best practices that can support your data security and privacy efforts? You’d be surprised where they overlap, and what you can learn about putting security and productivity together — we’ll explain.