Vodacom is a leading African communications company providing a wide range of services, including mobile voice, messaging, data, financial, and converged services to 116 million customers. Vodacom is majority owned by Vodafone, one of the world’s largest communications companies by revenue.
Manual Vulnerability Patching Costs $200,000 Each Month
A large corporation such as Vodacom will typically have a diverse IT environment that encompasses different operating systems. All of these will have backends to applications, both home-grown and commercial, and databases. The architecture will likely be organized in clusters with high availability (HA) failover capability for disaster recovery purposes and to minimize impact of outages. Keeping an environment like that up to date, fully patched, and compliant with the latest guidelines is a full-time job, as Tony Raphael, Senior Specialist Monitoring & Alerting for Vodacom, explains: “Our team were spreadsheet masters and became experts at planning and executing new patches. Simplify and automate were new buzzwords for us, but in our case they were very applicable. We established that manual vulnerability patching was taking over 2,000 man hours each month, at a cost of over $200,000. That was a good incentive for us to look at alternative options.”
Market research revealed a few suitable options and Mr. Raphael and his team worked to select an environment against which a proof of value could be run. This was a truly diverse clustered environment, comprising 100 servers, including Oracle and Microsoft SQL databases, and a combination of Windows, Linux, and AIX operating systems. It included failover capabilities as well as HA configurations. The team mapped a workflow to depict the human steps involved in a typical patch scenario to show how this could be automated without needing to change existing processes.
DCA Eliminates Manual Work with Fully Automated Patch Management
Micro Focus Data Center Automation (DCA) was the only solution able to meet all criteria, according to Mr. Raphael: “DCA gave us orchestrated workflows to run patch scans and remediation actions according to our maintenance windows. Once DCA was fully implemented, our team members could focus on monitoring activities instead of manual patching.”
Easy Engagement and Accountability for Business Users
Each application owner can determine whether remediating and patching is done automatically or whether they keep control with a simple button click. DCA includes Micro Focus Server Automation for software deployment, configuration management and auditing. Vodacom was impressed with its policy-based patch and software deployment features as well as its ability to automatically remediate any detected vulnerabilities. “The business flagged an issue with one of our applications which wasn’t reporting effectively,” comments Raphael. “We used Server Automation and its on-demand audit reporting, gave the users training and access to Server Automation, and they were completely self-sufficient with it.”