Power Tools
Scott Meyer
Mgr., Architecture and Integration Services
Progress Energy
Raleigh, N.C.
www.progress-energy.com
MANAGER’S PROFILE: Oversees information-technology infrastructure for the utility, which had $9.8 billion in revenue last year.
PATCH(Y) PROCESS: Until earlier this year, Progress used IBM’s Tivoli software and Microsoft’s Software Update Services to distribute and apply patches. But Meyer says the process was ad hoc, because the tools couldn’t track which machines had been successfully updated. “It was hit or miss,” he says.
HIS PROJECT: As part of formalizing and speeding up the patch process, Meyer’s team picked BigFix’s software in the fall of 2004 and rolled it out by April.
FULL OF HOLES: To Meyer’s surprise, BigFix reported that nearly every machine in the company needed some kind of critical update or other security configuration change: “That was shocking, because we’d spent two years refining our patch process.”
TURNAROUND TIME: By automating patch management, Meyer expects Progress to save at least $250,000 per year in labor costs. He won’t disclose what the BigFix project cost but says the company will get payback in less than 12 months. Also, his team can now test and deploy critical patches within 48 hours of their release, a target mandated by Progress’ nuclear energy unit.
CHECK THAT: Meyer says one major hurdle was enlisting the company’s application developers to test patches for potential conflicts in a timely manner, before the patches are blasted to 13,000 desktops and 800 Windows servers. He established a team that analyzes a vulnerability and assesses the risk it poses to Progress’ installed base of applications, and then determines whether to pull the trigger. “For us, the biggest thing was not implementing a technology,” Meyer says. “It was getting our people and processes aligned.” —T.S.
