Undocumented changes by IT teams put systems at risk of downtime and security violations
- Published: Thursday, 23 April 2015 07:36
The Netwrix 2015 State of IT Changes Survey has revealed that nearly 70 percent of organizations continue to make undocumented changes and only 50 percent audit their IT infrastructures. Undocumented changes pose a threat to business continuity and the integrity of sensitive data. The survey also shows that 67 percent of companies suffer from service downtime due to unauthorised or incorrect changes to system configurations and the worst offenders are large enterprises in 73 percent of cases.
Security-wise, the overwhelming majority of organizations claim to have never made a change that turned out to be the root cause of a security breach. However, given that the majority of companies make undocumented changes and only half of them have auditing processes in place - instead relying on looking through native logs manually – their ability to prove this is questionable. What is certain is that many organizations remain in the dark about what is going on across their IT infrastructures and are not able to detect a security violation until a data breach is officially revealed.
Despite the fact that companies still have shortcomings in their change management policies, the overall results of the 2015 survey show a positive trend. More organizations have changed their approach to changes and have made some effort to establish auditing processes to achieve visibility into their IT infrastructures.
The key survey findings show that of the respondents:
- 80 percent of organizations continue to claim they document changes; however the number of companies that make undocumented changes has reached 70 percent. The frequency of those changes has also increased.
- 58 percent of small companies have started to track changes despite the lack of change management controls, against 30 percent last year.
- Change auditing technology continues to capture the market, as 52 percent of organizations have established change auditing controls, compared to 38 percent last year. Today, 75 percent of enterprises (52 percent in 2014) have established change auditing processes to monitor their IT infrastructures.
- Organizations opt for several methods of change auditing. 60 percent of SMBs traditionally choose manual monitoring of native logs, whereas 65 percent of enterprises deploy automated auditing solutions.
- Due to established change management controls, more thorough documentation and automated auditing processes, the number of enterprises who managed to find which changes were a root cause of security incidents has doubled since 2014 to 33 percent.
To download a complete copy of the Netwrix 2015 State of IT Changes report, please visit http://www.netwrix.com/netwrix_researches_for_it_pros.html