More than Half of IT Workers Make Undocumented System Changes
Frequent IT system changes without documentation or audit processes can cause system downtime and security breaches from internal and external threats, while decreasing overall operational efficiency. Yet, a new survey has revealed that a majority of IT professionals have made undocumented changes to their IT systems that no one else knows about.
The survey
from Netwrix shows that while a full 57% have undertaken those
untracked changes, it’s especially worrying because of the frequency
with which they occur. About half (52%) of respondents said that they
make changes that impact system downtime daily or weekly. And 40% make
changes that impact security daily or weekly. Interestingly, more highly
regulated industries are making changes that impact security more
often, including healthcare (44%) and financial (46%).
“This data reveals that IT organizations are regularly making undocumented changes that impact system availability and security,” said Michael Fimin, CEO at Netwrix, in a statement. “This is a risky practice that may jeopardize the security and performance of their business. IT managers and CIOs need to evaluate the addition of change auditing to their change management processes. This will enable them to ensure that all changes – both documented and undocumented – are tracked so that answers can be quickly found in the event of a security breach or service outage.”
But even so, as many as 40% of organizations don’t have formal IT change management controls in place at all. And 62% said that they have little or no real ability to audit the changes they make, revealing serious gaps in meeting security best practice and compliance objectives.
Just 23% have an auditing process or change auditing solution in place to validate changes are being entered into a change management solution.
Given the prevalence of changes, this lack of change management is creating a dangerous environment for enterprises. The survey found that 65% have made changes that caused services to stop, and 39% have made a change that was the root cause of a security breach.
“With roughly 90% of outages being caused by failed changes, visibility into IT infrastructure changes is critical to maintaining a stable environment,” said David Monahan, research director for security and risk management at Enterprise Management Associates, in a statement. “Change auditing is also foundational to security and compliance requirements. Auditing changes in enterprise class environments requires the ability to get a high-level strategic view without sacrificing the tactical system level detail and insight extended throughout the whole system stack.”
“This data reveals that IT organizations are regularly making undocumented changes that impact system availability and security,” said Michael Fimin, CEO at Netwrix, in a statement. “This is a risky practice that may jeopardize the security and performance of their business. IT managers and CIOs need to evaluate the addition of change auditing to their change management processes. This will enable them to ensure that all changes – both documented and undocumented – are tracked so that answers can be quickly found in the event of a security breach or service outage.”
But even so, as many as 40% of organizations don’t have formal IT change management controls in place at all. And 62% said that they have little or no real ability to audit the changes they make, revealing serious gaps in meeting security best practice and compliance objectives.
Just 23% have an auditing process or change auditing solution in place to validate changes are being entered into a change management solution.
Given the prevalence of changes, this lack of change management is creating a dangerous environment for enterprises. The survey found that 65% have made changes that caused services to stop, and 39% have made a change that was the root cause of a security breach.
“With roughly 90% of outages being caused by failed changes, visibility into IT infrastructure changes is critical to maintaining a stable environment,” said David Monahan, research director for security and risk management at Enterprise Management Associates, in a statement. “Change auditing is also foundational to security and compliance requirements. Auditing changes in enterprise class environments requires the ability to get a high-level strategic view without sacrificing the tactical system level detail and insight extended throughout the whole system stack.”
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.