Majority Admit Making Undocumented Network Changes
The 2015 State of IT Changes Survey (PDF) reveals that more than two-out-of-three IT professionals are failing to document changes made to networks, putting critical systems at risk of unnecessary downtime, impacting business continuity, and exposing sensitive information to risk of compromise.
The survey of over 700 IT professionals across nearly four-dozen industries found that 70% say they do not document all configuration changes – up from 57% in 2014 – with the number of large enterprises failing to document increasing by one-fifth to 66%. The survey also found that two-thirds of companies acknowledge experiencing downtime due to unauthorized or incorrect changes to system configurations, with enterprises comprising as many as 73% of cases.
“Security-wise, the overwhelming majority of organizations claim to have never made a change that turned out to be the root cause of a breach. However, given that the majority of companies make undocumented changes and only half of them have auditing processes in place – instead relying on looking through native logs manually – their ability to prove the security of their systems is questionable,” the researchers noted.
“What seems to be true is that many organizations remain in the dark about what is going on across their IT infrastructures and are not able to detect a security violation until a data breach is officially revealed.”On the upside, the overall results of the survey show a positive trend by organizations to establish better auditing processes to gain more visibility into their IT infrastructure.