Survey shows configuration management is critical but organizations aren’t investing in it

Shavlik Technologies announced results of a survey the company recently conducted with responses from over 435 IT operations and security specialists. The survey illustrates that configuration management is considered a critical to perform IT task, but organizations aren’t necessarily investing in best practices to support it.

The survey results showed that 87 percent of IT managers believe that configuration management is an important part of their overall security program, but only 52 percent regularly audit their configurations. Only 9.6 percent of respondents have automated solutions for this repetitive, complex, error prone, and time consuming task.

90% of survey respondents admit that their current configuration management processes are either manual or only semi-automated, using a combination of tools and scripts to maintain the environment. Most respondents reported they lack solutions that automate identifying mis-configured systems and bringing those errant systems back into conformance; relying instead on manual processes to close the gaps.

These approaches are becoming unacceptable in today’s environments where IT resources are shrinking but the demands to prove security best practices and policy conformance are increasing. As one respondent put it, “Both human process failures and system update failures create the need to validate and ensure critical configurations remain consistent in the environment. This action improves the overall system security and reliability.”