2 out of 3 IT pros put systems at risk by making undocumented changes
The Netwrix 2015 State of IT Changes Survey of more than 700 IT professionals across 40 industries found that 70% of companies forget about documenting changes, up from 57% last year. Most surprisingly, the number of large enterprises that make undocumented changes has increased by 20% to 66%, the results of the survey released at RSA Conference 2015 have shown.
Undocumented changes pose a threat to business continuity and the integrity of sensitive data. The survey shows that 67% of companies suffer from service downtime due to unauthorised or incorrect changes to system configurations and the worst offenders are large enterprises in 73% of cases.
Security-wise, the overwhelming majority of organisations claim to have never made a change that turned out to be the root cause of a security breach. However, given that the majority of companies make undocumented changes and only half of them have auditing processes in place – instead relying on looking through native logs manually – their ability to prove this is questionable. What is certain is that many organisations remain in the dark about what is going on across their IT infrastructures and are not able to detect a security violation until a data breach is officially revealed.
Despite the fact that companies still have shortcomings in their change management policies, the overall results of the 2015 survey show a positive trend. More organisations have changed their approach to changes and have made some effort to establish auditing processes to achieve visibility into their IT infrastructures. The key survey findings show that of the respondents:
- 80% of organisations continue to claim they document changes; however the number of companies that make undocumented changes has reached 70%. The frequency of those changes has also increased.
- 58% of small companies have started to track changes despite the lack of change management controls, against 30% last year.
- Change auditing technology continues to capture the market, as 52% of organisations have established change auditing controls, compared to 38% last year. Today, 75% of enterprises (52% in 2014) have established change auditing processes to monitor their IT infrastructures.
- Organisations opt for several methods of change auditing. 60% of SMBs traditionally choose manual monitoring of native logs, whereas 65% of enterprises deploy automated auditing solutions.
Due to established change management controls, more thorough documentation and automated auditing processes, the number of enterprises who managed to find which changes were a root cause of security incidents has doubled since 2014 to 33%.
“As with years past, errors made by internal staff, especially system administrators, who were the prime actors in over 60% of incidents, represent a significant volume of breaches and records,” stated the Verizon 2015 Data Breach Investigations Report. “Understand where goofs, gaffes, fat fingers, etc., can affect sensitive data. Track how often incidents related to human error occur. Measure effectiveness of current and future controls, and establish an acceptable level of risk you are willing to live with, because human fallacy is with us to stay.”
“Human factor is the key to informational security and its pain point at the same time,” said Alex Vovk, president and co-founder of Netwrix. “No matter how advanced the security policy is, people still make mistakes and from time to time misbehave, putting overall system security and business continuity at risk. In this case, automated auditing processes can help companies keep their IT systems under control and make sure that any deliberate or accidental changes will be detected and addressed properly to eliminate the risk of a data breach.”