A new report reveals that more than half of all IT pros (57%) admit to making undocumented changes to their organization’s IT systems that remain unreported, putting networks at risk of system downtime, decreased operational efficiency, and increase the risk of serious security breaches.
“With roughly 90% of outages being caused by failed changes, visibility into IT infrastructure changes is critical to maintaining a stable environment. Change auditing is also foundational to security and compliance requirements,” said David Monahan, Research Director for Enterprise Management Associates.
Key findings from the survey of 577 IT professionals include:
- 65% have made changes that caused services to stop
- 52% make changes that impact system downtime daily or weekly
- 39% have made a change that was the root cause of a security breach
- 40% make changes that impact security daily or weekly. Interestingly, industries with higher regulations are making changes that impact security more often, including healthcare (44%) and financial (46%).
- 62% have little or no real ability to audit the changes they make, revealing serious gaps in meeting security best practice and compliance objectives
- Just 23% have an auditing process or change auditing solution in place to validate changes are being entered into a change management solution.
Compounding the problem of undocumented changes to systems is that survey respondents indicated that nearly 40% of the organizations they serve do not have any formal IT change management controls.
“This data reveals that IT organizations are regularly making undocumented changes that impact system availability and security, This is a risky practice that may jeopardize the security and performance of their business,” said Michael Fimin, CEO, Netwrix.
“IT managers and CIOs need to evaluate the addition of change auditing to their change management processes. This will enable them to ensure that all changes – both documented and undocumented – are tracked so that answers can be quickly found in the event of a security breach or service outage.”
Read More Here…