More than half of IT professionals make undocumented changes to IT systems

Just 60% of organisations have Change Management Controls in place, leaving 40% at risk from security threats or system downtime.

Netwrix has released results of a new survey, which finds that a majority, 57%, of IT professionals have made undocumented changes to their IT systems that no one else knows about; while as many as 40% of organisations don’t have formal IT change management controls in place. Frequent system changes without documentation or audit processes can cause system downtime and security breaches from internal and external threats, while decreasing overall operational efficiency.


The Netwrix survey, ‘2014 State of IT Changes’, collected data from 577 IT professionals in organisations across multiple industries and range of sizes. Key study findings show that of the respondents:
· 65% have made changes that caused services to stop
· 52% make changes that impact system downtime daily or weekly
· 39% have made a change that was the root cause of a security breach
· 40% make changes that impact security daily or weekly. Interestingly, industries with higher regulations are making changes that impact security more often, including healthcare (44%) and financial (46%).
· 62% have little or no real ability to audit the changes they make, revealing serious gaps in meeting security best practice and compliance objectives
· Just 23% have an auditing process or change auditing solution in place to validate changes are being entered into a change management solution


“This data reveals that IT organisations are regularly making undocumented changes that impact system availability and security,” said Michael Fimin, CEO, Netwrix. “This is a risky practice that may jeopardize the security and performance of their business. IT managers and CIOs need to evaluate the addition of change auditing to their change management processes. This will enable them to ensure that all changes – both documented and undocumented – are tracked so that answers can be quickly found in the event of a security breach or service outage.”


“With roughly 90% of outages being caused by failed changes, visibility into IT infrastructure changes is critical to maintaining a stable environment. Change auditing is also foundational to security and compliance requirements,” said David Monahan, Research Director, Security and Risk Management, Enterprise Management Associates, a leading analyst and consulting firm. “Auditing changes in enterprise class environments requires the ability to get a high level strategic view without sacrificing the tactical system level detail and insight extended throughout the whole system stack. Netwrix Auditor excels at acquiring information from a broad coverage of Windows and ESX based systems, including systems that don’t generate native audit trails. The product collects alerts in a non-intrusive way providing insights to those changes with a consolidated reporting engine.”

 

Exos X20 and IronWolf Pro 20TB CMR-based HDDs help organizations maximize the value of data.
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Infinidat has achieved significant milestones in an aggressive expansion of its channel...
Collaboration will safeguard HPC storage systems and customer data with Panasas hardware-based...
Peraton, a leading mission capability integrator and transformative enterprise IT provider, has...
Helping customers plan for software failure, data loss and downtime.
Cloud Computing and Disaster Recovery specialist, virtualDCS has been named as the first UK-based...
SharePlex 10.1.2 enables customers to move data in near real-time to MySQL and PostgreSQL.