All too often, a failed change within a company's IT infrastructure leads to disastrous consequences. While some of the worst case scenarios involve the leaking of sensitive company or customer information and compromised security systems, roughly 90 percent of all network outages are caused by a failed change. That said, it would stand to reason that most IT professionals keep strict logs of the changes they make on the network for clear visibility of what went wrong... right? Quite contrarily, a recent study by Netwrix revealed that more than half of professionals in the IT field make undocumented changes without telling anyone.
The survey (available here) asked nearly 600 IT professionals working in businesses ranging from SMBs to full-fledged enterprises several questions besides whether or not they documented changes, including how often they made such changes as well as if the changes had any negative efect. Unfortunately, 57 percent of them said that they made changes without documentation. In fact, only 38 percent of the respondents said that their organization admitted to having a system in place that audits changes. Further questioning found that several members of this group felt that simply having the ability to log data was good enough.
According to Netwrix CEO Michael Fimin, “This data reveals that IT organizations are regularly making undocumented changes that impact system availability and security.” Indeed, these types of changes reduce the visibility of changes, as well as the organization's ability to fix problems that arise due to them. “This is a risky practice that may jeopardize the security and performance of their business. IT managers and CIOs need to evaluate the addition of change auditing to their change management processes,” Fimin continues. “This will enable them to ensure that all changes – both documented and undocumented – are tracked so that answers can be quickly found in the event of a security breach or service outage.”