An alarming trend among large enterprises that poses a major security risk has been revealed by a new survey from Netwrix Corporation. The company queried 700 IT professionals from more than 40 industries and discovered that 70 percent of organizations simply forget about documenting changes, up a whopping 57 percent from last year.
When it comes to change and configuration management, these companies are dropping the ball in a major way. The 2015 State of IT Changes Survey from Netwrix reveals the number or enterprises making undocumented changes is on the rise overall, jumping from just 20 percent to 66 percent. System-wide changes made without proper documentation not only open large enterprises to security risks, but can also cause serious downtime. In fact, the survey reveals 67 percent of those businesses queried experienced service downtime as a result of unauthorized or incorrect changes made to system configurations.
"Human factor is the key to informational security and its pain point at the same time," said Alex Vovk, president and co-founder of Netwrix. "No matter how advanced the security policy is, people still make mistakes and from time to time misbehave, putting overall system security and business continuity at risk. In this case, automated auditing processes can help companies keep their IT systems under control and make sure that any deliberate or accidental changes will be detected and addressed properly to eliminate the risk of a data breach."
Netwrix specializes in change and configuration solutions, providing complete visibility into changes made throughout an entire IT landscape. This type of transparency can prove critical in preventing security breaches. While the companies queried for the survey claim that undocumented system changes have never been the root cause of a security breach, it can’t be ruled out. And only half the companies surveyed have auditing processes in place, relying on manual log scans should an undocumented change go wrong.
In more positive findings, Netwrix revealed that 80 percent of organizations do claim to document changes, while 58 percent of small companies also track changes, up from 30 percent last year. And 52 percent of companies queried are using change auditing technology, while 75 percent have established change auditing processes in place.