Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Research: IT system changes that no one knows about endanger companies

Antony Savvas | April 23, 2014
More than half of IT professionals make undocumented changes to corporate IT systems, leaving those organisations open to security risks, according to research.

More than half of IT professionals make undocumented changes to corporate IT systems, leaving those organisations open to security risks, according to research.

The research, from change and configuration auditing software company Netwrix, shows just 60 percent of organisations have change management controls in place, leaving 40 percent at risk from security threats or system downtime.

Netwrix, which questioned almost 600 IT pros, found that 57 percent had made undocumented changes to their IT systems that no one else knows about.

Frequent system changes without documentation or audit processes can cause system downtime and security breaches from internal and external threats, while decreasing overall operational efficiency.

The Netwrix survey found that 65 percent of respondents have made changes that caused services to stop, and that 52 percent make changes that impact system downtime daily or weekly.

Also, 39 percent have made a change that was the root cause of a security breach and that 40 percent make changes that impact security daily or weekly.

The majority - 62 percent - have little or no real ability to audit the changes they make, revealing serious gaps in meeting security best practice and compliance objectives, said Netwrix.

Just 23 percent have an auditing process or change auditing solution in place to validate changes are being entered into a change management solution.

"This data reveals that IT organisations are regularly making undocumented changes that impact system availability and security," said Michael Fimin, CEO at Netwrix. "This is a risky practice that may jeopardise the security and performance of their business."

He said IT managers and CIOs needed to evaluate the addition of change auditing to their change management processes. This will enable them to ensure that all changes - both documented and undocumented - are tracked so that answers can be quickly found in the event of a security breach or service outage, said Fimin.

David Monahan, an analyst at Enterprise Management Associates, said: "With roughly 90 percent of outages being caused by failed changes, visibility into IT infrastructure changes is critical to maintaining a stable environment. Change auditing is also foundational to security and compliance requirements."

 

Sign up for CIO Asia eNewsletters.