Netwrix Survey: Do You Actually Audit Changes?

There is no doubt, that organizations of all kinds and sizes face everyday changes to their critical IT systems. As the topic of administrative security becomes more and more important, the hazards of data breaches, information leakage and downtime must be avoided and any changes must be tracked down and documented. Netwrix surveyed 577 IT Pros from 24 different industries to get a picture of how it is actually done in different sorts of companies. The goal was to see, how IT departments handle the impact of changes made and what methods they use to maintain security and system availability.

It seemed important for Netwrix to provide multiple perspectives for different IT organization types. In this survey you will find a correlation between the change auditing processes and company size, industry and number of IT department employees.

What did we find out? Oh, it was not all that predictable. Of course, some findings seemed quite logical. For example, the bigger the organization, the more attention is paid to IT security and thus change monitoring and auditing are taken care of more thoroughly. Enterprise companies (1000+ employees) have bigger IT departments and claim the highest level of processes in place to manage IT changes, weighing in at 80%. It was also easy to foresee, that small organizations are more exposed to different kinds of security breaches. Their IT departments, which more commonly consist of only one specialist, normally just cannot handle all the processes.

But what came as quite a shock was that 62% do NOT audit changes to IT systems. Moreover, many of those, who answered positively, considered just having system log data enough. It gets worse. 57% admitted to not documenting the changes made. And this trend shows across all three types of organizations: SMB, Midsize and Enterprise.

What is this tendency leading to? Well, first of all, problems with audits. Without documented changes, it is impossible to answer auditor’s questions. Who has made what changes to what systems? This information just disappears in endless logs. Monitoring and alerting on changes is never enough. There needs to be a system that checks, if all the changes are tracked, a system providing complete visibility across the entire IT infrastructure. Especially when IT department employees make changes, that cause security breaches, there should be a way to track the triggers quickly and to be ready to report them at any time and as detailed as possible.

See the complete “The State of IT Changes Survey 2014” and share your thoughts with us in the comments section below.