Survey Shows Disconnect Between Configuration Management Goals, Best Practices

Majority of IT operations use semi-automatic or manual processes to manage configuration settings

Shavlik Technologies, LLC (www.shavlik.com) revealed the results of its recent survey of 435 IT operations and security specialists. Although respondents consider configuration management critical, most organizations don’t follow best practices.

Shavlik points out that “87 percent of IT managers believe that configuration management is an important part of their overall security program, but only 52 percent regularly audit their configurations. Only 9.6 percent of respondents have automated solutions for this repetitive, complex, error prone, and time-consuming task.”

The survey also found that 90 percent of respondents admit that they have either manual or only semi-automated configuration management processes in place; they use a combination of tools and scripts for environment maintenance.

“Most respondents reported they lack solutions that automate identifying mis-configured systems and bringing those errant systems back into conformance; relying instead on manual processes to close the gaps. These approaches are becoming unacceptable in today’s environments where IT resources are shrinking but the demands to prove security best practices and policy conformance are increasing,” the company says.

“The results gained from this significant survey validate what we’ve been hearing for months at various customer events across the globe -- that attempting to manage literally thousands of configuration settings across an environment using free tools or ad hoc processes has created a false sense of security and left management frustrated by a lack of visibility,” said Mark Shavlik, Shavlik Technologies’ CEO, in a company statement.

“IT practitioners are beginning to understand that to reduce management overhead and contain costs, they must invest in sustainable configuration management. However, the challenge is this: how do I simplify and automate the management of configuration settings without sacrificing visibility and control?”

About the Author

James E. Powell is the former editorial director of Enterprise Strategies (esj.com).

comments powered by Disqus