The survey results showed that 87 percent of IT managers believe that configuration management is an important part of their overall security program, but only 52 percent regularly audit their configurations. Only 9.6 percent of respondents have automated solutions for this repetitive, complex, error prone, and time consuming task.
90% of survey respondents admit that their current configuration management processes are either manual or only semi-automated, using a combination of tools and scripts to maintain the environment. Most respondents reported they lack solutions that automate identifying mis-configured systems and bringing those errant systems back into conformance; relying instead on manual processes to close the gaps.
These approaches are becoming unacceptable in today’s environments where IT resources are shrinking but the demands to prove security best practices and policy conformance are increasing. As one respondent put it, “Both human process failures and system update failures create the need to validate and ensure critical configurations remain consistent in the environment. This action improves the overall system security and reliability.”