Insight and analysis on the data center space from industry thought leaders.

Undocumented Changes May Result in a Security Breach

Data leaks and security violations remind us how vulnerable IT infrastructures are, and further highlight that companies of all sizes need to monitor changes in order to maintain control over their IT, writes Michael Fimin of Netwrix.

Industry Perspectives

November 6, 2014

4 Min Read
Undocumented Changes May Result in a Security Breach

Michael Fimin, CEO and co-founder of Netwrix, is an accomplished expert in information security.

The growing tendency of data leaks and security violations, such as Heartbleed, Target, Home Depot and eBay breaches, have shown how vulnerable IT infrastructures are, and further highlight that companies of all sizes need to monitor changes in order to get stringent control over their IT.

For a better understanding of the current situation within IT departments, Netwrix initiated a 2014 State of IT Changes survey, asking whether IT professionals document changes made to their IT systems, and how those changes impact security and business continuity.

Worrying facts about system changes

When talking about monitoring changes to IT systems the first question is whether IT departments ensure that all changes are being documented as they are made. The second question is whether changes are specifically monitored on a daily basis. Surely, if you are unaware of what is happening in your IT infrastructure you are not able to quickly respond to the undesirable effects these changes create, which may result in data leaks or interruption of business continuity.

Despite the fact that the majority of IT professionals understand that infrastructure must be constantly and continuously monitored, more than a half of them still make undocumented changes to their IT systems. Moreover, 40 percent of organizations don’t even have formal IT change management controls in place.

When it comes to mission-critical systems, having a meaningful strategy for monitoring data access and users’ activity seems to be a priority of the highest level. However, very few organizations establish continuous auditing of their IT infrastructures for strengthening security and ensuring business continuity. The survey says that 65 percent of IT professionals have made changes that caused services to stop, and this approach is commonplace, even in large enterprises.

How to secure your data

Without a system that will help you easily determine any change made to the system configurations, there is a risk that your organization will appear in breaking news announcing yet another company that has suffered from a massive security breach.

Given the fact that the majority of companies admit the deficiency of adequate measures that prevent security breaches, below are key points that will help strengthen the security of your IT environment and protect sensitive data.

Keep monitoring user accounts regularly. This includes controlling user permissions, creation and deletion of user accounts, and continuous auditing of user activities. In the case of a significant staff turnover or regular changes to the employees’ permissions, a risk that someone will have redundant access rights is growing.

According to the Verizon 2014 Data Breach Investigations Report, 88 percent of security breaches result from privilege misuse. Change auditing of IT infrastructure will provide daily and on-demand reports as well as real-time alerts that help to ensure that permissions are adequate, and access to sensitive data is limited to the people who have a business need in it.

Keep your employees informed that their activity is being tracked. There is no need to hide the fact that you monitor user activity in order to secure sensitive data. Do the opposite – share anonymous reports with your employees and make sure they are aware of the responsibility to follow the company’s security policy.

Detect breaches early on. Unfortunately, there is no secret remedy that prevents security violations from happening. That is why it is important to be as proactive as possible. Consider deploying a solution that will notify you in case suspicious activity shows up. This will decrease discovery time and provide the opportunity to take all the necessary precautions before sensitive information is massively compromised.

Security breaches are almost inevitable and their frequency is growing. For this reason, organizations of all sizes need to reconsider their security policy. There are a number of solutions that will help minimize the consequences of security violations. The goal today is to ensure complete visibility across your entire IT infrastructure, to know who did what, when and where, and to track all changes in order to avoid malicious activity.

Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like