2009 Security Survey: 87% Rate Configuration Management as Important But Only 17% Are Confident Their Systems Conform to Corporate Policy.Over 435 Respondents - Survey Results Show IT Operations Using Semi-Automatic or Manual Processes to Manage Configuration Settings and Prove Policy Conformance con·for·mance n. Conformity. Noun 1. conformance - correspondence in form or appearance conformity agreement, correspondence - compatibility of observations; "there was no agreement between theory and ST. PAUL St. Paul as a missionary he fearlessly confronts the “perils of waters, of robbers, in the city, in the wilderness.” [N.T.: II Cor. 11:26] See : Bravery , Minn. -- Shavlik Technologies, LLC (Logical Link Control) See "LANs" under data link protocol. LLC - Logical Link Control , the market leader in simplifying and automating critical IT operational tasks, today announced results of a survey the company recently conducted with responses from over 435 IT operations and security specialists. The survey illustrates that configuration management is considered a critical to perform IT task, but organizations aren't necessarily investing in best practices to support it. The survey results showed that 87 percent of IT managers believe that configuration management is an important part of their overall security program, but only 52 percent regularly audit their configurations. Only 9.6 percent of respondents have automated solutions for this repetitive, complex, error prone, and time consuming task. 90% of survey respondents admit that their current configuration management processes are either manual or only semi-automated, using a combination of tools and scripts to maintain the environment. Most respondents reported they lack solutions that automate identifying mis-configured systems and bringing those errant er·rant adj. 1. Roving, especially in search of adventure: knights errant. 2. Straying from the proper course or standards: errant youngsters. 3. systems back into conformance; relying instead on manual processes to close the gaps. These approaches are becoming unacceptable in today's environments where IT resources are shrinking but the demands to prove security best practices and policy conformance are increasing. As one respondent put it, "Both human process failures and system update failures create the need to validate and ensure critical configurations remain consistent in the environment. This action improves the overall system security and reliability." Shavlik customers agree. "Shavlik delivered a solution with the capability to automatically map our system configurations directly to PCI (1) (Payment Card Industry) See PCI DSS. (2) (Peripheral Component Interconnect) The most widely used I/O bus (peripheral bus). compliance requirements Compliance requirements are a series of directives established by United States Federal government agencies that summarize hundreds of Federal laws and regulations applicable to Federal assistance (also known as Federal aid or Federal funds). . We now have the visibility and the confidence that the auditor will simply tell us what we already know," states Shavlik hospitality industry customer, Accor North America North America, third largest continent (1990 est. pop. 365,000,000), c.9,400,000 sq mi (24,346,000 sq km), the northern of the two continents of the Western Hemisphere. . For the full testimonial from Accor visit http://www.shavlik.com/testimonials.aspx. "The results gained from this significant survey validate what we've been hearing for months at various customer events across the globe - that attempting to manage literally thousands of configuration settings across an environment using free tools or ad hoc For this purpose. Meaning "to this" in Latin, it refers to dealing with special situations as they occur rather than functions that are repeated on a regular basis. See ad hoc query and ad hoc mode. processes has created a false sense of security and left management frustrated frus·trate tr.v. frus·trat·ed, frus·trat·ing, frus·trates 1. a. To prevent from accomplishing a purpose or fulfilling a desire; thwart: by a lack of visibility," states Mark Shavlik, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of Shavlik Technologies. "IT practitioners are beginning to understand that to reduce management overhead and contain costs, they must invest in sustainable configuration management. However, the challenge is this: how do I simplify and automate the management of configuration settings without sacrificing visibility and control?" Shavlik Technologies is responding to feedback from its customers with continued enhancements to the company's solution for configuration management, including a product name change to Shavlik NetChk Configure See configuration. (software) configure - A program by Richard Stallman to discover properties of the current platform and to set up make to compile and install gcc. Cygnus configure was a similar system developed by K. (formerly called NetChk Compliance). "It's Shavlik's unique focus on simplifying and automating the critical to perform task of configuration management that drive us to change the product name to NetChk Configure," said Terry Noonan, Vice President, Products, of Shavlik Technologies. "Shavlik offers a unique approach to implementing a sustainable and automated configuration management program that balances both the need to distribute, maintain and report on mandated configurations, while at the same time mapping those configurations directly to a compliance standard such as PCI or FISMA/FDCC." About Shavlik NetChk Configure Shavlik NetChk Configure simplifies and automates configuration management and compliance auditing. NetChk Configure provides a centralized cen·tral·ize v. cen·tral·ized, cen·tral·iz·ing, cen·tral·iz·es v.tr. 1. To draw into or toward a center; consolidate. 2. management interface that allows you to continuously scan the network to validate configuration settings against corporate security policy and allows you to directly map those controls to regulatory frameworks. Unique to the industry, NetChk Configure not only assesses configuration controls but also automates fixing systems that have drifted out of conformance and provides proof that the reality on the network matches official corporate policies. About Shavlik Technologies Shavlik Technologies, LLC is the market leader for simplifying and automating critical-to-perform and manage IT operations including patch management The installation of patches from a software vendor onto an organization's computers. Patching thousands of PCs and servers is a major issue. A patch should be applied to test machines first before deployment, and the testing environments must represent all the users' PCs with their unique , application control, configuration management, and policy and compliance auditing. Shavlik's innovative approach to simplifying and automating management of the platform frees up IT staff for initiatives that grow your business without sacrificing the visibility and control needed to ensure system uptime and demonstrate proof of compliance with internal policies and external regulations. With more than 10,000 customers worldwide, Shavlik is trusted to provide solutions that can be relied upon to identify gaps and automatically and reliably fix systems that are missing patches or don't conform with the corporate-defined configuration baseline. More information can be found at www.shavlik.com. Shavlik Technologies is a registered trademark in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. and certain other countries, of Shavlik Technologies. Additional Shavlik product names are either registered trademarks or trademarks of Shavlik Technologies. All other trademarks mentioned in this document are the property of their respective owners. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion