Shavlik Survey: Configuration Management Considered Critical, But Lacks Support

Survey shows that 87 percent of IT managers believe that configuration management is an important part of their overall security program, but only 52 percent regularly audit their configurations

April 8, 2009

4 Min Read


St. Paul, MN (April 7, 2009) -- Shavlik Technologies, LLC, the market leader in simplifying and automating critical IT operational tasks, today announced results of a survey the company recently conducted with responses from over 435 IT operations and security specialists. The survey illustrates that configuration management is considered a critical to perform IT task, but organizations aren't necessarily investing in best practices to support it.

The survey results showed that 87 percent of IT managers believe that configuration management is an important part of their overall security program, but only 52 percent regularly audit their configurations. Only 9.6 percent of respondents have automated solutions for this repetitive, complex, error prone, and time consuming task.

90% of survey respondents admit that their current configuration management processes are either manual or only semi-automated, using a combination of tools and scripts to maintain the environment. Most respondents reported they lack solutions that automate identifying mis-configured systems and bringing those errant systems back into conformance; relying instead on manual processes to close the gaps. These approaches are becoming unacceptable in today's environments where IT resources are shrinking but the demands to prove security best practices and policy conformance are increasing. As one respondent put it, "Both human process failures and system update failures create the need to validate and ensure critical configurations remain consistent in the environment. This action improves the overall system security and reliability."

Shavlik customers agree. "Shavlik delivered a solution with the capability to automatically map our system configurations directly to PCI compliance requirements. We now have the visibility and the confidence that the auditor will simply tell us what we already know," states Shavlik hospitality industry customer, Accor North America. For the full testimonial from Accor visit

"The results gained from this significant survey validate what we've been hearing for months at various customer events across the globe " that attempting to manage literally thousands of configuration settings across an environment using free tools or ad hoc processes has created a false sense of security and left management frustrated by a lack of visibility," states Mark Shavlik, CEO of Shavlik Technologies. "IT practitioners are beginning to understand that to reduce management overhead and contain costs, they must invest in sustainable configuration management. However, the challenge is this: how do I simplify and automate the management of configuration settings without sacrificing visibility and control?"

Shavlik Technologies is responding to feedback from its customers with continued enhancements to the company's solution for configuration management, including a product name change to Shavlik NetChk Configure (formerly called NetChk Compliance). "It's Shavlik's unique focus on simplifying and automating the critical to perform task of configuration management that drive us to change the product name to NetChk Configure," said Terry Noonan, Vice President, Products, of Shavlik Technologies. "Shavlik offers a unique approach to implementing a sustainable and automated configuration management program that balances both the need to distribute, maintain and report on mandated configurations, while at the same time mapping those configurations directly to a compliance standard such as PCI or FISMA/FDCC."

About Shavlik NetChk Configure Shavlik NetChk Configure simplifies and automates configuration management and compliance auditing. NetChk Configure provides a centralized management interface that allows you to continuously scan the network to validate configuration settings against corporate security policy and allows you to directly map those controls to regulatory frameworks. Unique to the industry, NetChk Configure not only assesses configuration controls but also automates fixing systems that have drifted out of conformance and provides proof that the reality on the network matches official corporate policies.

About Shavlik Technologies Shavlik Technologies, LLC is the market leader for simplifying and automating critical-to-perform and manage IT operations including patch management, application control, configuration management, and policy and compliance auditing. Shavlik's innovative approach to simplifying and automating management of the platform frees up IT staff for initiatives that grow your business without sacrificing the visibility and control needed to ensure system uptime and demonstrate proof of compliance with internal policies and external regulations.

With more than 10,000 customers worldwide, Shavlik is trusted to provide solutions that can be relied upon to identify gaps and automatically and reliably fix systems that are missing patches or don't conform with the corporate-defined configuration baseline. More information can be found at

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights