Configuration Drift

What is Configuration Drift?

For any business, using applications and cloud services happens every day. As with all technology, new features need to be added and existing functions updated. Whenever any type of change or configuration occurs, gaps can develop and accumulate over time, resulting in configuration drift. Without effective configuration drift detection, the impact to the business can be great, whether from configuration drift in microservices, DevOps, or cloud security.

A business’ infrastructure, when implemented, is mapped out so that an operations team knows every aspect of the infrastructure. When changes are made, whether for strategic purposes like enhancing user experience, or for tactical reasons like adding or consolidating resources, the team members may not be aware those changes. As a result, this new infrastructure varies from the original, and IT no longer has full visibility into the system because of these undetected and unknown changes.

Why Drift Matters

 As changes continue to go undetected and unmanaged, the number of adjustments build and grow within the system over time. Without active management and tracking of these changes, IT lacks insight into how the system has continued to evolve. This can lead to a number of issues that impact operational efficiency, system security, and a variety of other critical functions.

Drift Can Cause Issues When Unchecked…


Security Threats

Any gap in real-time system state can open a business to security risks and exposed data.

Decreased Productivity

Without awareness and visibility, the amount of drift grows and eventually requires a lot of manual intervention.


Customer Experience

Clients expect a seamless experience. Unchecked drift can lead to system downtime, outages, or even deployment failures.


Drift can put a strain on time, resources and maintenance, ultimately driving operational costs up.

Examples of the Impact of Drift

Below are a few basic examples of how configuration drift can occur on a daily basis within an enterprise.

Scenario 1 – Resource Changes

A user adds a resource, which impacts the organization’s cloud compliance posture. The change violates your company’s own internal baselines as well as specific regulatory benchmarks. Ideally, you need a tool that will identify the resource as noncompliant, and clearly describes the steps required to remediate the issue.

Scenario 2 – Cost Spike

It’s Friday and resources are spun up in AWS for a special project. However, if those resources are left active over the weekend, a significant cost spike would occur. Perhaps those costs are anticipated and included in the project budget. But if not, it could be a nasty surprise when the AWS bill comes due. Any changes with cost implications should be monitored closely, preferably by a tool that anticipates the cost impact of a change, even before usage charges occur, and provides notification of the estimated cost impact.

Scenario 3 – Security

A user opens RDP to the internet creating a network security issue. While not all firewall changes are cause for alarm, these types of changes should always be monitored so an organization can ensure that proper precautions are in place and remediate issues quickly.

Configuration drift is driven by change and not all change is bad for your organization. The key however, is to move beyond just understanding configuration drift and its potential impact on your systems towards gaining true visibility into your environment. With this insight, you can manage drift according to whether it has a positive, neutral, or negative effect on business operations.

How to Detect Configuration Drift

When you’re sailing, you can tell when you’ve drifted, as long as you have the right tools and instruments. These tools can tell you whether you’ve gone off course and the adjustments you need to make to get back on course.  

The same is true when it comes to identifying drift. If your staff doesn’t have the right tools and resources in place to monitor, manage, and remediate configuration drift, they are often unaware of drift, or least the full extent of it. There are a few methods for addressing drift that require varying levels of investment of time and resources, they include: manual management; timely scanning; and real-time monitoring. 

With a clear change history available, OpsCompass can help you catch your drift.

How to Manage Configuration Drift

While the idea of configuration drift can seem overwhelming, the good news is that configuration drift can be managed effectively. Any steps taken by a business to monitor system changes will help reduce some of the headaches that drift can cause. To truly ensure minimal drift and prompt response however, the key is real-time monitoring and putting a remediation process in place to fix any issues quickly.

Manual management takes the most time and resources away from your IT organization. It requires manual system checks and change tracking. Not only is it very time consuming, but it leaves the door open to human error.

Some tools allow for regular scanning of an IT system. Based on a set schedule (determined by what makes the most sense for the user), the tool scans the system and identifies changes and gaps that need to be addressed. While this method offers increased visibility into changes when compared to a manual process, the time between scans can allow drift to grow to a point where it requires significant attention and support.

Real-time monitoring is the best way to track changes that can lead to configuration drift. As changes occur, inconsistencies and vulnerabilities can grow. The faster you can catch them, the faster you can respond. This type of tool tracks changes in real-time and alerts the appropriate team member when changes are made that impact compliance, security, or cost, so issues can be addressed immediately.

Manage Your Cloud With OpsCompass

Effective drift management can ensure your infrastructure stays compliant, whether from a security or regulatory standpoint, and enables proper management of your cloud native resources, especially across a multi-cloud environment. Drift management also ensures that the resources in place are being used appropriately and efficiently, giving teams greater capacity to collaborate and coordinate, whether in person or remotely, resulting in a better experience for both internal clients and external customers.

Whether leadership’s biggest concern is compliance and risk, or the effect on customer experience, having a solution in place to address configuration drift once it is detected will reduce its overall impact on your company.