Configuration Drift

Let’s Talk Drift…

And no, we’re not talking about speeding through Tokyo Fast & the Furious-style or floating off course while sailing out in the ocean. We’re talking about what can happen to your company’s IT infrastructure as a result of changes made throughout the environment.

What is Configuration Drift?

For any business, using applications and cloud services happens every day. As with all technology, new features need to be added and existing functions updated. Whenever any type of change or configuration occurs, gaps can develop and accumulate over time, resulting in configuration drift. Without effective configuration drift detection, the impact to the business can be great, whether from configuration drift in microservices, DevOps, or cloud security.

A business’ infrastructure, when implemented, is mapped out so that an operations team knows every aspect of the infrastructure. When changes are made, whether for strategic purposes like enhancing user experience, or for tactical reasons like adding or consolidating resources, the team members may not be aware those changes. As a result, this new infrastructure varies from the original, and IT no longer has full visibility into the system because of these undetected and unknown changes.

Configuration drift can have a number of impacts on systems throughout an organization. As drift increases, so does the need for efficient resource allocation, support for remote IT operations, streamlined collaboration and coordination across multiple teams, and governance. The lack of visibility only compounds these issues over time.  

Why Drift Matters

Anytime a system drifts from its original state, crucial changes can go undetected by key operations groups, whether DevOps, CloudOps, or other infrastructure management teams. But what does that really mean for IT leaders, users, clients, and the business as a whole?

 As changes continue to go undetected and unmanaged, the number of adjustments build and grow within the system over time. Without active management and tracking of these changes, IT lacks insight into how the system has continued to evolve. This can lead to a number of issues that impact operational efficiency, system security, and a variety of other critical functions.



Security Threats

Any gap in real-time system state can open a business to security risks and exposed data. Unchecked, those risks can result in serious issues like data breaches.

Decreased Productivity

Without awareness and visibility, the amount of drift grows and eventually requires manual intervention. It becomes a challenge for IT to address known issues and pulls their attention away from other impactful work.


Customer Experience

Clients expect a seamless experience. But, when drift is left unchecked, it can often lead to system downtime, outages, or even deployment failures. When the system is slow or unresponsive, users are unhappy.


As operations teams work to address growing issues within the system, it can put a strain on time, resources and maintenance, ultimately driving operational costs up.

How are you addressing the cloud skills gap required for the future?

Examples of the Impact of Drift

Below are a few basic examples of how configuration drift can occur on a daily basis within an enterprise.

Scenario 1 – Resource Changes

A user adds a resource, which impacts the organization’s cloud compliance posture. The change violates your company’s own internal baselines as well as specific regulatory benchmarks. Ideally, you need a tool that will identify the resource as noncompliant, and clearly describes the steps required to remediate the issue.

Scenario 2 – Cost Spike

It’s Friday and resources are spun up in AWS for a special project. However, if those resources are left active over the weekend, a significant cost spike would occur. Perhaps those costs are anticipated and included in the project budget. But if not, it could be a nasty surprise when the AWS bill comes due. Any changes with cost implications should be monitored closely, preferably by a tool that anticipates the cost impact of a change, even before usage charges occur, and provides notification of the estimated cost impact.

Scenario 3 – Security

A user opens RDP to the internet creating a network security issue. While not all firewall changes are cause for alarm, these types of changes should always be monitored so an organization can ensure that proper precautions are in place and remediate issues quickly.

Configuration drift is driven by change and not all change is bad for your organization. The key however, is to move beyond just understanding configuration drift and its potential impact on your systems towards gaining true visibility into your environment. With this insight, you can manage drift according to whether it has a positive, neutral, or negative effect on business operations.

How to Detect Configuration Drift

When you’re sailing, you can tell when you’ve drifted, as long as you have the right tools and instruments. These tools can tell you whether you’ve gone off course and the adjustments you need to make to get back on course. Without them, out in the ocean, you may not be able to get your bearings, and determine whether you’re heading in the right direction, or even if you’re moving at all.

The same is true when it comes to identifying drift. If your staff doesn’t have the right tools and resources in place to monitor, manage, and remediate configuration drift, they are often unaware of drift, or least the full extent of it. There are a few methods for addressing drift that require varying levels of investment of time and resources, they include: manual management; timely scanning; and real-time monitoring.

Manual management takes the most time and resources away from your IT organization. It requires manual system checks and change tracking. Not only is it very time consuming, but it leaves the door open to human error.

Some tools allow for regular scanning of an IT system. Based on a set schedule (determined by what makes the most sense for the user), the tool scans the system and identifies changes and gaps that need to be addressed. While this method offers increased visibility into changes when compared to a manual process, the time between scans can allow drift to grow to a point where it requires significant attention and support.

Real-time monitoring is the best way to track changes that can lead to configuration drift. As changes occur, inconsistencies and vulnerabilities can grow. The faster you can catch them, the faster you can respond. This type of tool tracks changes in real-time and alerts the appropriate team member when changes are made that impact compliance, security, or cost, so issues can be addressed immediately.

How to Manage Configuration Drift

While the idea of configuration drift can seem overwhelming, the good news is that configuration drift can be managed effectively. Any steps taken by a business to monitor system changes will help reduce some of the headaches that drift can cause. To truly ensure minimal drift and prompt response however, the key is real-time monitoring and putting a remediation process in place to fix any issues quickly.

In addition to addressing issues that arise as a result of configuration drift, management can impact other areas of the business as well. Effective drift management can ensure your infrastructure stays compliant, whether from a security or regulatory standpoint, and enables proper management of your cloud native resources, especially across a multi-cloud environment. Drift management also ensures that the resources in place are being used appropriately and efficiently, giving teams greater capacity to collaborate and coordinate, whether in person or remotely, resulting in a better experience for both internal clients and external customers.

Whether leadership’s biggest concern is compliance and risk, or the effect on customer experience, having a solution in place to address configuration drift once it is detected will reduce its overall impact on your company.

Request a Demo

See how OpsCompass can help guide you to success in the cloud with an interactive tour of the software led by one of our cloud operations experts.