Generic filters

Stop the Drift – How to Spot and Stop Compliance Drift

October 22, 2021

“No man ever steps in the same river twice, for it’s not the same river and he’s not the same man.”


The same thing is true when it comes to your IT infrastructure. Catching your STIGs from compliance drift means the minute you make one change, you are dealing with a different network and your environment drift apart. With the addition of new systems, applications, users, collaborations, APIs, and requirements keep your network constantly in flux. Without policies and processes in place to identify and remediate inconsistencies, the change doesn’t even have to be large enough to cause your configurations—and your security measures—to drift into unknown territories. 

Over the past two years, 50% of American organizations and 41% of global organizations have reported a major security incident or loss. Without extreme vigilance as to whether controls have drifted out of policy, it is literally a roll of the dice as to whether you will become an unfortunate statistic. 94% of unauthorized data access is through compromised servers and 95% of breaches are attributed to known and fixable vulnerabilities. If you are not looking for drift on a continual basis, you are creating openings for mal actors to stroll right into on the way to your data.  

What does compliance drift look like?

While the ability to detect and measure drift is an essential component in your security mission, if you are looking for it—even with the trained eye of an administrator—you’ll be lucky to see it. It’s hit or miss unless you have specialized automation and enterprise reporting software to identify areas of drift and the failed processes that made them happen. 

Wondering why your STIG and CIS controls are not meeting objectives? Curious as to how unwanted guests gained access to your system? Wanting to know how vulnerabilities seemed to have appeared out of nowhere? Compliance drift may be your answer, so it is important to understand that finding and correcting the drift is just a bandage approach. You need to know the policies, processes, and procedures that enabled the drift in the first place, so it doesn’t happen again. And again. 

Leadership in systems management and information assurance management is marked by vigilance, automated solutions that scan and remediate endpoints in the application stack that have drifted out of line, and dashboards built for the experts that manage your cyber goals. These steps provide a foundation for managing drift and improving your security posture over time. 

What causes drift in the first place? 

Drift is generally caused by human processes, not automated ones. So the more mature your human processes are, the less likely you are to encounter drift

  • Humans are subject to error—and causing drift—especially when:
  • Time is tight and deadlines have to be met
  • New users and new systems is introduced into the enterprise
  • Software updates are activated 
  • Relying on manual processes for tedious processes that can be automated, such as Center for Internet Security (CIS) and STIG compliance

How can drift be avoided?

There are several best practices you can leverage to prevent configuration and application drift:

  • Set baselines. Following system hardening baselines using STIG and CIS controls as your guide is the best practice, but maintaining those baselines is the ultimate best practice. A watched pot never boils. And in the world of government cybersecurity, that’s a good thing. 
  • Use a hardened system configuration. Build a hardened testing environment that is configured to support the application stack—nothing more and nothing less. Limiting your application stack’s abilities limits its attack surface and decreases the number of updates needed to maintain it. 
  • Perform enterprise application testing. Enterprise application testing may already be a part of your company’s audit processes. Make sure you get a detailed report showing which layers of the application are vulnerable and what the specific vulnerabilities are. 
  • Introduce automation. SteelCloud’s ConfigOS automatically scans, remediates, and reports on configuration changes to networks, data assets, services, applications, and device settings in conformance with government recommendations and mandates. When it comes to CIS, CMMC, and STIG compliance, it makes having immaculate security possible. 

When to use automation to stop compliance drift. 

Automation is at its best when addressing rules-based, repetitive, manual tasks. Here are just a few ways ConfigOS tackles drift:

  • It continually scans and remediates issues 24/7/365 without even blinking
  • Properly set up, it will not err and it delivers reliable, consistent results
  • It performs rapidly, delivering secure configurations with speed and scale
  • It delivers insights and actionable intelligence that can revolutionize the way your organization handles drift and maintains a compliant environment
  • It dramatically reduces the time spent maintaining the enterprise’s hardening compliance

With security at a pivotal point and enterprises changing daily from updates, new software, new users, and other stimuli, organizations need to adapt quickly to protect our government’s infrastructure and data. A security incident will not only have financial impacts but human resources impacts, as well as whatever data, has been compromised. 

Drift is the unseen foil to environments that are presumed secure. As we close this final week of National Cybersecurity Awareness Month, don’t presume everything is going to plan. Create a solid strategy for detecting and mitigating compliance drift before the unthinkable drifts into your system.  






Share This Resource: