Adopting standard server configurations will reduce operating risk. Server configuration management is receiving more attention from IT managers for several reasons:
- Informal configuration management processes allow errors. Eliminating configuration errors helps IT staff be more efficient and reduce server outages.
- Undocumented server configuration changes will open up security vulnerabilities. The ability to analyze new configuration changes against previous change records will ensure the attack surface for a server is not unknowingly increased.
- Compliance with the Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley requires companies to institute IT controls and demonstrate that the controls are working.