Configuration drift is the gradual divergence of systems or services from their intended, approved, or secure configuration state over time. It matters because even well-built environments can become insecure as settings change incrementally.
What is Configuration Drift?
Drift happens when manual changes, exceptions, patching, tooling differences, emergency fixes, or unmanaged updates cause systems to move away from baseline standards. Over time, this can create inconsistent controls, weaker hardening, and hidden exposure.
What Configuration Drift Commonly Affects
Common areas include firewall rules, IAM roles, logging, software versions, network settings, endpoint controls, cloud policies, and application configuration.
Configuration Drift vs. Security Misconfiguration
Security misconfiguration is the unsafe state itself. Configuration drift is the process by which systems move away from the intended safe state, often creating that misconfiguration.
Frequently Asked Questions
Why is drift dangerous?
Because small unauthorized or inconsistent changes can accumulate into meaningful exposure without attracting immediate attention.
How do teams reduce drift?
Automation, baselines, policy checks, review workflows, and continuous monitoring all help reduce unmanaged drift.
