Lack of visibility into IT assets impacting security priorities

Axonius released a report which reveals the extremes to which the pandemic escalated lack of visibility into IT assets and how that is impacting security priorities.

According to the study conducted by ESG, organizations report widening visibility gaps in their cloud infrastructure (79%, which was a 10% increase over 2020), end-user devices (75%), and IoT device initiatives (75%), leading to increased risk and security incidents.

Around nine out of 10 respondents report that automating IT asset visibility could materially improve a variety of security operations.

“Collectively, these assets represent an attack surface that organizations must protect against an ever-expanding threat landscape used by adversaries to compromise infrastructure and carry out malicious activities,” said Dave Gruber, ESG senior analyst.

“When IT and security teams lack visibility into any part of their attack surface, they lose the ability to meet security and operational objectives, putting the business at risk. In some cases, organizations were reporting 3.3 times more incidents caused by lack of visibility into IT assets.”

The report explores the impact that the pandemic has had on IT complexity and security, and explains the challenges that lie ahead. It also reveals how automating asset management can close visibility gaps caused by the rapid shift to remote work, IoT adoption, and accelerated digital transformation.

“This year’s survey once again reinforces that lack of visibility into assets is one of the most critical challenges facing every organization today. Building a comprehensive inventory remains a slow, arduous, often inadequate process, and as a result, more incidents are occurring,” said Dean Sysman, Axonius CEO.

“However, automating cybersecurity asset management can dramatically improve security and compliance efforts. According to the study, eliminating visibility gaps results in a 50% reduction in end-user device security incidents.”

Organizations plagued by pandemic-driven IT complexity

More than 70% of respondents report that additional complexity in their environments has contributed to increasing visibility gaps. More than half cite the rapid shift to remote work and changes to technology infrastructure necessitated by security and privacy regulations as key reasons for this increased complexity.

Nearly 90% of respondents say that the pandemic has accelerated public cloud adoption. The study also reveals that the majority of organizations have suffered more than five cloud-related security incidents in the last year. Half of the respondents report visibility and management challenges with public cloud infrastructure, mostly associated with data spread across different tools, clouds, and infrastructure.

Participants also anticipate a 74% increase in remote workers, even after pandemic restrictions lift. This requires organizations to develop long-term operating and security plans for hybrid work environments so that IT and security teams do not remain blind to the personal networks and devices supporting remote employees.

Although organizations furloughed many IoT projects during the pandemic, they may not be prepared when these initiatives reignite. Only 34% report they have a strong strategy for maintaining IoT device visibility, while 62% report facing continued challenges with the variety of devices in use.

Remote work shifts priorities and resources

The rapid move to remote work motivated a significant change in BYOD policies for 94% of organizations. Pre-pandemic, close to half of the organizations surveyed prohibited using personal devices for corporate activities, but this number has fallen to 29% in this year’s study, adding new management and security challenges.

As device diversity increases, IT and security teams are putting more focus on identity and access management (IAM) solutions, with 65% reporting that IAM is more challenging. And security teams are facing increased workloads for investigations, with incidents on the rise.

Investment in asset management on the rise

Organizations depend on an average of eight different tools to pull together asset inventories while reporting intensive, manual processes to pull together the data. On average, it takes more than two weeks to generate an asset inventory, utilizing a combination of tools that weren’t built for this task, including endpoint management and security tools, network access controls, network scanning, configuration and patch management, and vulnerability assessments.

With this kind of effort, 64% report asset inventory as an event versus a process, only updating inventories monthly or quarterly. This cadence leaves significant visibility gaps in between, resulting in unmeasurable business risk, and takes away from other priority tasks, such as vulnerability assessments and improved threat investigations and response. Fortunately, realizing the critical importance, more than 80% report plans to increase investments this year to combat the problem.