Companies are experiencing significant challenges in their attempts to keep their endpoints secure. Maintaining Windows 10 security topped the list of challenges with over half of respondents to an Adaptiva survey indicating it can take a month or more for IT teams to execute Windows OS updates, which ultimately leaves systems vulnerable.
The survey revealed that most companies are unable to maintain endpoint security with consistency for a number of reasons, such as:
- The pace and volume of new Windows OS security fixes.
- The complexity associated with tracking what updates need to be applied to which endpoints from thousands of third-party software vendors.
- The difficulties caused by rapidly changing security policies.
- The limitations of resources in terms of available staff and their respective skill sets.
“Breaches are occurring unnecessarily, teams are overwhelmed, and it’s been nearly impossible for enterprises to keep up with changes in security policies,” said Jim Souders, CEO at Adaptiva. “With the Windows 10 migration, the situation becomes even more serious. If companies can’t find ways to successfully automate security for Windows 10 and other third-party applications, they’re putting their systems at risk.”
Additional survey findings indicated that keeping antivirus and anti-malware up to date remains vital, but unlike with Windows 10 or other third-party software, this is relatively easy to execute. Companies have been forced to deal with these issues for years and have already developed automated solutions. Windows 10, however, poses a new level of complexity.
IT’s biggest challenges
When it comes to IT teams’ concerns, 85 percent of survey respondents identified Windows OS updating as a leading priority, but the number of updates and the time it takes to successfully implement them across all endpoints causes challenges.
Managing Windows updates: Nearly half (49 percent) of the respondents said that keeping the Window OS and application software up to date is their greatest security configuration challenge. Fifty-nine percent of companies take up to a month or more to complete Windows OS updates.
Patching problems: But it’s not just Windows updates that cause headaches. Nearly half (48 percent) of respondents confirmed that third-party patching is also quite difficult to accomplish company-wide.
Keeping up with ongoing security threats: Thirty-two percent of respondents identified keeping up with “the pace of policy changes to defend against newly discovered vulnerabilities or cyberattack methods” as the most difficult ongoing challenge that IT teams address.
The struggles of endpoint decurity
Despite the increasing challenges enterprise IT teams face, the survey indicated that most feel ill-equipped to deal with security configuration management properly. Key struggles IT teams face when combating endpoint security issues include:
Lack of people: Fifty-five percent of respondents believe that security policy compliance needs to be checked at least daily on every endpoint company-wide (10 percent think it should be checked hourly), but many companies lack the teams and tools to do security configuration management right.
Lack of time: According to the survey, remediating systems that are out of compliance with security policy is the most time-consuming endpoint security configuration management task that respondents undertake. Unfortunately, teams do not have the time to write the automations required to identify and fix non-compliant endpoints. For example, 45 percent of respondents lack the time to write automations at all, and 46 percent can only produce a fraction of the needed automations.
Skill shortages: Respondents were also troubled by the lack of expertise within their teams, reporting that nearly a third of staff lack the necessary skills to write their own automations.
Network issues: Another area of concern was that 38 percent of respondents say delivery of security software and updates over low-bandwidth connections is not reliable, making it difficult for enterprises to determine if updates even reach endpoints.
Automate for the future
Given the priority of security in the enterprise, spending is growing rapidly. Gartner says security expenditures will grow 7 percent to $86.4 billion in 2017. As companies prepare to allocate more money to both staff and technology, they must strategize carefully.
In order to avoid being caught in brand-crushing security breach headlines like WannaCry and Petya, IT companies need to make sure they invest in the right technologies and the right people. Survey respondents indicated that 39 percent now place higher priority on increasing the speed at which Windows and other security updates are applied to all systems since the WannaCry and Petya attacks took place.