Cloud + BYOD + IoT = major security gaps
Despite having hundreds of tools at their disposal, IT and security teams are rapidly losing sight of their asset landscape.
That’s the finding from a survey from Axonius, which reveals how trends including the ever-increasing number of end-user devices, rapid cloud adoption, and the looming IoT explosion are leading to increased complexity and risk and decreased visibility.
Lack of visibility
The study first reveals that today’s IT infrastructure barely resembles what it was just five years ago, and a confluence of megatrends are all rising to impact IT and security teams.
“When we speak with customers from the midmarket up to the Fortune 100, we hear the same challenges: teams are faced with too many assets, a patchwork of security tools, and maddeningly manual processes to understand what is there and whether those assets are secure,” said Dean Sysman, CEO at Axonius.
The survey of 200 IT and cybersecurity professionals from private and public-sector organizations in North America found that the move to the public cloud, an increase in the number of end-user devices, and IoT projects all contribute to a lack of visibility.
Specifically, the study found that 52% of VMs now reside in the cloud, running in multiple cloud environments, making it increasingly more challenging for organizations to manage them effectively. At the same time, container usage is mainstream among cloud users, with continued predicted growth that will add further complexity.
While bring-your-own-device (BYOD) trends began more than 15 years ago, organizations are still grappling with evolving BYOD policies, especially with a typical employee now using more than four devices each week. As a result, organizations believe they are blind to about 40% of end-user-devices.
Pressure on IT and security teams to deal with major security gaps
At the same time, IoT continues to play an increasing role in the workplace, with more than half of organizations reporting active IoT projects. Yet, 77% report an IoT visibility gap.
This decrease in visibility correlates directly to an increase in risk. The survey found that 75% of organizations have experienced several serious cloud VM security incidents as a result of cloud visibility gaps, and 73% admit to experiencing multiple serious incidents as a result of an end user device visibility gap. In fact, organizations with visibility gaps experience 2.3x more security incidents than those without.
“Together, these changes are putting enormous pressure on IT and security teams, who are already struggling to find new management and security tools that can keep up,” said Dave Gruber, Senior Analyst, ESG.
“VMs, new devices, and new device types are driving complexity. Most say that they already have too many tools, yet still report visibility gaps in what they can see versus what they want to see across cloud, mobile, and IoT environments. This gap directly translates into added security risk. 85% of organizations plan to increase investment in asset management to help overcome these issues.”
To regain the visibility needed to combat these challenges, security and IT teams are returning to a focus on the fundamentals like investing in gaining a credible inventory and automating asset management.
Comprehensive IT asset inventories take over two weeks of effort, requiring 89 person-hours of labor. On average, they happen 19 times per year, demanding the involvement of multiple teams and people, so it shouldn’t come as a surprise that the survey found 85% of organizations plan to increase investment in asset management to help overcome these issues – especially in light of the fact that roughly 90% expect the time freed up from asset-related tasks would have a material improvement on threat hunting and incident investigation.