HEAT Software has published the results of a study it commissioned on the state of enterprise security. Conducted by Ultimate Windows Security, the report provides visibility into the uses, concerns and challenges that IT departments face in respect to endpoint security, patching, cloud applications and mobile management. HEAT Software released the findings in conjunction with its presence at the 2016 RSA Conference, which is taking place now through Friday at San Francisco’s Moscone Center. “In conducting this research, we’ve identified significant security gaps in the current solutions that IT departments are leveraging to mitigate risks,” said Russ Ernst, Sr. Director of Product Management. “It’s our hope that these findings will encourage IT departments to implement flexible, scalable, secure service management and endpoint management solutions, so that they can operate effectively in today’s harsh cybersecurity climate.”
Endpoints
Endpoints have shifted from securely existing within four physical walls to connecting from anywhere in the world, often over insecure Wi-Fi. With IT managers reporting that negligent employees are the biggest threat to endpoint security, the process of ensuring every endpoint is securely configured, patched and protected from external threats is more critical than ever. When IT professionals were asked to rank their top security concerns, three of the top four answers revolved around endpoints.
Furthermore, when asked to identify which systems management products are used to properly configure, manage and secure endpoints, “none” was the third most popular answer. For small businesses, the number of organisations foregoing endpoint security is an alarming 36 percent.
Patching
Vulnerability protection plays a key role in overall threat protection. External hackers who seek to exploit vulnerabilities oftentimes continue to do so more than a year after a common vulnerability has been published, making it critical to ensure that every single patch—for both operating systems and applications—is applied as soon as it’s available. Respondents underscored this importance by citing the need to stop endpoint-based intrusions as the fourth highest security priority.
However, while nearly all client systems management products manage endpoints, many do not cover third-party applications such as Flash and Java. As such, 57 percent of respondents said they would like integrated third-party patching and, in the meantime, use a separate solution or no patching at all.
Mobile
When it comes to mobility, organisations cannot address security, stability and performance without centralising mobile access to data, application updates and device security. Enterprise mobility management (EMM) solutions offer this, but a shocking 37 percent of respondents do not use EMM services. Organisations seeking to improve their security stance around mobile applications should at a minimum embrace EMM and opt for additional features, such as secure containers and content access, to ensure they properly address data security.
Conclusions
IT managers are experiencing a rate of change like never before. Endpoints are shifting from traditional, on-premises desktops and laptops to mobile devices that are used by employees to work from anywhere. IT departments are working to protect these ever-moving endpoints from both threats and vulnerabilities, but are using systems management solutions that lack integrated technologies to do so efficiently and effectively – or they use no systems management solution at all.
When asked which approach respondents would prefer to address the issues outlined in this report, “best of breed” was the top response (29 percent), and “fully integrated” and “single pane of glass” tied for second (26 percent).
“In order to achieve total protection, today’s IT organisations need unified solutions that provide robust and powerful features that meet security and productivity needs,” Ernst continued. “IT departments are being tasked with managing an even richer set of environments, platforms, devices and user requirements, so the need for solutions that continually centralise and secure these environments is more urgent than ever.”
