The manufacturing Industry ranked mobile security, network access control (NAC) and Software Defined Perimeter (SDP) the tools best suited for a secure access platform, a new report found.
In addition, the manufacturing industry uses 2.8 tools for secure access, but use four for mobile security, which was the highest of any of the industries surveyed in the “2019 State of Enterprise Secure Access Report” conducted by IDG Connect on behalf of Pulse Secure.
The report is based on a survey of over 300 decision makers in 1000+ employee organizations, in which 36 percent of the respondents come from the manufacturing industry. The survey was conducted in the U.S., UK and Germany, Austria, and Switzerland (DACH).
In the manufacturing sector, respondents felt more confident than many others in their ability to automate DevOps apps delivery, the report said.
IT is more complex than ever today as organizations accelerate digital transformation and broadly adopt public and private cloud infrastructure. At the same time, more enterprises become increasingly reliant on mobile workers, flexible working lifestyles and consumer-like tools, there is a demand for simpler, faster and safer access to data, applications and services from wherever users are located and from any device or platform.
But this demand for accessibility comes at a time when IT departments have never been under so much pressure to defend their brands, intellectual property and the sensitive data of their customers and employees. This has led to a need for increased visibility and oversight as the network perimeter becomes more porous and elastic, and as endpoints grow in number thanks to BYOD schemes and a panoply of devices from desktop PCs to notebooks, tablets, smartphones, kiosks, wearables and the Internet of Things (IoT)-enabled objects.
Answers to Questions
This survey was created to understand: Current IT deployment models; access challenges, issues and impact; practices, controls and tools used to address access exposures; secure access tool usage and value; the degree of confidence respondents have in their ability to mitigate risks, and how companies plan to invest to fortify access defenses and capabilities.
Given consistent and mounting news of breaches and private data theft, companies are fortifying their security capabilities to prevent and contain cyberattacks. One security model that is gaining momentum is that of Zero Trust. While not trusting anyone or anything is a misnomer, Zero Trust is about “verifying before granting trust.” A Zero Trust model authenticates, authorizes and verifies users, devices, applications and resources no matter where they reside. It encompasses proving identity, device and security state before and during a transaction, applying least privilege access controls closest to the entities, applications and data, and extending intelligence to allow policies to adapt to changing requirements and conditions.
Of more than 13 types of Secure Access tool presented to the survey participants, on average, companies use at least two of each type, and large organizations use more than three of the top five tools: VPNs, next-generation firewalls, CASBs, NACs and MDM suites.
This underlines the way that enterprises have amassed a variety of duplicate Secure Access tools or capabilities by way of addressing new threats, feature activation, decentralized purchasing authority, compliance requirements or acquisition. The resulting tool smorgasbord leaves enterprises to cobble together a piecemeal access security strategy in order to support their distributed environment and business needs.
This scenario contributes to complexity for users and administrators, visibility, audit and security gaps, delayed threat response, and increased costs. Unsurprisingly, the issue of ‘tool sprawl’ is particularly applicable to larger companies that have about 30 percent more tools than SMEs.
IT organizations at least recognize the need for corresponding investments in access security solutions.
The survey showed that over 90 percent of respondents plan to increase their secure access technology expenditure, with 41 percent seeing 5-15 percent growth and 30 percent seeing a rise between 15 and 25 percent. Few (<10 percent) anticipate flat or declined spend.
Even with current and planned investment, fewer than half of respondents indicated modest confidence in their security processes, human resources, intelligence and tools to mitigate access security threats – while under 35 percent expressed significant confidence.
The research paints a clear picture where we see that control gaps are yielding endpoint and access exposures and impactful security incidents. Organizations are experiencing malware (55 percent), unauthorized/ vulnerable endpoint use (52 percent) and mobile or web app exposure (49 percent) incidents.
In addition, unauthorized access due to poor endpoint or privileged user issues (46 percent); or poor authentication and encryption application (45 percent) are also taking a toll on enterprises.
How can these security issues be addressed? One place to start is to identify what control gaps to focus on. Survey respondents cited lower confidence in application availability (81 percent). While user experience is an important component of access, you can’t manage what you can’t see – in this regard, issues on granular visibility of users, endpoints and mobile devices (79 percent) are apparent. Additional identified control gaps that are material to reducing access incidents are endpoint access compliance (79 percent) and enforcement (78 percent).
Click here to view the entire report.