The survey of large enterprises in the US, UK and DACH uncovers business risk and impact resulting in a pivot towards extending Zero Trust capabilities to enable productivity and stem exposures to multi-cloud resources, applications, and sensitive data.
Key Findings
The global survey found the most impactful incidents were contributed by a lack of user and device access visibility and lax endpoint, authentication and authorisation access controls. Over the last 18 months, at least half of all companies across every region had dealt with malware, unauthorised/vulnerable endpoint use, and mobile or web apps exposures. Nearly half experienced unauthorised access to data and resources due to insecure endpoints and privileged users, as well as unauthorised application access due to poor authentication or encryption controls.
UK and DACH region
When asked about “What potential access security control gaps have you or your organisation experienced within the past 18 months?” 1 in 5 UK respondents said that Mobile Computing Exposure offered an “Impactful Gap”. While in the DACH region, 1 in 5 respondents cited Poorly Maintained Directory Services, Poor User and Device Discovery and Inconsistent, Incomplete Enforcement as the most pressing gaps within Access Security.
In response, participants stated that their organisations are stepping up their access security initiatives:
· 48% improving endpoint security, remediation prior to access
· 46% enhancing IoT discovery, isolation and access control
· 44% fortifying network and cloud access visibility and resource segmentation
Tool overload
Adding to management complexity, the report also found that organisations employ at least three or more secure access tools per each of 13 solutions presented in the survey. Larger companies have about 30% more tools than smaller enterprises. Correspondingly, nearly half of respondents were open to exploring the benefits of consolidating their security tools into suites. The UK was the most prolific user of security tools with survey respondents recording 4.9 VPN tools and 4.3 Next Generation Firewall (NGFW) and Mobile Security (MDM, EMM) tools equating to an over 25% increase compared to DACH and US respondents.
With the rapid migration to cloud, 52% of respondents from the UK and DACH stated a project or pilot of a zero trust approach to security using Software Defined Perimeter technology was planned over the next 18 months.
“The data from these three markets shows many similarities in terms of the gaps and threats that large enterprises need to deal with in respect to secure access,” said Scott Gordon, chief marketing officer at Pulse Secure. “Perhaps the most significant difference in Secure Access priorities was more focus on improving endpoint security and remediation prior to access (US 57%) compared to 43% in the UK and just 31% in DACH. This trend also matches higher IoT adoption in the US, although Europe is catching up fast.”
“A key takeaway from this report is that large organisations across Europe are dealing with an increasingly hybrid IT environment and as such should re-assess their secure access priorities, capabilities and technology as part of their Zero Trust strategy,” Gordon concluded.