Device sprawl is becoming a costly security headache with the average enterprise now managing approximately 135,000 endpoint devices, a new report finds. Despite $4,252,500 of annual budget spent on endpoint protection, an average of 48% of devices — or 64,800 per enterprise — are at risk because they are no longer detected by an organization’s IT department or the endpoints’ operating systems have become outdated, according to the inaugural report, Managing Risks and Costs at the Edge, from Adaptiva and the Ponemon Institute.
Additionally, 63% of respondents reported that the lack of visibility into their endpoints is the most significant barrier to achieving a strong security posture.
Additional findings from the report
Sprawling centralized infrastructure
IT organizations are facing unprecedented rates of distribution point sprawl, which has grown rapidly since the onset of the COVID-19 pandemic. Sixty-one percent of respondents said distribution points have increased in the last two years, and the average endpoint has as many as seven agents installed for remote management, further adding to management complexity.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
Updates are hardest to maintain
62% of respondents said new OS and application versions are the most difficult to maintain across all endpoints, followed by patches and security updates at 59%, and network settings and connectivity issues at 50%.
66% of respondents said that their organizations don’t have ample resources to minimize endpoint risk. Consequently, respondents indicate they could only stop 52% of attacks with their current technologies and expertise.
Endpoint tools for a distributed, decentralized, digital-first world
Although the world has significantly changed in the last two years, there haven’t been any significant innovations in the endpoint management space for over a decade, since the advent of cloud computing, said Deepak Kumar, founder and CEO of Adaptiva.
“Unfortunately, most organizations are running uphill with endpoint management tools that weren’t designed for today’s distributed, decentralized and digital-first world,” Kumar said.
Contrary to popular opinion, investing more in centralized distribution infrastructures or moving to the cloud won’t solve the problem, according to Kumar.
“The plan to invest money in endpoint security content distribution is promising, but it’s only one part of the solution,” Kumar said. “Throwing more money at more distribution servers will just increase the investment without solving the underlying problem. It will increase management costs without improving device visibility.”
Additionally, employing more people to find and fix systems won’t work either, because they can’t fix what they can’t see — and what they can’t see is at the core of the problem.
“Every new security solution that bolts onto your existing stack will just make it more complex and less agile,” Kumar said. “IT needs tools that provide organizations with total and complete visibility over their endpoints, with real-time and continuous delivery of content to keep them healthy, patched and secure. This won’t be achieved by the dominant endpoint management solutions in the market today, which still rely on bloated centralized infrastructure, in the cloud and on-prem.”
Utilize the edge as the infrastructure
As cyberattacks increase in frequency and magnitude, organizations are under increasing pressure to implement effective endpoint management systems. Fifty-four percent of respondents had an average of five attacks on their organizations in the last year, at an average annual cost of $1.8 million, according to the report. The cascading effects of system downtime and disruptions to employee productivity have left organizations scrambling to keep up.
“Rather than relying on tools that run on centralized infrastructure to monitor and maintain widely distributed endpoint devices, consider utilizing your edge as the infrastructure instead,’’ Kumar said. “Shifting from centralized infrastructure, whether on-prem or in the cloud, to one powered by your edge will help keep endpoints visible, allowing them to remain up to date to protect them against threats.”
This provides complete visibility from IT’s position of central control, and practitioners are able to see with more clarity how the organization’s endpoint devices are behaving while containing costs.
“This will allow you to eliminate distribution points from your architecture, as the apps that monitor and maintain your endpoints will reside and execute on your edge rather than on unscalable centralized servers,’’ Kumar said. “This will create a self-sustaining, fault-tolerant, and adaptive network of peer-to-peer endpoints that heighten performance, security and resilience.”
Adaptiva and Ponemon Institute said 629 IT and IT security practitioners in the United States were surveyed, representing an average organizational headcount of 13,213 and IT budget of $184,366,500. Respondents indicated that most enterprises struggle to maintain visibility and control of their endpoint devices, leading to increased security breaches and impaired ability to ward off outside attacks.