Cyber Security
How tool sprawl is becoming a common issue for SMEs
Published
3 years agoon
By
GFiuui45fgJumpCloud announced the findings from its Q2 2022 SME IT Trends Report, revealing that while IT teams are successfully managing hybrid-remote work, they are still burdened with a glut of tools despite a strong preference for more centralized IT management. 43.7% of employees now require six or more tools just to get their job done, but 74.6% of respondents preferred a single tool.
External events like the war in Ukraine and uncertainty in financial markets introduce more complexity, adding another layer of operational concern for SME IT teams. Despite these challenges, SME IT admins remain dedicated to their jobs and responsibilities even while feeling overwhelmed by them.
Business outlook
Nearly half of workers are back in the office. 47.1% of workers are in the office full time in 2022 versus 40.1% in 2021. Remote workers are 24.8% today versus 22.6% in 2021, and hybrid workers are down to 32.5% compared to 42.5% a year ago.
World economic issues are impacting business. 61.4% report that supply chain disruptions or product shortages have hurt their business (30.5% significantly, and 2.8% disastrously). 57.6% say labor shortages have been an issue for their business (26.3% significantly, and 5.1% say it’s been a serious business limiter).
Labor shortages impact the US more than the UK. 37.1% of US respondents report that labor shortages have been significant or a serious business limiter versus 25% in the UK reporting the same.
War in Ukraine is also impacting business. 40.5% of all respondents say the war in Ukraine has impacted their organization. 58.6% agree that the war in Ukraine has increased their organization’s focus on security. In the US, 64.4% agree the war has increased their organization’s focus on security versus 52.7% in the UK.
Security
Security is the biggest challenge in 2022. 59.4% said security was their number one challenge, followed by device management (48.1%) and migrating all workers to fully or partially remote (47.8%).
Majority of organizations require the use of biometrics for employee authentication. 55.9% currently require biometrics now. In 2021, only 22.3% of admins reported that biometrics had been implemented.
Balancing security and user experience is a growing challenge. 66.1% agree that adding security measures generally means a more cumbersome user experience, an increase from 58.1% who said the same in 2021.
Outside threats loom large. The three biggest security concerns are network attacks (39.7%), ransomware (30.9%), and software vulnerability exploits (30.6%). In 2021, the three top were software vulnerability exploits (39.4%), use of the same password across applications (39.4%), and use of unsecured networks (37.9%).
Patch management is seen as successful. 78% are confident that their organization’s patch management strategy is sufficient to protect against known vulnerabilities. In terms of patch timing, 60.1% are patching within seven days and over one-third (35.8%) deploy patches ASAP.
Patch management is intentional. 47.1% use a security staff member dedicated to identifying vulnerabilities and performing fixes, as well as managing the execution, mitigation, and remediation of patches. 46.7% follow patch schedules according to vendors’ patch release dates.
Many leave responsibility to users. 39.4% said patch management is the user’s responsibility to update when prompted.
Single sign-on (SSO) is picking up steam. In terms of SSO adoption, 33.9% use it across their entire organization, 35.6% use it for a limited number of apps or devices, 17.95% use it for collaboration tools, and 12.5% haven’t deployed it. In 2021, only 20.4% of IT admins had already implemented SSO.
Organizational interest in passwordless is strong. When asked if passwordless authentication is a priority for their company, 62.6% agreed versus 17% who disagreed.
But IT admins aren’t entirely sold on the importance of passwordless. 52.6% agree that passwordless authentication is more of an industry buzzword than it is an IT priority. Only 23.6% disagreed.
Biometrics are seen as secure but difficult to implement. When ranking the most secure step for multi-factor authentication (MFA), the top answer was biometrics (34.2%) but it’s also seen as the hardest to implement (37.6%).
One-time passwords (OTP) will likely stick around. When ranked, OTPs are seen as easiest for users (35.5%), the second most secure (29.7%), and easiest to deploy (37.6%).
IT admins personally use biometrics. Personally, 74.5% use biometrics to secure their devices through a variety of methods: fingerprint (52.9%), face recognition (31.7%), voice recognition (10.1%), and liveness detection (4.9%).
IT management
Migrating workers to remote or hybrid work continues to be a challenge. 47.8% report it’s one of the biggest challenges for their IT team over the last year, versus 41.6% reporting the same in 2021.
IT admins are a little happier and not as overwhelmed. 60.4% report being happier in their job than a year ago versus 56.5% reporting the same in 2021. 59.4% in 2022 are somewhat or very overwhelmed versus 66.9% in 2021.
Device breakdown continues to be heterogeneous, and a little heavier on Windows. The combination in 2022 is 68.1% Windows, 20.2% macOS, and 16.9% Linux, compared to 58.2% Windows, 24.6% macOS, and 20.6% Linux in April of 2021.
Recession and inflation concerns loom. 26.2% report they are actively doing recession planning, while 57.4% are either considering recession planning or think it’s a good idea. Only 5.1% say inflation worries them “not at all,” and 70.4% report some concern (31.2% consider it a big worry, and 8.1% consider it an existential threat).
Tool creep is a risk. The majority of teams (42.7%) use two to three tools to manage the employee lifecycle and 38.2% of teams use three or more tools.
Life of IT admin
Remote work is easier to manage. 50.7% agree that it’s as easy to manage remote/hybrid workforces as fully in-person workforces. In 2021, 55.8% of admins said that ongoing management of remote workers was the biggest challenge for their IT teams.
Centrally managed IT tool is highly desirable. 74.6% agree they would prefer to use a single solution/tool to do their job over managing a number of different solutions, an increase from 69.7% in 2021 (Dec).
IT teams use a number of tools to do their job. 41.1% of IT admins estimate employees need three to five tools to do their job.
Managed service providers (MSPs)
SMEs see MSPs as essential partners. 88% say they currently use an MSP or are considering one. SMEs are most commonly using MSPs to support their internal IT team (38%), though almost one-third (27%) use one to completely manage the IT program.
Knowledge, cost-savings, and user experience are key MSP benefits. The top three reasons IT teams turn to MSPs are that they are up to date on the latest technologies (61%), can provide a better user experience (53%), and are cost-effective (52%).
MSPs are deployed for a wide range of functions. SMEs rely most heavily on MSPs for cloud storage (51%), system security (48%), system management (48%), and system monitoring (43%).
MSPs are seen as invaluable for efficiency, security, user experience, and overall support. 70% say use of an MSP has resulted in better security, 53% report a better employee experience, 37% say it has made their IT jobs easier, and 33% say it makes them more effective at managing IT.
IT independence, overtooling, and cost, are the biggest barriers to MSP implementation. For those who don’t use MSPs, the top reasons are that they prefer to handle IT themselves (56%), that MSPs offer more than they need (33%), and that MSPs are too expensive (29%).
IT admins are cautious about MSP security. MSPs would be wise to have a solid security approach in place and communicate it clearly — despite high integration with MSPs, over one-third of SME respondents who currently work with an MSP have concerns about how their MSP manages security (37%).
US admins rely more heavily on MSPs than their UK counterparts. In the US, 34% say an MSP completely manages their IT program, including technology, process, and support versus 20% in the UK. 9% of US admins have no plans to work with MSPs versus 16% in the UK.
US admins are more concerned about MSP security. Despite higher MSP rates in use, more US admins (41.5%) report concerns about MSP safety than UK admins (34.3%).
Geographical differences
The UK is unhappier in their job and sees more challenges. 15.2% of UK admins disagreed that they were happier in their job versus 9.7% of US counterparts. More UK respondents also disagreed that it is as easy to manage remote/hybrid workforces as fully as in-person (33.1%) versus 24.1% in the US. UK admins also had more budget decreases (7.05% versus 2.4% in the US).
Roadblocks for consolidating IT products were the same on both sides of the pond. The top three reasons for not consolidating were that no single product out there that will meet all needs (35.7% in US, 46.9% in UK), not wanting to be dependent on a single product (32.5% in US, 36.9% in UK), and too much existing infrastructure (31% in US, 37.7% in UK).
US admins are more skeptical of passwordless than UK counterparts. In the US, 57.3% say passwordless is more of an industry buzzword than an IT priority versus 47.7% in the UK.
The US requires its employees to use more tools. 48% of US admins estimate employees need six or more tools to do their job versus 39.3% in the UK who need the same.
UK admins leave less security management up to users. In terms of enabling employee access to resources, 17.8% in the US say all accounts are unmanaged and security requirements like MFA are encouraged but not mandated versus only 9% in the UK.
“From complicated tech stacks to the downstream impact of global events, IT admins are working to secure and simplify workflows in less-than-ideal circumstances,” said Rajat Bhargava, CEO, JumpCloud.
“As IT teams sound the alarm about increased threats, SMEs should acknowledge these professionals are needlessly juggling a sprawling tech stack that isn’t efficient or cost-effective and that introduces unnecessary risk. While SMEs look to invest more heavily in IT infrastructure, a platform approach can improve employee experience and productivity, and provide safe access to critical applications and data — all for a lower TCO than bespoke point solutions.”
Source: https://www.helpnetsecurity.com/2022/06/20/it-teams-managing-hybrid-remote-work/