Survey Also Indicates Security Teams Have Relatively Low Confidence in their End-User Device Security Posture
TEL AVIV (March 17, 2022)–A study by Infinipoint, the first solution provider to offer Device-Identity-as-a-Service (DIaaS), and Virtual Intelligence Briefing (ViB) has revealed a significant gap between a high level of interest in Zero Trust for device access yet relatively low adoption due to obstacles in implementation. Surveying 388 IT and security professionals, “Zero Trust and the Challenge of Device Security” explores the challenges inherent in device security, along with the potential of a Zero Trust security model to be the basis of a lasting solution.
Priorities and Implementation Tell a Conflicting Story
68% of respondents said they are planning to use Zero Trust for device security, however more than half (56%) said they are not implementing the model now. There is a notable split between intent and action, with implementation falling behind interest in the Zero Trust for device security model.
Overall, about 30% have either completed a Zero Trust implementation or are in the process of implementing. Of those who have an active Zero Trust model in their organization today, only 42% have enabled it for devices, the 4th lowest category behind Zero Trust for networks, user access and applications. Other obstacles impeding implementing Zero Trust for device access include concerns around IT support issues, administrative burden, disruption to end user access and lack of remediation options.
Respondents stated that updating software patch levels for critical vulnerabilities was one the biggest security challenges they face (33%). 31% also identified gaining visibility into which devices are accessing which services as a significant challenge.
Low Confidence in Device Security – Yet Device Posture Checks Are Under-Utilized
Trends such as remote work are exacerbating devices’ tendency to expose organizations to cyber risk. Unsurprisingly, more than 82% of IT and security professionals agreed that the increase in remote workers has increased overall organizational risk.
Surprisingly, only 27% of respondents shared that they were “very confident” that end-user devices connecting to company applications were secure. 63% claimed that they were “somewhat confident.”
To help mitigate risk, 69% of respondents shared that it is very important that only devices that have been validated to be compliant with their organization’s security policy are allowed to access corporate services and applications. In addition, 54% consider security posture checks continuously upon user access to be “very important.” However, only 28% of respondents say they are conducting security posture checks. Even fewer are doing it continuously, with only 35% of those doing security posture checks continuously upon access. 29% only do security posture checks on a monthly—or longer—basis.
To stop device-related threats, 73% of respondents rely on firewalls, with 70% using malware or antivirus protection, 68% implementing endpoint protection platforms (EPP), and 51% using extended detection and response (XDR) solutions. However, even with a combination of these tools in place, confidence in current device security is low.
Working through the Obstacles of Implementation
“Zero Trust offers a way to bolster device security posture for end user devices and access control but legacy tools have not fully addressed the implementation obstacles to apply Zero Trust to device access,” said Ran Lampert, co-founder and CEO, Infinipoint. “Infinipoint has addressed these obstacles head on, enabling our customers to apply Zero Trust principles to device access in a simpler, more automated, and scalable fashion, with a frictionless and productive end user experience.”
A full copy of “Zero Trust and the Challenge of Device Security,” is available for download here.
The study, conducted in late 2021 by Virtual Intelligence Briefing (ViB) for Infinipoint, received responses from IT and security professionals in North America. 71% of respondents worked in mainstream IT roles such as IT Ops and applications, and 29% of respondents were devoted to security roles such as Security Ops.
The diverse group of respondents came from 15 industries, with healthcare (15.5% of respondents), technology (14.7%) and education (13.1%) comprising the top three. The findings are based on 388 respondents, 32% of whom work at organizations with over 10,000 employees, 18.6% at organizations with between 5,000 and 9,999 employees and 48.2% with fewer than 4,999 employees. Roles represented include IT Ops (19.8%), Applications (18.7%) and Security Ops (8.8%).
Infinipoint is a pioneer in the Device-Identity-as-as-Service security category to extend a true zero-trust security posture to devices. Infinipoint is the only solution that provides Single Sign-On (SSO) authorization integrated with risk-based policies and one-click remediation for non-compliant and vulnerable devices. This reduces risk by protecting access to an organization’s data and services while transforming devices to support a world-class security posture. Infinipoint can do all this in a productive way that maintains business continuity with no disruption to the workforce.