Cybersecurity Awareness Month: The endpoint security issue
Device diversity and hybrid work models challenge IT teams. New research reveals the gap between managed endpoints and actual security coverage.
- Gabe Knuth,
-
Omdia
Intelligence and advice powered by decades of global expertise and comprehensive coverage of the tech markets.
October is Cybersecurity Awareness Month, as well as awareness month for many other -- arguably more important -- causes, such as breast cancer, depression, domestic violence, Down syndrome and, not to be overlooked, squirrels.
Because endpoint security continues to become more and more complicated, I thought I'd share three eye-opening findings from my recent research to mark the occasion.
The research, which focused on the consolidation of teams, tools and processes to increase operational efficiency and improve endpoint management and security, was an update of a 2023 study that was in the works when I joined Enterprise Strategy Group, now part of Omdia. Thus, we were able to get meaningful comparisons over time. It focused on IT and security professionals across enterprise (85% of respondents) and midmarket (15%) organizations.
Key finding 1: Endpoint management and security are hard
Roughly 40% of organizations said that endpoint management and security are more difficult today than in the past, compared to roughly 27% in the 2023 study. This increase in complexity is driven by things that are both not surprising and alarming at once: device proliferation, remote and hybrid work, and a complex threat landscape.
Device proliferation
Factors related to device proliferation, diversity and patching account for half of the top 10 drivers of increased complexity in endpoint management and security.
Let's start with the number of devices per user. On average, users conduct work from three or four devices on a regular basis. This might sound like a lot, but it's pretty easy to get to three devices: Phone, home machine and work machine come to mind. Throw in a tablet and you're at four. Even if it's three, that's still a lot of devices. Think about it, a 500-person organization might have to deal with 1,500 to 2,000 endpoints. Each of these devices, if managed, needs its OS and apps patched, and each expands the security footprint -- and attack surface -- of an organization.
As for unmanaged devices … well ... put a pin in that. We'll get to it in key finding 3.
Remote and hybrid work
In the research, remote and hybrid work were tied for second place on the list of factors driving complexity. Despite all the return-to-office news, the reality is that unless all work from all users is conducted in an office setting, organizations must deal with hybrid or remote work. It might be too bombastic to declare that return-to-office programs don't improve endpoint management and security, but the reality is that in almost every situation, organizations must deal with -- and have a strategy for -- remote or hybrid work.
Complex threat landscape
It's not just the number of devices or where they are -- the threats themselves are becoming more difficult to deal with.
While AI offers a glimmer of hope, the reality is that bad actors are using AI too, which exacerbates the feedback loop of cat-and-mouse. Couple this with an increase in endpoint vulnerabilities and the aforementioned device diversity, and we can see exactly how complexity is increasing.
Key finding 2: Unmanaged devices can be OK, but often aren't
In the previous research, we asked how many managed and unmanaged devices were in organizations. While it wasn't surprising to learn that 44% of organizations had between 1,000 and 10,000 unmanaged devices, we stopped there. In our recent research, we asked not only how many devices were unmanaged, but also why they were unmanaged and if they were secured by some other means -- for example, VPN, zero trust, SASE, identity or validated configurations.
This time, we learned that an average of 32% of devices in an organization are unmanaged, and less than half of those devices (41%) are secured using alternative means -- something I've been calling "strategically unmanaged." This means more than half of unmanaged devices (59%) are "unintentionally" unmanaged -- a number that is as scary as it is eye-opening.
Key reasons for devices being unintentionally unmanaged revolve around limited visibility into device existence, technical limitations that prevent management, contractor or third-party devices, and that recurring bugaboo: rapid device proliferation.
Resource constraints and complexities resulting from many teams, tools and processes factor in as well, but to be honest, it doesn't matter how we got there. Unintentionally unmanaged devices that aren't secured by even the simplest means are a gigantic liability because of the unknowns they represent: unknown devices, unknown configurations, unknown states, unknown purposes and unknown users.
No wonder things are more complex.
Key finding 3: Organization maturity matters
The final key finding holds a mirror up to anyone who says endpoint management and security are easier today. We asked how many organizations had experienced an attack due to "unknown, unmanaged or poorly managed endpoints," and, shockingly, the numbers were down significantly from the prior research. In 2023, a combined 77% of respondents said they'd experienced one or more cyberattacks, compared to 54% in 2025.
Before we congratulate ourselves on a job well done, the data tells a different story. If we look at those organizations that reported having experienced an attack through the lens of team consolidation -- an indicator of team, tool and process maturity -- we see that more mature operations are more likely to detect attacks (78%). Those that have not undergone consolidation and are less mature were significantly more likely to report no attacks (35%).
While this is more correlation than causation, the point is sound: Lack of visibility caused by exploding device counts, remote and hybrid work, unintentionally unmanaged devices and a confounding mix of teams, tools and processes can result in a literal false sense of security.
Awareness achieved?
I hope this gets you thinking about how your organization can do better. It's not all doom and gloom, even though it can feel that way when the data shows an overwhelming increase in complexity.
I choose to look at this as a positive: Becoming aware of your organization's vulnerabilities enables you to increase and improve visibility. And the ongoing convergence of endpoint management and security, where I spend most of my time, is helping to unify the teams, tools and processes that were once separate and unaccountable to each other. If there's any takeaway from this, it's to take stock of your current teams, tools and processes and how many "single sources of truth" you have and look for ways to optimize.
This research contains so much useful information, including a look at the future of endpoint management and security: autonomous endpoint management. I plan on writing more about the findings in the coming weeks and months.
Gabe Knuth is the principal analyst covering end-user computing for Omdia.
Omdia is a division of Informa TechTarget. Its analysts have business relationships with technology vendors.
