Absolute Software has released new research revealing the increasing complexity in enterprise device environments, including operating system (OS) fragmentation and volume of applications, is impacting security and compliance posture.
The findings in Absolute Software’s 2023 Resilience Index contradict the long-held belief that having more security solutions directly equates to more protection.
Leveraging the analysis of anonymised data from millions of customer devices across the globe, the report provides insights and benchmarks for organisations looking to strengthen cyber resilience in today’s widely distributed, hybrid workplaces.
The work-from-anywhere model is exacerbating the strain on IT and security teams – compounding existing device health and security challenges with a broad mix of networks, hardware, OS versions, and patches.
More than 80 per cent of devices analysed use the Microsoft Windows OS, with the large majority on Windows 10, and within that device population there are 14 different versions and more than 800 builds and patches to manage. Absolute’s telemetry data also shows there are 67 applications installed on the average enterprise device, with 10 per cent of those devices having more than 100 applications installed.
While many of these tools enable employees to be productive, they also contribute to increased complexity. This complexity can create conflict among applications; impede the patching and maintenance of devices and applications, especially if those devices are remote; and lead to software failing or going offline over time.
In the report, Absolute looks at common security applications deployed for hybrid workers and assessed the health of leading vendors within the categories of: Endpoint Protection (EPP), Endpoint Detection and Response (EDR), and secure access. The data shows seven of the 10 apps analysed across these categories were installed and healthy on less than 80 per cent of devices, on average – and in some cases, as low as 47 per cent. When self-healing capabilities via Absolute Application Resilience were enabled, application health and efficacy rates across these same vendors increased significantly, as much as 52 percentage points.
“Security that is not installed or working effectively cannot protect you,” said Christy Wyatt, President and CEO, Absolute Software.
“The criticality of these security controls, especially among remote and hybrid workers, cannot be overstated and the ability to keep them healthy is often oversimplified. Even market-leading, world-class software requires repairing for many reasons: changes in the environment around it, or new forms of risk introduced by adversaries or even by the user. By applying intelligence and automation to heal them, we can remediate the risk, restore the user experience, and ensure compliance.”
Other key insights from the 2023 Resilience Index include:
- Distributed, highly mobile users compound complexity: The average number of enterprise device locations across Absolute customers has grown 15 per cent year-over-year, with an average of four locations per device observed in February 2023.
- Hybrid working means heavy reliance on third-party networks: In hybrid work models, critical applications like Virtual Private Networks (VPNs) and Zero Trust Network Access (ZTNA) need to be deployed, installed, and up to date. However, Absolute data shows this critical tool is either not installed or is not at the required version level on more than 30 per cent of devices.
This report was developed using anonymised data from 14 million Absolute-enabled devices active during the period of February to April 2023, across customer organisations in North America, Europe, and Asia-Pacific, as well as data and information from trusted third-party sources.
You can read the full report here.