remote access and security - akamai€¦ · an idc infobrief, sponsored by akamai | september 2017...
TRANSCRIPT
An IDC InfoBrief, Sponsored by Akamai | September 2017
Remote Access and SecurityChallenges & Opportunities
An IDC InfoBrief, sponsored by XYZ | March 2015
Subhead
Head
Remote Access Is Important and Growing
But How Secure Is It?
pg 3
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
Q. To the best of your knowledge what percentage of major incidents or breaches were due to the following?
21% 20% 22%22%
20% 20% 17%22%
27% 26% 24%30%
32% 34% 37%26%
From unknown origin
Unauthorized entity gaining access
Authorized contractor or vendor gaining unauthorized accessAuthorized employee gaining unauthorized access Total 11% to 20%
remote employees21% to 40%
remote employeesMore than 40%
remote employees
40%+
N=304 Source: Remote & Secure Access User Requirements Survey, IDC, April, 2017
If more than 40% of breaches come from authorized users accessing unauthorized systems, why assume access can be trusted?
pg 4
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
Remote Access Employees & 3rd Parties Tomorrow
Increase more than 40%
Increase 21% to 40%
Increase 11% to 20%
Increase 1% to 10%
Stay flat/ no change
Decrease and Don’t Know
N=304 Source: Remote & Secure Access User Requirements Survey, IDC, April, 2017
The need for remote access is growing.
76% expect to increase
remote access over next two years
6%
19%
12%15%
24%25%
Q. By what percent do you believe that the number of your organization employees and contractors who access applications remotely will increase or decrease in the next 12-24 months?
pg 5
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
UX
UX
4.1 4.0 3.7 3.8
Provide secure access
Automate previously manual processes
Expand contractor base
Provide simple user experience with a
seamless connection
Q. Please rate the importance of the following when providing remote access to your third-party vendors or contractors.
Scale: 1 - Not very important 5 - Very important
N=304 Source: Remote & Secure Access User Requirements Survey, IDC, April, 2017
Security and simplifying user experience (UX) are top of mind for thirty-party vendors or contractors.
Important Factors for Providing the Remote Access to Employees
pg 6
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
81% of respondents feel remote access is important for employees or staff productivity. Remote access security is top of mind for 83%.
Enable working off-site
Improve staff productivity
Provide secure access
Improve customer service
with 3rd party vendors
Reduce operational
costs
83% 78%67%
81%70%
N=304 Source: Remote & Secure Access User Requirements Survey, IDC, April, 2017
pg 7
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
Budgets for remote access average 21% of IT spend. However, respondents who’ve experienced the most incidents from unauthorized entities gaining access only spend an average of 16%.
25% 26% 31%
22%
16%
24%
19%
26%
21%
24%
23%
25%
20%
12%12% 13%
15%
37%46%
41% 39% 34%
21%
15%
21%
14%
38% 37%
2% 1% 0% 2% 2% 3% 3%
Total All othersMost from Unknown origin
Most from Unauthorized
entity gaininng access
Most from Authorized
employee gaining unauthorized
access
Don’t know the distribution of
source of breaches
Most from Authorized
contractor or vendor gaining unauthorized
access
Per
cent
age
of IT
Bud
get
Other
Infrastructure
Mobile security
Application security
Remote application access
N=304 Source: Remote & Secure Access User Requirements Survey, IDC, April, 2017
pg 8
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
But Remote Access Is Complex and Difficult
Total
500 to 999 employees
1000 to 4,999 employees
5000 + employees
pg 9
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
Q. How many network and application components (HW and SW) are involved in adding a new external user group in your organization?
0 to 4 5 to 9 10 to 14 15 to 19 20+ Don’t know
5%
34%32% 33%
38% 38%
13%
7%3% 3% 4%7%
14% 15%11%
37%36%
44%
9% 9%7%
0% 0% 0%
N=304 Source: Remote & Secure Access User Requirements Survey, IDC, April, 2017
50%+ report they use more than 10 network and application components to add a new external user group to an organization.
pg 10
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
rated it difficult to extremely difficult 83% N=304 Source: Remote & Secure Access User Requirements Survey, IDC, April, 2017
83% rated providing access to third-parties (e.g., contractors or supply chain partners) difficult to extremely difficult.
pg 11
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
From a technology standpoint...
VPN is the overwhelming choice favored
VPN and Cloud tools are favored most by IT and Line of Business
86%
20% 17% 18%
48%
VPN tools ADC tools Public cloud appplication directory tool
WAF tools Others
N=304 Source: Remote & Secure Access User Requirements Survey, IDC, April, 2017
However......
..............................
.........
....
pg 12
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
VPN is also linked to companies that have the highest number of major incidents from authorized and unauthorized employees, contractors and vendors gaining access.
Percentage of Major Incidents on Different Tools to Provide Remote Access
VPN tools OthersADC tools Public cloud appplication directory tools
WAF tools
68%
48%
39%
68%
85%
50%
50%
20%
20%
20%
4% 5%
0% 0%15%
16%
15%
33%
17%
17%
18%
14%
65%
55%
54%
Total Most from Authorized employee gaining unauthorized access
Most from Authorized contractor or vendor gaining unauthorized access
Most from Unauthorized enity gaining access
Most from Unknown origin
N=304 Source: Remote & Secure Access User Requirements Survey, IDC, April, 2017
pg 13
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
with Remote AccessSecurity Is the Largest Concern
pg 14
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
Security breaches
Poor user experience
Dedication of resources
Compliance issues
Complexity of architecture/
integration issues
41%
29% 29%
44%
56%
Challenging Factors When Providing the Remote Access
N = 304 Source: Remote & Secure Access User Requirements Survey, IDC, April, 2017
Question: RANK 1&2 - Please rank the following in terms of how much of a challenge they are when providing remote access.
Security breaches rank highest in challenges faced with remote access.
% Agreed
pg 15
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
59%
59%
63%
68%
68%
69%
66%
64%
50%
57%
75%
73%
Securing distributed apps is a problem
Securing remote app access is a problem
Company is vulnerable via unauth remote access
Concerns about ability to secure/control 3rd party access
Contractor/3rd party access ontinuously monitored for threat
Malicious activity from 3rd party/contractors in found timely fashion
Malicious activitycan be thwarted in a timely fashion to avoid breach
My organization has a formal program to access third-pary risk
IT monitors remote user activity and reports on which applications are accessed, by whom, for
how long etc.
Vendor/3rd party remote access are monitored fro PCI DSS
Remote application access is extremely complex
N = 304 Source: Remote & Secure Access User Requirements Survey, IDC, April, 2017
Over 50% of respondents agree that all aspects of securing remote access are difficult.
pg 16
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
Q. My company is vulnerable to an attack through unauthorized remote access. Please indicate your level of agreement with each statement
N = 304 Source: Remote & Secure Access User Requirements Survey, IDC, April, 2017
Strongly disagree Disagree Agree Strongly agree Agree +Strongly agree
Neither agree nor disagree
57%
14%
43%
28%
14%2%
57% feel their company is vulnerable to an unauthorized remote access breach.
pg 17
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
9.5% estimate frequency
of major incidents or breaches
their organization experiences
is more than 10x a year
46% estimate frequency
of major incidents or breaches
their organization experiences
is a few times a year
N = 304 Source: Remote & Secure Access User Requirements Survey, IDC, April, 2017
pg 18
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
Most companies estimate major incidents or breaches have happened across all types of remote access (from employees, from third-party vendors and/or from unknown sources).
Q. To the best of your knowledge what percentage of major incidents or breaches were due to the following? (Responses, excluding “Don’t Know/Not Applicable”)
None (0%)
Some (1-50%)
Most (51-500%) Authorized employee gaining
unauthorizedaccess
Unauthorized entity gaining
access
From unknownorigin
Authorized contractor or vendor
gaining unauthorized
access
N=304 Source: Remote & Secure Access User Requirements Survey, IDC, April, 2017
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
23% 23% 17% 16%
70%69%
74%73%
7% 3%10% 15%
pg 19
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
More than ten times per year
A few times per year
Once every few years
Almost never Don’t know
Q. Which of the following best estimates the frequency of major incidents or breaches your entire organization experiences?
N = 304 Source: Remote & Secure Access User Requirements Survey, IDC, April, 2017
10%
46%
4%
22%18%
Most companies report that breaches happen a few times annually.
pg 20
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
Who’s Got Secure Access?
pg 21
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
Many organizations are confident they will avoid breaches by being proactive, but…
20%
31%
10%18% 21% 21%
0%
I am confident that all malicious activity (insider or through an external source) associated with remote access of 3rd party vendors and contractors is discovered in a timely fashion
Per
cent
age
of S
trong
ly A
gree
d
Total All othersMost from unknow origin
Most from unauthorized
entity gaininng access
Most from authorized
employee gaining unauthorized
access
Don’t know the distribution of
source of breaches
Most from authorized
contractor or vendor gaining unauthorized
access
None of the organizations who had experienced most incidents from an authorized contractor or vendor gaining unauthorized access believed that they could discover it quickly
N=304 Source: Remote & Secure Access User Requirements Survey, IDC, April, 2017
pg 22
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
Amount of Losses or Expectation of Losses due to Unauthorized Access to Remote Applications
$6.5M $6.3M
$4.2M$3.7M
$7.3M $7.5M $8.2M
Average 500-999 employees
5000+ employees
1 to 49 3rd party vendors
50 to 99 3rd party vendors
100+ 3rd party vendors
1000-4,999 employees
Average expected loss is $6.5M with greater loss expected by larger companies ($7.5M) and those with more third-party vendors ($8.2M)
N=304 Source: Remote & Secure Access User Requirements Survey, IDC, April, 2017
Poor remote access security is costly.
pg 23
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
N=304 Source: Remote & Secure Access User Requirements Survey, IDC, April, 2017
Organizations who believe most strongly that malicious activity can be thwarted once discovered experienced the greatest financial loss due to unauthorized access to remote applications.
$7.0M$7.6M
$4.5M
$6.5M$5.6M
$0.0MStrongly disagree
Strongly agree
Neither agree nor disagree
Disagree AgreeTotal
Q. Which of the following best estimates the financial amount your entire organization loses or expects to lose on average due to unauthorized access to remote applications?
pg 24
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
IT respondents estimate losses to be 74% higher than LOB estimates ($7.5M vs. $4.3M)
$6.5M
$4.3M
$7.5M
Average LOBIT
N=304 Source: Remote & Secure Access User Requirements Survey, IDC, April, 2017
IT is more pessimistic than LOBs about security losses.
pg 25
An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
Businesses must pivot from the common security mantra of “trust but verify” to “verify and never trust” in the new threat landscape. Traditional access solutions grant users full access to the network once they “verify” through user credentials, but is that the most secure approach? Solutions like VPNs put a hole through your firewall, enabling anyone inside of your perimeter to potentially move laterally across your network.
It’s time for a radically new approach to application access that is simple to use and more secure. Learn more » www.akamai.com/eaa
What’s Needed?