remote access and security - akamai€¦ · an idc infobrief, sponsored by akamai | september 2017...

An IDC InfoBrief, Sponsored by Akamai | September 2017

Remote Access and SecurityChallenges & Opportunities

An IDC InfoBrief, sponsored by XYZ | March 2015

Subhead

Head

Remote Access Is Important and Growing

But How Secure Is It?

pg 3

An IDC InfoBrief, sponsored by AkamaiRemote Access and Security: Challenges & Opportunities

© IDC Visit us at IDC.com and follow us on Twitter: @IDC

Q. To the best of your knowledge what percentage of major incidents or breaches were due to the following?

21% 20% 22%22%

20% 20% 17%22%

27% 26% 24%30%

32% 34% 37%26%

From unknown origin

Unauthorized entity gaining access

Authorized contractor or vendor gaining unauthorized accessAuthorized employee gaining unauthorized access Total 11% to 20%

remote employees21% to 40%

remote employeesMore than 40%

remote employees

40%+

N=304 Source: Remote & Secure Access User Requirements Survey, IDC, April, 2017

If more than 40% of breaches come from authorized users accessing unauthorized systems, why assume access can be trusted?

pg 4



Remote Access Employees & 3rd Parties Tomorrow

Increase more than 40%

Increase 21% to 40%

Increase 11% to 20%

Increase 1% to 10%

Stay flat/ no change

Decrease and Don’t Know


The need for remote access is growing.

76% expect to increase

remote access over next two years

6%

19%

12%15%

24%25%

Q. By what percent do you believe that the number of your organization employees and contractors who access applications remotely will increase or decrease in the next 12-24 months?

pg 5



UX

UX

4.1 4.0 3.7 3.8

Provide secure access

Automate previously manual processes

Expand contractor base

Provide simple user experience with a

seamless connection

Q. Please rate the importance of the following when providing remote access to your third-party vendors or contractors.

Scale: 1 - Not very important 5 - Very important


Security and simplifying user experience (UX) are top of mind for thirty-party vendors or contractors.

Important Factors for Providing the Remote Access to Employees

pg 6



81% of respondents feel remote access is important for employees or staff productivity. Remote access security is top of mind for 83%.

Enable working off-site

Improve staff productivity

Provide secure access

Improve customer service

with 3rd party vendors

Reduce operational

costs

83% 78%67%

81%70%


pg 7



Budgets for remote access average 21% of IT spend. However, respondents who’ve experienced the most incidents from unauthorized entities gaining access only spend an average of 16%.

25% 26% 31%

22%

16%

24%

19%

26%

21%

24%

23%

25%

20%

12%12% 13%

15%

37%46%

41% 39% 34%

21%

15%

21%

14%

38% 37%

2% 1% 0% 2% 2% 3% 3%

Total All othersMost from Unknown origin

Most from Unauthorized

entity gaininng access

Most from Authorized

employee gaining unauthorized

access

Don’t know the distribution of

source of breaches

Most from Authorized

contractor or vendor gaining unauthorized

access

Per

cent

age

of IT

Bud

get

Other

Infrastructure

Mobile security

Application security

Remote application access


pg 8



But Remote Access Is Complex and Difficult

Total

500 to 999 employees

1000 to 4,999 employees

5000 + employees

pg 9



Q. How many network and application components (HW and SW) are involved in adding a new external user group in your organization?

0 to 4 5 to 9 10 to 14 15 to 19 20+ Don’t know

5%

34%32% 33%

38% 38%

13%

7%3% 3% 4%7%

14% 15%11%

37%36%

44%

9% 9%7%

0% 0% 0%


50%+ report they use more than 10 network and application components to add a new external user group to an organization.

pg 10



rated it difficult to extremely difficult 83% N=304 Source: Remote & Secure Access User Requirements Survey, IDC, April, 2017

83% rated providing access to third-parties (e.g., contractors or supply chain partners) difficult to extremely difficult.

pg 11



From a technology standpoint...

VPN is the overwhelming choice favored

VPN and Cloud tools are favored most by IT and Line of Business

86%

20% 17% 18%

48%

VPN tools ADC tools Public cloud appplication directory tool

WAF tools Others


However......

..............................

.........

....

pg 12



VPN is also linked to companies that have the highest number of major incidents from authorized and unauthorized employees, contractors and vendors gaining access.

Percentage of Major Incidents on Different Tools to Provide Remote Access

VPN tools OthersADC tools Public cloud appplication directory tools

WAF tools

68%

48%

39%

68%

85%

50%

50%

20%

20%

20%

4% 5%

0% 0%15%

16%

15%

33%

17%

17%

18%

14%

65%

55%

54%

Total Most from Authorized employee gaining unauthorized access

Most from Authorized contractor or vendor gaining unauthorized access

Most from Unauthorized enity gaining access

Most from Unknown origin


pg 13



with Remote AccessSecurity Is the Largest Concern

pg 14



Security breaches

Poor user experience

Dedication of resources

Compliance issues

Complexity of architecture/

integration issues

41%

29% 29%

44%

56%

Challenging Factors When Providing the Remote Access

N = 304 Source: Remote & Secure Access User Requirements Survey, IDC, April, 2017

Question: RANK 1&2 - Please rank the following in terms of how much of a challenge they are when providing remote access.

Security breaches rank highest in challenges faced with remote access.

% Agreed

pg 15



59%

59%

63%

68%

68%

69%

66%

64%

50%

57%

75%

73%

Securing distributed apps is a problem

Securing remote app access is a problem

Company is vulnerable via unauth remote access

Concerns about ability to secure/control 3rd party access

Contractor/3rd party access ontinuously monitored for threat

Malicious activity from 3rd party/contractors in found timely fashion

Malicious activitycan be thwarted in a timely fashion to avoid breach

My organization has a formal program to access third-pary risk

IT monitors remote user activity and reports on which applications are accessed, by whom, for

how long etc.

Vendor/3rd party remote access are monitored fro PCI DSS

Remote application access is extremely complex


Over 50% of respondents agree that all aspects of securing remote access are difficult.

pg 16



Q. My company is vulnerable to an attack through unauthorized remote access. Please indicate your level of agreement with each statement


Strongly disagree Disagree Agree Strongly agree Agree +Strongly agree

Neither agree nor disagree

57%

14%

43%

28%

14%2%

57% feel their company is vulnerable to an unauthorized remote access breach.

pg 17



9.5% estimate frequency

of major incidents or breaches

their organization experiences

is more than 10x a year

46% estimate frequency

of major incidents or breaches

their organization experiences

is a few times a year


pg 18



Most companies estimate major incidents or breaches have happened across all types of remote access (from employees, from third-party vendors and/or from unknown sources).

Q. To the best of your knowledge what percentage of major incidents or breaches were due to the following? (Responses, excluding “Don’t Know/Not Applicable”)

None (0%)

Some (1-50%)

Most (51-500%) Authorized employee gaining

unauthorizedaccess

Unauthorized entity gaining

access

From unknownorigin

Authorized contractor or vendor

gaining unauthorized

access


0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

23% 23% 17% 16%

70%69%

74%73%

7% 3%10% 15%

pg 19



More than ten times per year

A few times per year

Once every few years

Almost never Don’t know

Q. Which of the following best estimates the frequency of major incidents or breaches your entire organization experiences?


10%

46%

4%

22%18%

Most companies report that breaches happen a few times annually.

pg 20



Who’s Got Secure Access?

pg 21



Many organizations are confident they will avoid breaches by being proactive, but…

20%

31%

10%18% 21% 21%

0%

I am confident that all malicious activity (insider or through an external source) associated with remote access of 3rd party vendors and contractors is discovered in a timely fashion

Per

cent

age

of S

trong

ly A

gree

d

Total All othersMost from unknow origin

Most from unauthorized

entity gaininng access

Most from authorized

employee gaining unauthorized

access

Don’t know the distribution of

source of breaches

Most from authorized

contractor or vendor gaining unauthorized

access

None of the organizations who had experienced most incidents from an authorized contractor or vendor gaining unauthorized access believed that they could discover it quickly


pg 22



Amount of Losses or Expectation of Losses due to Unauthorized Access to Remote Applications

$6.5M $6.3M

$4.2M$3.7M

$7.3M $7.5M $8.2M

Average 500-999 employees

5000+ employees

1 to 49 3rd party vendors

50 to 99 3rd party vendors

100+ 3rd party vendors

1000-4,999 employees

Average expected loss is $6.5M with greater loss expected by larger companies ($7.5M) and those with more third-party vendors ($8.2M)


Poor remote access security is costly.

pg 23




Organizations who believe most strongly that malicious activity can be thwarted once discovered experienced the greatest financial loss due to unauthorized access to remote applications.

$7.0M$7.6M

$4.5M

$6.5M$5.6M

$0.0MStrongly disagree

Strongly agree

Neither agree nor disagree

Disagree AgreeTotal

Q. Which of the following best estimates the financial amount your entire organization loses or expects to lose on average due to unauthorized access to remote applications?

pg 24



IT respondents estimate losses to be 74% higher than LOB estimates ($7.5M vs. $4.3M)

$6.5M

$4.3M

$7.5M

Average LOBIT


IT is more pessimistic than LOBs about security losses.

pg 25



Businesses must pivot from the common security mantra of “trust but verify” to “verify and never trust” in the new threat landscape. Traditional access solutions grant users full access to the network once they “verify” through user credentials, but is that the most secure approach? Solutions like VPNs put a hole through your firewall, enabling anyone inside of your perimeter to potentially move laterally across your network.

It’s time for a radically new approach to application access that is simple to use and more secure. Learn more » www.akamai.com/eaa

What’s Needed?

www.akamai.com/eaa

remote access and security - akamai€¦ · an idc infobrief, sponsored by akamai | september 2017...

Documents