What IT Pros Are Feeling, Doing and May Be Overlooking in the Post-Pandemic Environment
The pandemic has made for an unexpected, unprecedented and unusual year and a half.
During this time, IT teams quickly emerged as unsung heroes who kept their businesses running as millions of employees struggled to work from home. From ensuring reliable remote access to countering the latest cyberthreats, IT teams solved challenge after challenge in this effort.
To ensure their hard-earned insights are not forgotten, we surveyed 210 IT pros to get their thoughts and to learn about their experiences.
Results of the survey sent a clear message: in the wake of the pandemic, organizations are asking more from their IT teams, especially given the continued surge in cyberattacks.
While roughly 90% of survey respondents said that they felt mostly or somewhat prepared for the pandemic, many indicated that they are still on the hunt for additional resources – whether those added resources are people, processes, solutions or budget. The survey also suggests that IT pros are moving quickly to make meaning from their organizations’ requests for more and to rapidly apply the lessons that they have learned during the environment COVID-19 created.
Here are three of the top-line insights that came from this IT pro survey feedback.
Most Organizations Need to Dedicate More Time and Attention to Incident Response Plans
More than half (55%) of the IT pros surveyed chalked up their pandemic preparedness to having established “better processes.” Yet less than a fourth (22%) of the survey group said that they are currently evaluating their organizations’ incident response (IR) plans.
This suggests that IT pros may feel comfortable with their current plans or are focused on other priorities. But the bottom line is that executing a well thought out IR plan can determine whether a cyberattack causes a minor nuisance or erupts into a major disaster. Businesses need to understand this and use this time to update, strengthen or create IR plans because of the very real threat that ransomware poses for critical infrastructure, data and business processes.
Getting started is often the hardest part, so we’ve written a Six-Step Guide to Incident Response to help with this effort.
However, businesses must also recognize that effectively carrying out IR plans requires a security operations center (SOC) staffed by experts 24/7. Building and staffing in-house SOCs is a daunting task that requires a lot of know-how, resources and funding. That’s why businesses should also look at partnering with a managed detection and response (MDR) service provider.
Businesses Should Avoid Piling on Additional Point Solutions, Which Only Adds Complexity
In their attempts to alleviate the burden of managing and monitoring their data, more than a third (38%) of IT pros surveyed indicated that they intend to purchase more point solutions. While point solutions may help ease some of the short-term pain from which organizations and their IT teams suffer today, the treatment in this case may be worse than the malady.
It doesn’t take long before the volume of point solutions creates greater operational complexity. That complexity, in turn, results in an even greater strain on IT and cybersecurity resources.
The survey results also indicate that more than half (54%) of IT pros added more analytics and data capabilities to their security stacks. Data, analytics and stopgap options can be a lifesaver. But organizations and their IT teams need to understand that more is not always better. Again, simply adding more point solutions – regardless of their value – can quickly increase complexity, harming rather than enabling business progress.
That’s why many companies today are looking to a secure access service edge (SASE) to abstract the complexity from their tech stacks. SASE can enable an organization to understand what is connected to the network and why. It can then secure users no matter where they are, delivering direct, fast and reliable connections to the cloud and internet.
Not all SASE solutions are created equal however, with some being fully integrated and others cobbled together from multiple point solutions. Gartner notes in its recent Best Security Practices for SD-WAN report that “using a single vendor with a fully integrated SASE solution offers operational advantage, while a best-of-breed provider requires more time and skills to integrate and manage.”
Many IT Pros Are Looking to the Power of ZTNA to Address Their Key Security Concerns
When asked about their top security concerns, about 40% of IT pros said keeping infrastructure up to date, so it’s no surprise that 44% of respondents intend to implement ZTNA over the next 12 to 24 months, while another 30% are still evaluating it.
Many organizations turned to VPNs amid the pandemic. They had no choice but to use VPNs given the limited timeframes in which IT needed to get remote users securely online. But VPNs may have created as many problems as they solved. The Colonial Pipeline ransomware attack was linked to a single VPN login, which was unused but still active. As one report noted, VPNs “are often cumbersome and difficult to manage.” And Forrester Senior Research Analyst David Holmes blogged this year, “acquiring more VPN licenses during the COVID-19 lockdown was just a stopgap measure to keep people working. Now, they’re looking for a ZTNA solution.”
ZTNA has built-in smarts and the ability to tune user access based on location, user type, time of day, and other parameters. The cloud-based agility, performance, resilience, and scalability; granular policy controls; and simplicity that ZTNA delivers as part of a tightly integrated SASE platform is the ideal match for the post-pandemic environment, in which most enterprise applications are in the cloud, users are everywhere, and ransomware continues to surge.
About the Survey
We specifically targeted IT professionals and our 210 respondents ranged from C-level executives to administrators, with the majority (25%) being managers. 34% of respondent have key roles in making important IT and security-related decisions for their companies.
Respondents’ companies ranged from five person startups to Fortune 100 behemoths with 250,000 or more employees. The majority (38%) of the companies have more than 5,000 employees. Annual revenues for these companies similarly varied, from under $1 million to in excess of $250 billion, with 23 generating revenues of $1 billion or more.
The top industries represented in the survey are manufacturing (16%), healthcare (13%), government (10.25%), financial services (10%) and retail/distribution (9%).
18% of respondents reported that their companies experienced one or more successful breaches during the pandemic while 36% faced an increase in the number of cyberattacks.