One of the biggest challenges in modern IT security concerns what to do about endpoints. One school of thought suggests that anti-virus software as most organizations know it isn’t all that effective anymore. As such, this camp argues that more of the IT security budget should be shifting back to either defending the perimeter or encrypting data.
At the same time, thanks to the rise of more sophisticated social engineering attacks there’s more malware on endpoints than ever. A very strong case can also be made for proactively remediating vulnerabilities on endpoints as quickly as possible in order to prevent that malware from spreading laterally throughout the organization.
Regardless of where an organization lands on that endpoint security spectrum, one thing that is certain is not enough is being done to proactively manage endpoints. A new survey of more than 500 IT security professionals conducted by Dimensional Research on behalf of Tripwire, a provider of security intelligence software for managing endpoints, finds that only a third (33 percent) have an actual endpoint security strategy in place. For IT services providersm the more interesting news is that just over half (51 percent) are in the process of putting one in place.
Increased demand for endpoint management
Growth in the number of endpoints that need to managed has historically been one of the primary drivers in the adoption of managed services. As more organizations become aware of the security challenges associated with managing those endpoints, the chances they will look for external help from a managed service provider (MSP) only increases. In fact, the Tripwire survey shows that 60 percent of the IT security professionals surveyed said they are not confident all of the devices connected to their networks receive security updates in a timely fashion.
Well over a quarter of the survey respondents also projected that growth in the number of endpoints connected to their networks over the next two years would exceed 25 percent. The challenge most MSPs have today is that the total percentage of IT organizations that rely on MSPs to provide IT services is still a relatively small percentage of the overall IT market. The good news is that the Tripwire survey suggests that opportunities to expand that percentage is about to present itself, thanks mainly to the growth in the number of endpoints attached to those networks.
Choosing a secure approach
The question then becomes does an MSP want to secure those endpoints themselves or opt to resell a managed security service developed by an organization with the deep pockets required to develop and maintain that particular type of service. There is no right or wrong decision in terms of where to find IT security expertise. But not helping a customer better define their approach to IT security is definitely going to end badly for all concerned.
In the meantime, IT service providers would do well to remember that endpoint security technologies will improve. In fact, MSPs can’t afford for IT organizations to become lackadaisical about IT endpoint security management. After all, if an organization’s not too concerned about securing an endpoint, they're probably only a half step away from not caring too much about how consistently that endpoint actually gets managed.
Photo by Matthew Wiebe