Businesses gain better control of cloud and mobile devices
Enterprises around the world are gaining control of previously unmonitored and unsupported cloud applications and mobile devices in their IT environments according to a new report.
The 2019 Trusted Access report from Duo Security looks at more than a million corporate applications and resources that Duo protects. Among the findings are that cloud and mobile use has resulted in 45 percent of requests to access protected apps now coming from outside business walls.
This has led to businesses enforcing security controls that establish user and device trust before granting access to applications, known as zero-trust security. These include strengthening user authentication, requiring screen locks and disc encryption, disallowing devices with out-of-date browsers and operating systems, or blocking anonymous IP addresses.
The findings show that many systems are still out of date, notably Android, with less than 10 percent of devices on the latest patch as of May this year. Out of date browsers are a problem too, with Edge the most frequent offender on 73 percent. Businesses are getting better at addressing vulnerabilities though.
"What is really fascinating is that one of the key findings is how effectively you can manage a vulnerability," says Richard Archdeacon, advisory CISO at Duo Security. "My view is you can manage the threat but you can’t manage the vulnerability. Not so long ago there was a big zero-day released around Chrome and we found an immediate uptake -- around 80 percent -- among organizations implementing a policy around managing the version of chrome. They were managing a vulnerability by making users upgrade."
Also good news is that fewer people are falling for phishing scams. Only 47 percent of campaigns managed to capture at least one set of credentials in 2019, compared to 65 percent in 2017. "There's a lot more education going on about phishing, but we should never get complacent, we only need one phishing scam to work," says Archdeacon. "The results show far more user awareness but phishing should still continue to be a focus in organizations. It's good news but let's continue to work on it."
You can read more of the findings in the full report which is available from the Duo website.