JumpCloud Report Highlights Shadow IT and Device Sprawl SME Security Concerns

JumpCloud published the results of its Q3 2024 SME IT Trends report: Detours Ahead: How IT Navigates an Evolving World. This seventh-edition report provides insight into the challenges and opportunities facing IT teams at SMEs, covering topics such as:

  • The growing threat of shadow IT and AI
  • How teams manage complicated devices and IT environments
  • The relationship between IT and MSPs
  • IT professionals’ biggest fears and wants

“IT teams are dealing with many obstacles. They face uncertainty about economic conditions and elections. There are growing security threats, complex tech stacks, and device varieties. Despite this and more, IT admins are resilient and resourceful,” said Greg Keller, co-founder and CTO, JumpCloud. “What’s keeping them up at night is what they can’t see — 84 percent of IT admins worry about shadow IT. To help combat the security holes shadow IT creates, IT needs to deploy tools to help spot rogue apps. This will give IT teams the control and visibility they need to keep organizations safe.”

Among the findings are:

  • Shadow IT creating security holes, with 84 percent of SMEs concerned about applications managed outside of IT, and 35 percent reporting they are “very” concerned. When asked what has prevented them from addressing shadow IT, 36 percent indicated more important priorities, 31 percent said their business users move too fast to keep up, 32 percent lacked the ability to discover the applications used by employees. 29 percent lacked partnership and communication with business partners, and 24 percent do not have a SaaS management or asset management solution to manage shadow IT.
  • SMEs experiencing a steady stream of cyberattacks, with 45 percent victimized in 1H24. Of those, 28 percent experienced two attacks, 17 percent experienced three and five percent suffered three or more. The most common source for cyberattacks was phishing (43 percent), followed by shadow IT (37 percent), stolen or lost credentials (33 percent) and breach of a partner’s organization (30 percent).
  • 49 percent of IT teams say that their organization lacks the resources and staffing to secure the organization against cybersecurity threats.

Additionally, without the ability to centrally manage devices, organizations face security risks. These come from workers’ abysmal security practices or unauthorized devices accessing company resources. Of note:

  • The average device landscape is made up of 24 percent macOS devices, 18 percent Linux devices and 63 percent Windows devices.
  • 84 percent of IT teams prefer a single platform to manage user identity, access and security over many best-in-class point solutions.
  • 45 percent of IT admins require 5-10 tools to manage the worker lifecycle, and 28 percent need 11 applications. Just 26 percent of employees can access all IT resources with just one to two passwords. Nearly 17 percent have to manage 10 or more.

Security continues to be the number one challenge facing IT teams as cyberattacks increase in both frequency and sophistication:

  • 60 percent of SMEs consider security the biggest IT challenge, followed distantly by new service and application rollouts (42 percent), cost of solutions needed to enable remote work (40.8 percent) and device management (39 percent). The four biggest security concerns are network attacks (40 percent), software vulnerability exploits (31 percent), ransomware (31 percent) and shadow IT (29 percent).
  • 50 percent of IT teams report being more concerned about their organization’s security posture than they were six months ago, with 71 percent saying any cuts to their security budget would increase organizational risk.
  • 95 percent of respondents use passwords to secure at least some IT resources.

While MSPs are seen as delivering better security, productivity, and cost-savings, there are also signs that SMEs are starting to expect more from their MSP partners:

  • 76 percent of SMEs rely on an MSP for at least some functions, with 67 percent planning to increase MSP investment in the next 12 months.
  • 56 percent said MSPs led to better security, while 57 percent said MSPs increased their effectiveness at managing IT and 37 percent said they saved money for their organization.
  • For the 24 percent who don’t use an MSP, 47 percent prefer to handle IT themselves, while 39 percent said MSPs are too expensive.

To be successful, MSPs should keep an eye on security, costs, scale, and customer experience. For all SMEs, including those that use MSPs, 39 percent have concerns about how MSPs manage security. SMEs largely stopped working with an MSP due to cost (28 percent), outgrowing MSP service offerings (26 percent), moving IT internal (24 percent) or bad customer service / sales team experience (23 percent).

JumpCloud surveyed 612 IT decision-makers in the U.K. and U.S., including managers, directors, VPs and execs. Each survey respondent represented an organization with 2,500 or fewer employees across a variety of industries. The online survey was conducted by Propeller Insights, from June 4-7, 2024.

The Q3 2024 SME IT Trends Report can be found here.