In the next year, IT departments expect to focus their security budget on end-user tools and training, multifactor authentication, and building a zero trust architecture. Less than a third expect to spend big on cloud security tools, identity and access management (IAM), and privileged access management (PAM), however, despite the growing importance of those technologies.
The results come from Dark Reading's "2022 Endpoint Security Survey," which polled 190 cybersecurity and IT professionals on how pandemic-related changes have affected their endpoint security strategies.
The top priorities make a lot of sense. Technology companies such as Google and Microsoft have been pushing for multifactor authentication as a more secure and convenient way to log in, and zero trust was cited by US President Biden himself in the Executive Order issued May 2021. And considering how often end users are finessed into actions that result in a security breach, security awareness training addresses an obvious need. But the bottom of the priority list contains some surprises.
For example, privileged access management is at the bottom of the list of spending priorities, with only 26% of respondents saying they planned to prioritize spending on PAM this year. That is a stark contrast to the 43% of respondents who say they have deployed privileged access management (PAM) in 2022 to protect network resources against endpoint incursions (up from 37% in 2021). Less than a third of respondents put security controls for cloud services (30%) and IAM (27%) on the priority list.
"Our data also suggests a slight disconnect between what security and IT decisionmakers consider top endpoint priorities and where they are focusing their efforts and dollars," the report reads. "While MFA and zero trust are top priorities, more respondents (53%) identify security tools and applications for laptops and desktops as the primary focus for increased endpoint spending this year, compared with MFA (45%), zero trust (42%), and EDR (39%)."
For more, read the full Dark Reading report on addressing endpoint security threats in a post-pandemic world.