Once upon a time, conducting a device inventory was as simple as walking through the office and ticking off the number of computers you had. Nowadays, that sounds like a fairy tale.
Today, that same inventory requires tracking down each device used to access your company’s systems or information by every single employee. It’s no longer a carefree magical journey — it’s a scavenger hunt.
That’s because a typical employee uses more than 4 devices each week.
The takeaway? Device inventories are harder than ever, and that complexity isn’t going away. It’s one of the biggest roadblocks facing asset visibility and security today.
How’d we end up with so many devices?
In 2010, the average person had 1.84 connected devices. In 2020, that number has nearly quadrupled to 6.58. (That’s not even counting the impact of Internet of Things, or IoT, devices, which we’ll cover in a future post.)
The reason for this trend is pretty straightforward: technology is more available than ever. It’s affordable to own so many devices, or to offer multiple work devices to employees.
It’s also about convenience. While it might be more secure — or even company policy — to only use a work laptop, it’s convenient to connect a home computer or a phone to get work done more quickly, in more places. And though it shouldn’t, convenience often trumps security.
That goes hand in hand with another key device trend: BYOD, or bring your own devices. The trend is nothing new, but it also has yet to be fully solved, particularly as the proliferation of devices continues. Companies often struggle to enforce BYOD rules or verify that they’re being followed.
What are the implications of these trends?
IT complexity has exploded, and with it, the number of devices used by an average employee. One user might use a personal phone, work phone, tablet, laptop and desktop computer within a week to do work. There are more assets, more types of assets, and more employee-owned assets than ever before.
And IT security teams must inventory and secure every single one of them.
Slower device inventories
All of these challenges combine into one unsurprising but uncomfortable fact. Getting a device and asset inventory — one of the most basic processes in IT and security — is cumbersome, cost-prohibitive, and incredibly time-consuming. They often require multiple weeks of manpower and significant manual labor.
Even worse, device inventories go out of date so frequently that some IT security teams find themselves in a constant state of device inventory rather than device protection.
Less visibility
One of the biggest implications of a rising number of devices is a correlated falling level of visibility, and device inventories are more likely to miss hidden assets. In fact, our recent visibility report found that organizations believe they may be blind to 40% of all problematic devices.
According to our report, nearly two thirds of companies that prohibit BYOD believe their employees may be violating those policies. Even when you try to keep devices out, they find their way in. This creates an enormous security risk, because an unknown device is an unsecure device.
More security tools
At the same time, the more devices you have, the more tools you need to track and secure them. Even the difference between an iPhone and a Samsung requires specialized programs to protect those distinct types of asset, and each new device or device type adds strain to IT security teams.
Moreover, IT teams can’t always rely on tried-and-trusted tools when it comes to mobile or personal devices. Those devices may be used on public WiFi or left lying around, unlike desktop computers. As a result, enterprises purchase and implement additional security and management solutions to control all of these scattered devices.
How can we address these challenges?
In a nutshell: as devices abound, so do the tools required to secure those devices. But device inventories are no longer able to easily identify network devices, so the best security practices often fall short.
That’s particularly true when combined with the visibility challenges highlighted above, because IT security teams have to track down hidden devices or create contingency plans for those gaps. It’s a vicious cycle that feeds into the rise of siloed information during a device inventory.
Many security teams struggle to keep up. It’s a choice between having a million tools to manage that can cover every gap, and having a few tools that do a pretty good job. Security is often compromised as a result: insights from last year’s RSA Conference, for instance, show that many companies fall short of best practices when it comes to mobile security.