This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

2024 SME IT Trends!

urvashi
Community Manager Community Manager
Community Manager

‎04-01-2024 10:18 AM - edited ‎04-01-2024 11:23 AM

This is an edited transcript of the 03.01.24 IT Hour 

Overview 

  • Becky Scott, Head of Community, and Tom Bridge, Director of Product Management talk about SME IT Trends for 2024
  • Tom also briefly covers some product updates and answers a few questions about them
  • For more information on SME IT trends you can read our blog post or download the e-book

Transcript 

Product Updates from Tom Bridge

  1. Android Better Together Enterprise - Enterprise is Google’s initiative for managing Android devices using your Google Identity. That google identity can of course be powered by JumpCloud so “better together”. Enterprise makes it easier for your people to set up new device managers for Android devices using your domain, so we’ve put that together. Dedicated devices and kiosk mode devices are managed by JumpCloud today got a major increase in functionality starting with some kiosk mode policies. If you’ve got mobile devices that may be fixed at the front desk or powering conference rooms and things like that we’ve got a lot of great stuff coming. 
  2. Private Repository for Application Management - This is now Generally Available so if you have applications that are unique to your environment that you want to deploy to your devices that don’t have a public URL you can use the JumpCloud Private Repo. You can upload and deploy signed distribution style packages for Mac or MSI Installers for Windows. Right now we’re giving every customer who has Device Management 10 GB for the private repo. 
  3. Password Manager Archiving - Instead of deleting individual passwords from your environment you can archive those. If you delete a password is now actually goes into the archive for a little while in case it was accidental or you might need those credentials back in the future. This is available for you to give it a look.  
  4. Sync Improvements - You will see faster syncs between individual devices in the cloud. Faster and more complete syncs with a better accuracy rate. 

Product Update Q&A

Q: I’m still waiting to be able to push a specific URL for download location to pull from our on-prem servers

A: Being a cloud based management solution we can’t validate things that are internal. We’re not going to try and deploy things that we can’t at least take a quick look at to make sure they’re properly formatted so that we’re sure they’ll work with the JumpCloud Agent. We are looking at other options in terms of developing peer to peer solutions for this but it’s not a part of our mandate for this year. 

Q: With private repo, what is the recommendation for transitioning apps from self hosted to JumpCloud hosted?

A: If you have an application that you’ve already used an external URL for you can create a new application that you upload directly to JumpCloud. You then remove the previous application that will not remove it from your devices, then you add the new application and deploy that out to your fleet. 

Q: How does this feature handle application updates? What happens when a new MSI version is uploaded?

A: We are currently not allowing new versions to be uploaded. We will have a solution for that later this year. So it would be an additional application that would be deployed. We have thought about that use case and we’ve got some things that are coming in the future. 

SME IT Trends 

Tom: We did a survey of IT Admins from all over the industry, mostly focused across the US, the UK, and India. It was mostly focused across the small to medium enterprise space which is up to one thousand people in the organization. Here are some of the key insights:

  • A lot of optimism about AI but tempered by the unknown 
  • Security remains paramount as sophistication grown 
  • Heterogeneous environments for devices are the norm  
  • Modern IAM continues to be complex and burdensome 
  • Managed Service Providers continue to be integral 
  • Economic conditions, regulations, and security threats make life uncertain 

Artificial intelligence for IT 

  • About three-quarters (76%) of IT professionals agree their organization should be investing in AI, and only 13% of organizations do not currently have any plans to implement AI initiatives.
  • Close to 80% suggest that the organization they work for today should be investing in some form of artificial intelligence. 

This means that folks are largely interested in what these kinds of technologies can bring to bear for their environment. They’re experimenting. Looking at this environment is important but there’s a lot of concern in terms of AI outpacing the organization’s ability to protect against threats. 

  • The majority of respondents (62%) said that AI is outpacing their organization’s ability to protect against threats. 

Best Practices

  1. Customize AI Solutions - Train AI models on small sets of organization specific data to accurately recognize normal behaviors and anomalies. Any sufficiently advanced device management functionality can be indistinguishable from an attacker in some cases. So these AI/ML solutions that are focused on this environment have to be carefully handled. 
  2. Prioritize Data Privacy and Governance - Implements anonymization, ensuring secure data access protocols considering local data processing to minimize risk. 
  3. Foster Ethical AI Usage - Train the benefits and risks associated with AI driven identity management, promoting an ethical AI usage culture

Ethical Sourcing for Large Language Models (LLM)

Make sure that you are using models that have been trained across appropriately diverse data. Most LLMs we see today are focused on trained corpuses that may or may not have been ethically sourced. So you need to make sure you’re having these conversations with your vendors and internal stakeholders to make sure you’re getting the best results. 

Becky: I like that you said ‘diverse’. There are a lot of training models that are very biased and I think not enough people focus on making sure that they’re not introducing biases into the way they train or even do prompts. 

Tom: Agreed. Making sure that you’re considering the data this model has been trained on, if it was appropriately licensed, trained by diverse sources. It’s really important to make sure you’ve got some balance against the inherent bias of the people who are making the software initially. Have a conversation with the vendor to make sure they’re aware of your needs for a diverse model that’s been trained on appropriate data. Because if you train it on the wrong data you’re going to get the wrong result. 

Becky: Ask them how many diverse people contributed to the code. Did they have enough genders, ages, races and experiences giving those inputs. Because that’s where those biases get introduced. 

State of SME Security 

Key Insights: 

  • More than 50% of respondents said that they agree/strongly agree that they are more concerned with security now than they were in the late summer - which shows the importance of secure posture to an organizational leader. 
  • More than half of the respondents said that their IT budgets are currently growing and they expect them to grow for the rest of the year and the next
  • Password management, MFA, and SSO are continuing to rise 
  • Adoption of biometrics are getting a boost 
    • There’s a broad range of acceptable types of MFA. 33% said biometrics are the most secure MFA. In addition, verification apps like Norton VIP or JumpCloud Protect or the Octave Verify application are considered to be the most secure. Followed by One Time Passcodes texted to a mobile device. 
    • ⅔ of respondents said that their organization requires the use of biometrics for employee authentication which is 10% over the last version of this survey. 
    • This shows a lot of trust associated with biometrics because those biometrics are kept on the device. They’re securely stored in the secure enclave or secure element of the device or the TPM and can’t leave the device. 

Top Concerns:

  1. Network Attacks  
  2. Software Vulnerability Exploits
  3. Ransomware
  4. Use of the same password across different applications
  5. Stolen user credentials
  6. Shared user credentials 
  7. Misuse of a privileged account
  8. Use of unsecured networks 
  9. MFA Fatigue 
  10. Use of Unsecured Networks
  11. Spear Phishing 
  12. Shared Devices among non employees
  13. Overly permissive privileges 

Best Practices 

  1. Evaluate your IT Environment - What is the primary, secondary, and subsequent ripple effects
  2. Identify Inefficiencies - The burden on admins continues to increase especially when 10% require 9+ tools to do their job. Tool Sprawl is growing  
  3. Automation - AI can help but it’s automation that will give you more time back with faster implementations. 

Heterogeneity of Devices 

OS usage

  • Windows - 60% current usage 
    • 40% expect increase in usage
    • < 20% expect decrease in usage 
  • Mac - 22% current usage
    • > 40% expect increase in usage
    • <10% expect decrease in usage
  • Linux - 18% current usage 
    • > 30% expect increase in usage
    • 15% expect decrease in usage
  • Just under 20% don’t expect any changes in usage
  • Mac and Linux are on the rise and taking market share away from Windows.
  • Mac shows the most promising growth with over 40% expecting an increase in usage and less than 10% expecting a decrease. 

Best Practices 

  1. Determine what devices allow you to scale - Brand out beyond the standard. Can you leverage more Linux and mobile devices?
  2. Prioritize flexibility and simplicity - Look at the hidden cost of getting users up and running with device choice 
  3. A Unified Endpoint Manager (UEM) is your friend - Leverage a device management solution that allows you to change faster than the device market 
  4. You need a mobile strategy - Everyone wants back pocket access but security and management are top of mind. 

Going Passwordless 

Q: On average how many  different passwords do your employers have to log into their resources?

  • 1-2 Passwords - 25%
  • 3-5 Passwords - 38.7%
  • 6-9 Passwords - 21.8%
  • 10-15 Passwords - 11% 
  • 16+ Passwords - 3.5%

Does your organization use an organization wide password management tool or software?

  • Yes - 80%
  • No - 20%

Best Practices 

  1. Reduce, don’t Reuse - Centralize identities to centralize passwords 
  2. Make it SSO Easy - Adding SSO reduces management and user created identities 
  3. Go Passwordless with JumpCloud Go - Make critical resources logins phishing-proof

Best of the Best Practices

  1. Customize and Anonymize Ethical AI adoption 
  2. Prioritize flexibility and simplicity 
  3. Develop a mobile strategy with a UEM
  4. Automate all the things, capture inefficiencies
  5. Go Passwordless with JumpCloud Go

 

0 Kudos
Version history
Last update:
‎04-01-2024 11:23 AM
Updated by:
Community Manager Community Manager