Cybersecurity - Block 64

The state of Security, ITAM, SAM and Copilot Readiness in 2024

Block 64 — Thu, 16 May 2024 09:18:32 +0000

We think there’s a dire need for more clarity in our industry. Too many IT leaders simply don’t know what’s going on in their environment. Whether it’s outdated ITAM practices or inadequate security coverage, this lack of vision is creating risk. It’s also costing the business and slowing the journey to next-generation solutions such as Copilot for Microsoft 365.

This isn’t just our opinion. We have the research to prove it.

Introducing Block 64’s Benchmarks for CIOs reports

For 12 years, we’ve used data to improve ITAM, security and modern IT outcomes for our customers. Recently, we decided to run an experiment. In April of 2024, we assembled all the data gathered in the previous four weeks from 351 North American businesses. This anonymized data set provides a solid sample of today’s technological landscape. It includes granular details and usage metrics from 250,165 end points.

In brief, this research serves as a wake-up call. It confirms our suspicions that most IT organizations need to close gaps across security, ITAM, SAM and modern workplace. Doing so won’t just prevent catastrophe. It will unleash the full potential of their business and people.

We’ve organized our findings into four sections below, starting with the most sobering: security.

Security: Most Businesses Are Critically Exposed

Although IT leaders in 2024 might say they take security seriously, our data paints a different picture. From widespread critical vulnerabilities to outdated operational software, businesses are dangerously close to suffering a major, disruptive hack. Here’s why:

1 in 4 endpoints are exposed to critical vulnerabilities: Our analysis reveals a disturbing fact: approximately 1 in 4 endpoints operate with a vulnerability score above 9 out of 10 on the Common Vulnerability Scoring System (CVSS). To clarify, a CVSS grade of 9 or above indicates critical urgency for remediation due to the potential for exploitable weaknesses. Our benchmarks show that 22% of endpoints have at least one such vulnerability. Worse, this issue affects 74% of all businesses surveyed.
Half of critical Windows and SQL server installs are unsupported: The study revealed that half of IT servers are running unsupported mission-critical software like SQL and Windows Server. By the numbers, we found 48% of organizations running unsupported SQL and 58% running unsupported Windows Server versions. On an end point basis, 22% of SQL server installs, and 19% of all Windows Server installs are unsupported. Running these outdated products significantly increases the risk of security vulnerabilities and compliance issues, potentially leading to data breaches and operational disruptions.
57% of businesses have antivirus gaps: While only 1.25% of endpoints are missing antivirus software, the ramifications are disproportionate. This ostensibly small figure represents a significant security gamble, as it only takes a single compromised device to become a gateway for malicious actors. When you consider this from an organizational perspective, 57% of businesses have had least one endpoint that is unprotected by antivirus solutions, underlining a widespread security oversight across North America.

ITAM: IT Leaders Are Overpaying for Compute & Ignoring End User Needs

In today’s hybrid landscape, your productivity relies on having high-performance, low-maintenance work devices. As economic conditions demand smarter spending, there’s no excuse for unnecessary infrastructure costs. Yet, our data shows failing grades on both fronts. Employees are straddled with devices that are unfit for modern needs. Meanwhile, IT is significantly over-spending on compute, along with all the operational expenses that come with it.

44% devices are out of warranty: Our data depicts an IT landscape where 44% of endpoints are used beyond warranty. This suggests a widespread deficiency in lifecycle management. Indeed, 100% of all business surveyed was running at least one such out-of-warranty device. Such a scenario sets the stage for potential disruptions that proactive hardware refresh plans could avert.
9 in 10 servers use less than 25% of available resources: The Benchmarks data also revealed a pattern of underutilization, with 92% of all servers using less than a quarter of capacity for CPU or RAM. From an organizational perspective, 62% of North American businesses had at least one server that was severely underutilizing resources. This indicates an overprovisioning issue and hints at potential savings if IT environments were right-sized. These findings reveal an opportunity to explore cloud, virtualization, or hybrid solutions to increase efficiency and reduce costs related to power, cooling, and unused space.

SAM: Subscription Shifts Pose Challenges

There’s always a lot of disruption in the software asset management (SAM) world. Major publishers frequently make big changes to pricing and licensing models. Just how much these changes will cost your business, and what you should do about it, isn’t always so clear.

Our Benchmarks report underlines the need for businesses to get on top of two major recent licensing adjustments from VMware and Oracle. Here’s why:

VMware’s new licensing will have wide-spread impact: Shortly before Broadcom finalized its acquisition of VMware, VMware announced it would end perpetual licensing. This change took effect in December 2023. Now, VMware products are available exclusively through a subscription model. Analysts say this shift could potentially double the costs for businesses compared to previous licensing agreements. According to our data, more than 80% of virtual endpoints are running on VMware. Fifty percent of all customers (or, 177 total) are running VMware as their primary virtual technology. Especially for those businesses, it’s time to understand exposure to price increases – and build an optimized plan forward.

Related: Read our guide to VMware licensing changes.

63% of businesses face Java licensing risk: Oracle’s Java licensing saw a significant shift in January 2023, moving from a processor-based to a per-employee licensing model for Java Standard Edition (SE). Companies, especially those with extensive employee bases but minimal Java utilization per employee, could see their expenses surge, potentially by up to 90%.Our research shows that 63% of customers reviewed had a commercial version of Java installed. Add to that Gartner’s estimate that 1 in 5 organizations will face down an Oracle audit by 2026 and the call to action is clear. Businesses must clarify their current Java position and make plans to avoid unnecessary risk.

Generative AI: Get Ready for Copilot Before You Dive In

The excitement around Copilot for Microsoft 365 isn’t just hype. Business leaders see these tools as a chance to bolster productivity and stay competitive. But that doesn’t mean all organizations are ready to dive in and start experimenting today. Our research reveals businesses have to focus first on clarifying their licensing position, crafting clear use cases and standardizing usage of Microsoft 365 tools. Here’s why:

Most Microsoft 365 users aren’t using everything they own: Microsoft 365’s penetration is extensive, yet usage rates for the suite are potentially too low, with less than 30% of users leveraging the full suite of tools. For example, of the 238,224 Microsoft 365 users we surveyed, 41% were not using Teams and 29% were not using Outlook. This underutilization signals a potential challenge for integrating new solutions like Copilot —especially if investing in such premium add-ons doesn’t translate to actual usage. As we have been saying, encouraging widespread engagement with existing M365 applications is crucial to capitalize on investments in emerging technologies effectively.

Related: Read our guide to getting ready for M365 Copilot adoption, or take a look at our free Copilot readiness assessment.

Most businesses still have on-premise Office: On the same topic, 68.4% of businesses persist with on-prem Office installations, suggesting a possible dint to efficiency and flexibility. Moving to cloud services like Microsoft 365 could offer significant cost savings and productivity enhancements, especially as on-prem versions age and miss out on the latest features.

Where do CIOs go from here?

These Benchmarks for CIOs offer a sobering overview of the IT status quo, emphasizing the urgency for strategic action in a number of areas. From security, to ITAM, SAM and modern workplace, there is plenty of work to do. Today.

We see a precarious security landscape with one in four endpoints presenting critical vulnerabilities. Significant underutilization of hardware is evident, with 92% of servers operating at less than 25% of their total capacities. The transition to subscription-based software also presents hurdles, as 63% of businesses are entangled in Java licenses that could lead to severe financial penalties. Finally, readiness for generative AI technologies, such as Copilot for Microsoft 365, might be lacking. Only 30% of businesses using Microsoft 365 are maximizing the platform’s capabilities, signaling a need for further adaptation and integration efforts to leverage these advanced tools effectively.

Here’s the good news: Fixing all these issues starts simply by gaining a clear picture – and custom, actionable insights for what is at risk and what you should do. And that’s exactly what the Block 64 Insights & Analytics platform offers you and your technology partner. To find out more and request a free trial, please visit Block64.com.

Subscribe to our newsletter on LinkedIn

Thought this was interesting? There’s plenty more research, news and advice for IT professionals on our LinkedIn newsletter. Sign up today.

Subscribe on LinkedIn

The post The state of Security, ITAM, SAM and Copilot Readiness in 2024 first appeared on Block 64.

New Assessment: Copilot for Microsoft 365 Adoption

Phil Carson — Wed, 06 Mar 2024 22:10:42 +0000

Block 64 has released a powerful new assessment to help navigate the path to Copilot for Microsoft 365.

Businesses worldwide are keen to find out more about Microsoft’s most-hyped product on the market – Copilot for Microsoft 365. And now that Microsoft has made significant changes to its Copilot licensing (read more), the door is wide open for organizations of all sizes to explore this exciting new product suite.

But on an individual customer basis, there are plenty of questions that need answering before taking the leap forward. Do you have the right licensing position? How will you keep your data and users secure? Will people actually use it?!

For IT solutions providers, if you can answer these questions, you can win your customer’s trust and ensure Copilot adoption is a success.

Introducing the Block 64 Copilot for Microsoft 365 Readiness Assessment

That’s why we created Block 64’s Copilot for Microsoft 365 Readiness Assessment. It delivers the insights and guidance needed to navigate this transformative journey with confidence.

By combining our effortless IT inventory and usage metrics with insights and automated analysis, the Assessment provides clear answers across three core considerations: security, licensing and standardization.

With those insights, partners are able to elevate conversations with customers, and provide relevant, actionable advice and catered solutions to move the needle.

The 3 Pillars of Copilot for Microsoft 365 Readiness:

Our assessment analyzes Copilot readiness across three key pillars of security, licensing and optimization. Here’s why those are important to Copilot success.

Zero Trust Security Compliance: Microsoft 365 Copilot operates within a Zero Trust security model, emphasizing the need for rigorous security policies and standards. Our assessment delves deep into your IT environment to evaluate your alignment with this model, ensuring that your data, networks, and applications are fully secure and compliant. By identifying potential vulnerabilities and offering specific recommendations, we empower you to establish a fortified foundation essential for a successful Copilot implementation.
Clear Licensing Position and Cost Analysis: Understanding your current licensing position is critical to ensuring that your investment in Microsoft 365 Copilot aligns with your organizational goals. Our assessment provides a detailed analysis of your licensing status, identifying any gaps or opportunities for optimization. This analysis includes a breakdown of Copilot-compatible licenses, enabling you to make informed decisions that maximize your return on investment.
Maximizing Microsoft 365 Adoption: Full adoption of Microsoft 365 is crucial not just for creating a comprehensive dataset for Copilot to utilize but also for ensuring that you are investing in tools that your users actively use. Our assessment evaluates the extent of Microsoft 365 usage within your organization, identifying areas where adoption can be improved. For example, we analyze OneDrive and Teams usage to ensure that if you invest in Copilot licenses, they will be utilized to their fullest potential, thereby avoiding the pitfall of paying for unused services.

The Block 64 Assessment Process: Insights and Value Delivered

Our assessment process is designed to offer actionable insights an organization’s readiness for Copilot for Microsoft 365. Here’s a closer look at the steps and tools involved to make that happen:

Agentless Discovery Application: Our agentless discovery tool serves as the cornerstone of our assessment, providing a real-time inventory of your IT environment. This includes detailed insights into software installations, application-level vulnerabilities, and compliance with security standards.
Debrief Meeting and Recommendations: Following the discovery phase, our analysts conduct a debrief meeting to walk you through our findings. This session is instrumental in understanding the implications of our analysis and the steps needed to enhance your readiness for Copilot.
Customized Deliverables: The assessment culminates in a set of customized deliverables that include visualizations and recommendations tailored to your specific needs. For instance, we provide visualizations focusing on productivity applications’ security, highlighting any legacy installs that might compromise Copilot compatibility. We also offer guidance on active directory security, helping to identify and rectify potentially unsafe accounts in alignment with the Zero Trust framework.
Trial Offer and Engagement Process: To demonstrate our commitment to your success, we offer a free trial of our assessment when delivered with your strategic solutions provider, VAR or MSP. This trial includes a comprehensive engagement with our team, who will conduct the assessment and provide consulting services on your behalf, acting as an extension of your team.

By integrating these insights and leveraging Block 64’s expertise, organizations can navigate the complexities of adopting Microsoft 365 Copilot with confidence. Want to get started or learn more? Please visit our Copilot assessment page to explore.

The post New Assessment: Copilot for Microsoft 365 Adoption first appeared on Block 64.

Why good SAM is your first step to Zero Trust security

Phil Carson — Sun, 01 Oct 2023 18:29:08 +0000

Zero Trust has established itself as the gold standard for an organization to implement robust security. Often listed as a CISO’s number one priority, the “never trust, always verify” mantra places organizations well ahead of peers and bad actors.

But there’s a piece of the zero trust puzzle that often gets overlooked – an unspoken, “secret ingredient.” Without it, no ZT strategy has any real chance of success.

We are talking about modern software asset management (SAM) practices – and all the work that goes into making it happen.

The good news is that when done right, good SAM doesn’t just lead to stronger security. It unlocks numerous other benefits, such as cutting out wasted spending, and speeding the path to the cloud and beyond.

So, let’s take a closer look at zero trust, powered by solid SAM practices.

A Quick Recap: What is Zero Trust?

Zero Trust challenges the traditional perimeter-based security approach by assuming all users, devices, and applications are untrusted until proven otherwise. It operates on the principle of “never trust, always verify” and focuses on protecting critical assets through continuous monitoring and strict access controls. Key elements of Zero Trust include:

Identity and Access Management (IAM): IAM is at the core of ZT, ensuring that user identities are properly verified and authenticated before granting access to resources. It emphasizes the principle of least privilege, granting users only the necessary access privileges based on their roles and responsibilities.
Network Segmentation: Network segmentation divides the network into distinct zones, limiting lateral movement and minimizing the potential impact of a security breach. By separating critical assets into isolated segments, organizations can contain and mitigate security incidents effectively.
Microsegmentation: Microsegmentation takes network segmentation to a granular level, enabling organizations to establish fine-grained security controls at the application or workload level. It provides enhanced visibility and control over traffic flows within the network, reducing the attack surface and minimizing the risk of lateral movement.
Continuous Monitoring: Continuous monitoring involves real-time assessment and analysis of network activities, user behaviors, and system vulnerabilities. It enables swift detection and response to potential security threats, ensuring proactive mitigation measures are implemented.

The Intersection of SAM and Zero Trust:

With Zero Trust defined, let’s see how good Software Asset Management practices play a crucial role at every step.

Identity and Access Management: SAM provides organizations with a comprehensive view of software assets and their associated licenses. This information enables accurate user provisioning and access management, ensuring that only authorized individuals have access to the necessary software resources.
Network Segmentation and Microsegmentation: By maintaining an accurate inventory of software assets and their dependencies, SAM facilitates effective network segmentation and microsegmentation. It ensures that critical applications and workloads are identified, properly categorized, and isolated within their respective segments, reducing the attack surface and enhancing security.
Vulnerability Management: SAM supports continuous monitoring by providing insights into the software versions deployed across the organization. It enables proactive identification of outdated or unpatched software, allowing IT teams to prioritize vulnerability remediation efforts and reduce the risk of exploitation by malicious actors.
Compliance and Audit Readiness: SAM aids in compliance with licensing agreements and regulatory requirements, ensuring that software usage aligns with established policies. By maintaining a clear audit trail of software assets and licenses, organizations can demonstrate compliance during security audits, minimizing the risk of non-compliance penalties.

The power of SAM-supported Zero Trust:

Implementing effective Software Asset Management practices sets the stage for a robust Zero Trust security strategy. In fact, you can’t have one without the other. SAM provides the foundation your organization will need to properly implement ZT.

By implementing effective SAM practices, organizations can align their software assets with the principles of ZT, enhancing identity-centric security, micro-segmentation, continuous monitoring, least privilege access, and encryption.

The benefits don’t stop at security. With more insights, comes better decision making – and budgeting. A solid SAM foundation with also help identify and eliminate under-utilized or unnecessary software licenses.

Conclusion:

It’s time to stop talking about security without first talking about software asset management.

It’s time to stop talking about security without first talking about software asset management.

Not only is SAM essential to delivering on Zero Trust principles – without it, businesses are putting their operations at risk.

How can you direct a SAM-driven security strategy?

For IT solutions providers, and their customers, it starts with gaining a clear view of the entire infrastructure – and matching those insights with actionable advice and guidance. That’s where a company like Block 64 comes in.

We offer IT service providers and businesses the tools they need to modernize security, with our comprehensive discovery, reporting and analytics tools.

Want to learn more? Get in touch today to see how our solutions can help your business speed up decision making, modernize ITAM and strengthen security.

The post Why good SAM is your first step to Zero Trust security first appeared on Block 64.