Intermedia’s 2016 IT Confidence Index surveyed 350 US-based IT decision makers (ITDMs) to understand the state of IT and pinpoint the biggest challenges they currently face. The Index asked respondents to rate their level of confidence on a scale of 0 to 10, where zero represents “not confident at all” and 10 represents “extremely confident.” Respondents were grouped based on their scores:
The overall IT Confidence Score generated from the study was a 7.2 out of 10. And when asked about their team’s ability to protect their organization from various IT risks, IT scored their confidence level at a 6.7 out of 10.
For our inaugural Index, we wanted to statistically measure the biggest concerns IT decision makers face across their job functions. This data clearly reveals how concerned IT teams are about their ability to effectively protect their organizations. I believe as cloud adoption increases, confidence will also increase, and it will be interesting to see if that theory bears out in future studies.Jonathan Levine
CTO, Intermedia
The following are some of the key findings (the full report is available for download below).
When asked about their organizations’ ability to prevent, withstand or stop various IT security risks, IT pros gave a Confidence Score of 6.7 – crossing below the minimum confidence threshold. This means that IT pros lack confidence in their ability to protect organizations from the constant barrage of threats they face. Ransomware, botnets and DDoS attacks are among IT pros’ biggest concerns, but security threats as a whole serve as a constant worry.
And IT pros at smaller companies expressed significantly greater uncertainty about their ability to protect their organization than those at larger ones. This, of course, makes sense because smaller companies tend to have smaller IT budgets and teams. These smaller companies make up a large portion of our economy, yet are typically softer targets for breaches that can cause wider scale problems.
Confidence levels in the ability to prevent, withstand or stop various IT security risks, by company size and threat:
But do these concerns correlate to occurrences of security instances within the workplace? 15% of IT professionals indicated that a “significant” security breach occurred within their organization within the past 12 months. Approximately one-fifth reported a security compromise at their company due to a phishing attack.
Each one of these breaches comes with a cost to the company, but the impact can go well beyond the company itself – extending to partners and even consumers. Yet, despite years of rising threats and tech innovation, IT teams still lack confidence in their ability to combat today’s evolving security threats, which means businesses are likely at greater risk than they might think.
As this Index signifies, companies are feeling the fallout of phishing and malware, which can lead to data loss and ransomware attacks (causing businesses to be taken offline for days unless they decide to cough up the ransom.) These continually growing threats have shaken the confidence of IT as they work to keep their organizations’ protected. Education is the first step to combatting cyber threats. Equally important, however, is putting the tools in place to protect company data, including having access to clean versions of infected files in the event of a ransomware attack so businesses can remain up and running as usual.Richard Walters
SVP of Security Products, Intermedia
Security is not purely about technology: user education is also key. Unfortunately, employee education remains subpar, creating even more vulnerabilities across companies.
To better equip employees from falling victim to cyber-attacks, many companies do offer interactive IT security training. It’s the smaller companies, again, that are falling behind.
While the larger companies are doing better at conducting recurring trainings, every 6 months is inadequate. Security training needs to be a frequent practice. Every few months, we send a reminder email tied to timely events – for example, talking about the risks of password reuse when a big data breach is in the news. We also do our Hacktober event throughout the month of October where we simulate security incidents to help employees detect and prevent cyber-attacks in a fun and interactive way. What we’ve found over the years is that the percentage of employees falling victim goes down dramatically with each internal attempt. In addition to educating our employees, these hacks provide valuable and meaningful insight into changes and updates that are necessary in our security practices.Ryan Barrett
VP of Security and Privacy, Intermedia
Offering frequent interactive training might be an achievable goal for larger companies, but we know this could present a challenge to smaller organizations. We see this as a prime opportunity for these smaller companies to engage with outside IT consultants/vendors who offer comprehensive security training programs as part of their professional services portfolio.
Providing cybersecurity training is a fantastic opportunity for partners to deliver an additional value-add to their customers. MSPs should consider partnering with one of the leading phishing services companies to offer interactive security trainings as a service to their customers. It’s something MSPs should be advising their customers on just as anything else.Eric Martorano
SVP of Worldwide Sales, Intermedia
The ability of IT teams to consistently and reliably deliver general IT services to their organization received an IT Confidence Score of 8.2. This category received the highest level of confidence among the areas measured. Despite the challenges IT teams face, this score indicates IT teams are fairly confident in their own abilities. Still, there’s a stark difference in confidence between IT teams at smaller companies and IT teams at medium to large companies:
But how do these variances in confidence equate to their cloud usage? On average, respondents indicated that they are running the majority (56%) of their IT applications in the cloud, with 37% expecting to use more cloud-based applications over the next 6 months. As a company's size increased, the overall percentage of their cloud usage did as well.
These smaller companies also had the fewest number of IT applications running in the cloud (46%), while companies with 500+ employees were running more than two-thirds (69%) of their IT applications in the cloud.
IT Confidence Index findings confirm that it’s the smaller companies that are struggling the most with their cloud transition. Fewer than half of the apps SMBs use today are cloud-based. Simultaneously, SMBs expressed the least amount of confidence in keeping their organizations secure. This combination presents MSPs with a big opportunity to help serve small- and medium-sized businesses looking to transition to the cloud, but can’t afford to run IT on their own.
SVP of Worldwide Sales, Intermedia
When we asked IT pros if they felt confident that their company was spending enough on infrastructure (defined as server, storage and network components, but not including software), they gave the lowest score of all four categories – an IT Confidence Score of 6.5.
This data shows me that ITDMs understand the level of investment that they would have to make in order to adequately run their own infrastructure. Companies with 500 users and below find it difficult to invest in what is needed to create a redundant and reliable infrastructure. That fact could shake the confidence of anyone running on-prem environments.Jonathan McCormick
COO, Intermedia
While ITDMs are not very confident in the amount they are spending on IT Infrastructure, only a minority are investing more today than they were a year ago:
Compared to a year ago, the majority of IT professionals (59%) said that their company was investing about the same in IT infrastructure to support the overall current and future needs of the business, while only 39% said that their company was investing more.
When respondents said their company would be increasing spending, they expected investments to go primarily toward security applications and systems.
Correlate these IT Infrastructure findings with the lack of expressed confidence in combating security risks and the potential impact to businesses gets even scarier. IT Infrastructure and Security are the lowest ranking confidence categories measured. Technology is advancing, as are the expectations around availability and the need to continually improve security positioning. Everyone is focused on getting more efficient and trying to do more with less. If ITDMs truly feel like they are not investing enough in their infrastructure to help guarantee that it remains secure and highly available, then they should be looking to consume these IT needs as cloud services from larger service providers that are committed to making these investments on their behalf.
COO, Intermedia
IT pros expressed modest confidence in their ability to hire and maintain a skilled IT workforce—receiving an IT Confidence Score of 7.4 (slightly above the overall 2016 Index average). Roughly one-third of respondents said they felt more confident now than they did last year.
Competition for top talent remains fierce. When asked if they felt set up for success with a skilled workforce, 32% of all respondents agreed with the statement: “My organization gives me everything I need to be successful.”
IT pros at larger companies expressed greater confidence that their needs were being met:
According to the report, 64% of survey respondents said that their company uses IT consultants and/or MSPs. This is consistent with CompTIA’s research that indicates 65-75% of IT purchases are influenced by the channel.
IT consultants are trusted advisors, scoring high marks for the assistance they provide:
However, 33% of IT professionals think that IT consultants are too hardware focused, and 24% think that IT consultants don’t put enough emphasis on cloud solutions.
Companies in need of more than just advice are turning to MSPs for help. We have found that a large number of ITDMs look to IT consultants to assist with moving their businesses to the cloud. IT consultants should be taking advantage of the strong reputations they have already built. By building out a managed services practice, IT consultants can create more value for ITDMs while continuing to be known as the strategic advisor they’ve always been considered. As the report findings show, ITDMs are looking for cloud experts, specifically in the areas of ransomware and compliance regulations. Being that trusted advisor and building a cloud business is a great opportunity for these partners to fill a market need.
SVP of Worldwide Sales, Intermedia
What it does. This two-in-one app offers both file backup and file sharing & syncing, while giving business managers full control over access and a full audit trail.
How it helps. SecuriSync improves user security practices in many different ways.
What it does. This service stores passwords on a user’s behalf and provides a single portal for easy access to all their web apps. It logs them in with just one click.
How it helps. AppID lets you connect employee credentials to third-party web apps via Active Directory, enabling you to prevent ex-employee access by disabling their logins with a single click.
AppID also prevents insecure password practices because users simply don’t have to remember passwords.
What it does. AppID Enterprise’s patented App Shaping technology enables admins to set policies that determine exactly which pages or elements within any web app users can access or see. For example, you can remove or grey out exporting functionality; hide or redact sensitive data; define access to features based on user role; and restrict access to ANY element within a web app.
How it helps. This technology helps prevent unauthorized access and data breaches by ensuring that only authorized users are allowed to access sensitive data or perform certain tasks within the web app.
What it does. AppID Enterprise gives you a detailed audit trail of all user interaction with any web app—from login to logout and everything in between, including screenshots. You can configure auditing levels for both individual users and applications as well as groups of users.
How it helps. These features prevent misuse of data because employees know that their actions can be tracked. In addition, it makes it easier to facilitate compliance with regulations designed to avoid data breaches.
What it does. Intermedia’s HostPilot control panel provides a single source of management across 30 business IT apps. This centralized control over your Office in the Cloud offers a number of key security features.
How it helps. HostPilot helps you prevent data theft by offering remote wipe of devices. It also reduces the risk of poor password practices by letting you set policies regarding password length and complexity for Intermedia services.
What it does. Intermedia’s HostPilot control panel gives admins control over the mobile devices that are used to access Intermedia services.
How it helps.
What we offer. Intermedia offers a number of critical security tools, including email security, email encryption, Single Sign-On (SSO) and more.
How it helps.
What it does. Email Archiving captures every email a user sends and receives and stores it in a tamper-proof archive.
How it helps. Email Archiving is “tamper proof,” which means that emails containing critical company data cannot be intentionally or accidentally deleted by either employees or IT administrators. Email Archiving also helps companies easily find and restore information, simplify eDiscovery in the event of litigation, and facilitate compliance with industry rules and regulations.
Follow @intermedia_net or discuss your experience using the hashtag #ITConfidence.
