JumpCloud research has revealed that IT admins feel embattled as they face a rising tide of security problems from unauthorised apps to AI. The details are contained in the company’s Q1 2025 SME IT Trends Report. Entitled “From Chaos to Control: Simplifying IT in the Fast Lane of Change”(registration required), the report looks at everything from risk to AI and where people work and cybersecurity.
Rajat Bhargava, co-founder and CEO, JumpCloud, said “IT teams are operating in a high-stakes environment where complexity and speed are often at odds with security and control.
“85% of admins are calling for a unified platform to manage devices, identities, and access. Our findings show a need for proactive IT management. We must simplify operations while meeting the growing demands on IT teams.”
The level of pressure that this report shows IT admins feel is not healthy for them or the business. It is a breeding ground for mistakes, and that only adds more pressure.
What are the biggest problems the report identifies?
There are a number of major issues called out in this report, and many overlap. Tool sprawl is an ongoing problem, and there is no evidence that it is getting easier. Disconnect between tools leads to risks in securing applications, networks and data. It is no surprise that cyberattacks are increasing with AI-generated attacks in the rise.
Another compounding factor to management is the number of unauthorised applications in use. It reduces visibility, making it hard to secure corporate data and machines. Additionally, many of the tools in use do not deal well with a hybrid working model, which has added complexity to IT management. That hybrid work environment is also a driver behind unauthorised apps which surged during lockdown and haven’t reduced since.
Some key facts:
- 48% use between 5-10 tools to manage their environment. 18% use between 11-15 tools, and a worrying 8% use more than 16 tools. Just 2% have a single unified tool to manage their IT environment. 85% want that tool.
- Respondents say the biggest challenge in Q4/2024 was security (60%). That is followed by managing multiple-point solutions (47%) and new services/application rollouts (47%). Compliance (34%) is bottom of the list, which, with DORA and NIS2 in Europe both going live, is likely to change in 2025.
- The biggest security concerns in Q1/2025 are software vulnerability exploits (34%), network attacks (33%), use of unsecured networks (26%) and ransomware (26%). Surprisingly, the leakage of data through the use of public GenAI does not figure at all.
- Importantly, organisations are increasing the number of security staff that they employ. 72% say they now have a cybersecurity staff member on their team, while 17% use an MSP.
- Software licensing is sucking up more and more budget. In Q3/2024, 39% said it accounted for 25-50% of their budget. In the same quarter in 2023, it was just 28%. One reason for that is that SaaS providers are hiking prices to cover their costs. IT doesn’t have the time for migration to cheaper solution or to retrain users.
- Budgetary constraints continue to restrict IT admins. In addition to the amount spent on licensing, 37% said they spent 10-25% of their budget on cybersecurity while 24% spent 26-50%. That doesn’t leave much budget for anything else.
- 88% of IT admins are worried about the continued rise in shadow IT. 66% have no SaaS management solution or method of detecting applications used by employees. 58% have discovered unauthorised apps in use, with 60% saying employees are using six or more such applications.
Biometrics not yet taking over from passwords
For the last year, there has been much talk about ditching passwords for biometrics. The challenge is changing existing systems to make them secure. The rise and effectiveness of deepfake solutions is rapidly overtaking the role of biometrics.
According to respondents. 98% are still using password-based solutions for some systems. Showing the problem of passwords, the survey found that 21% say they manage over 21 different passwords across their key IT resources. Those who remember the heady days of secure Unix will remember just how much of a problem that became.
Despite this, 54% are convinced of the ability of biometrics to secure systems. They just aren’t yet in a position to replace those password-based solutions. 43% are still looking at multi-factor authentication, although the report doesn’t say how they are doing that. SMS as a multi-factor is still common despite its known weaknesses.
For biometrics to become the primary technology, devices need to support it. Phones and tablets have had support for some time. Laptops and desktops, not so much, and they often need additional hardware. 68% admitted that less than half of the new devices they onboard have support for biometrics. Demand in the US (71%) outstrips the UK (57%) and Australia (46%).
A shift in the hardware
One of the more interesting sections of this report is the shift in OS usage. Windows usage has shown a significant decrease over the last six months. While still at 56%, it is down 6% from Q3/2024. Both Mac (27%) and Linux (20%) have taken up that slack. Both stand at an all-time high.
Driving that shift is likely the change in ownership. The respondents say personal devices now make up 34% of those they support. It is not clear how much that has changed over previous quarters. However, with more workers operating from home and organisations continuing with Bring Your Own Device (BYOD) policies to reduce CAPEX, this is likely to be a shift based on personal choice.
For IT admins and cybersecurity teams, this brings a raft of problems. Those with Apple devices using the company’s M-range of chips have been warned of security issues in the silicon. It creates a complex problem in patching and security of data.
But security is not the only problem. When it comes to management, 23% say Windows and other Microsoft devices and apps are the hardest to manage. Apple comes in at 19% with Linux at 14%. There is likely some distortion here in terms of the skillset of the users of the different devices and the number of applications in use on them. Of concern, however, is that 22% say that cloud infrastructure is a problem to manage.
The rise of, and risk from, AI
Organisations have a complicated relationship with AI. Many are unaware of how much public GenAI is in use by its staff and is unable to track that. It means that they have no idea how much data is leaked from the organisation.
However, the number of corporate AI projects has increased and continues to increase. 39% plan to implement AI solutions in the next 6 months, up 4% from Q3/2024. 39% have a slightly longer timescale of 7-12 months, up 9%. Those with a longer timescale are decreasing. What is not given is whether this is because projects have been brought forward.
Interestingly, only 15% of IT admins think that the organisation is moving too fast on AI. 67% think the pace is right, but that comes with a caveat. The same number that think the pace is right also think that AI is outpacing the ability of the organisation to protect against threats. It is not clear what threats, though. Increased sophistication of phishing attacks? AI-written malware? AI-assisted attacks in identifying weaknesses in security?
Unsurprisingly, many respondents still see AI as a job killer. Vice-presidents (56%), non-managers (54%) and directors (37%) are more concerned than they were in Q3/2024. Managers (35%), senior vice-presidents (38%) and C-level executives (38%) are feeling a little more secure. Given that this report calls out senior positions as being concerned, it would have been interesting to know why. The report ignores the “why”, which is a major disappointment.
Enterprise Times: What does this mean?
At 46 pages, this is an interesting report with a lot of numbers. Unfortunately, it is yet another quantitative tick-box piece of research that glosses over some serious issues. There are several places where a more qualitative piece of research would have yielded much more useful information. Maybe JumpCloud will think about that for the next version of this report.
What is evident, is that the pressure on IT admins is refusing to ease. While some are using MSPs as friends and offloading issues to them, that does not reduce stress levels by much. If this report is taken as face value, organisations are going to struggle to find anyone willing to take on that IT admin role. If that happens, they will have a serious problem in delivering IT to their employees. They cannot just outsource to an MSP.
Perhaps the main disappointment from this report is that many of the issues are not new in the last year, last two years or even the last decade. It shows a serious disconnect between the practicalities of running the organisation’s IT estate and the senior management. With an increasing focus on cybersecurity and resilience by regulators, resolving this must be a priority.
