Three out of four IT workers said bring your own device was a regular occurrence, despite the fact that only 52% of organisations officially allow it.

Where policies forbid it, 78% of employees do it regardless.

This lack of oversight has left companies potentially vulnerable. Microsoft data shows that more than 90% of ransomware incidents begin with an unmanaged device.

Ivanti’s research agrees with this, with 38% of IT professionals admitting they do not have sufficient data about devices on their networks.

Edge devices, from smart cameras to remote sensors, further add to the exposure.

According to the report, around 40% of such devices remain unmanaged.

“To secure corporate networks against edge device vulnerabilities, organisations must keep edge devices upgraded to the latest release and push security validation to the user endpoint,” said Mike Riemer, SVP, Network Security Group and Field CISO at Ivanti.

Zero trust models are also falling behind adoption expectations.

79% of IT professionals say access controls are more important when staff work remotely, but only 34% of companies use zero trust network access and just 30% use privileged access management.

Daniel Spicer, CSO at Ivanti, said, “IT and security leaders should focus on taking inventory of all IT assets and bringing them under management. This means ensuring you can discover all existing devices, enforcing a clear BYOD policy and making sure that BYOD policy includes the ability to manage a device that wasn’t procured by the company itself.”

The report concludes that traditional perimeters are no longer effective and that companies need to extend management to all devices, wherever they are, and make use of identity-based access controls.