Securing the Borderless Digital Landscape

Unmanaged devices, such as shadow BYOD, are prime vectors for attacks and sensitive data loss. Organizations must identify these rogue endpoints and bring them under control.

Cybercriminals who steal sensitive data need a pathway into company networks. Increasingly, that pathway is through unmanaged devices — endpoints like personal devices that fall outside IT's direct control but still offer access to corporate networks and data.

A Microsoft study showed that in over 90% of ransomware cases, attackers used an unmanaged device to gain initial access to the organization's network. Ivanti's research identifies ransomware as the top predicted threat for 2025 (unsurprising given that 38% of security professionals expect AI to increase ransomware threats). Taken together, it's a one-two punch for opportunistic threat actors.

Ivanti’s research highlights the dimensions of the problem:

Remote network access is extremely common across office workers:

85% of office workers say they at times (or even often) work remotely during off hours — for example, checking emails in the evening or completing small tasks over the weekend. Each of these remote connections, particularly if they're using personal devices, potentially exposes corporate data to security risks.

 

Use of personal devices is widespread and hard to track: 

Fully 3 in 4 IT workers say BYOD is a regular occurrence, though only 52% say their organizations explicitly allow it. Within organizations where BYOD is not permitted, 78% of employees disregard the prohibition.

 

Unmanaged BYOD devices lack essential security controls, making them attractive entry points for cybercriminals seeking to access valuable organizational data. And when organizations ban BYOD, they often fail to develop clear controls to manage the inevitable use of personal devices — as well as the networks those devices access.

 

IT lacks visibility into unmanaged devices and remote access: 

More than 1 in 3 IT professionals (38%) say they have insufficient data about devices accessing the network. And 45% say they lack sufficient data about shadow IT.

These blind spots increase the risk of security breaches and compliance violations, as unauthorized or vulnerable devices may go undetected. Organizations cannot secure what they cannot see.

To effectively deal with widespread remote working and unmanaged devices, modern network perimeters are increasingly software-defined. Access and protections are governed by identity — essentially who the user, device or application claims to be (verified through authentication) — rather than where they are connecting from.

Edge devices operate at the edges of networks. Their well-known security gaps make them prime targets for attackers.

Edge devices like IoT sensors, smart cameras and remote equipment are increasing the risk at the edge of the network. Why?

• Rather than relying on centralized cloud or data-center processing, edge devices process data at or near the source where it’s generated — meaning valuable information is stored locally on devices that are physically exposed and often less protected by enterprise security controls.
• Edge devices often rely on poor default security configurations, infrequent security updates and limited endpoint-detection-and-response (EDR) capabilities.

Ivanti’s research shows that 44% of IT professionals believe the growth in data generated by edge devices increases risk for their organizations.

On average, organizations have just 60% of edge devices under management. This means that 2 out of every 5 edge devices are essentially operating as unmonitored entry points into organizational networks.

Some organizations are trying to close the gap:

• 61% say they restrict network access for edge devices that do not meet configuration requirements.
• 55% use machine learning to monitor edge devices for anomalous activity.
• 47% use agents to control edge device configurations.
• 43% isolate edge devices within public cloud infrastructure.

Yet none of these actions will be effective if a sizable share of devices — by our count 40% — simply are not managed.

In a boundaryless threat landscape, a zero trust approach delivers software-driven, intelligent security.

Perimeter-based security measures assume threats originate from outside the network — and once entities are inside, they can be trusted. However, as employees become more mobile, and as companies grapple with the growing number of unmanaged devices, this approach proves inadequate.

Zero trust offers a fundamentally different approach: "Never trust, always verify." This means every user, every device and every application must be authenticated and authorized before accessing any system or data, regardless of their location.

Achieving zero trust rests on three foundational principles: identity access management (verifying that users really are who they claim to be), least-privilege access (limiting user access to only those resources they need to do their jobs) and data obfuscation through encryption.

Here's the disconnect: While 79% of IT professionals insist that access controls are more important when employees work outside the office, the reality on the ground tells a different story.

Only 34% of employers actually use zero trust network access for remote workers, and a mere 30% implement privileged access management. The gap between what IT leaders know they should do and what they're actually doing is striking.

In today’s security environment, the boundaries of the enterprise are blurred, and threats can emerge from anywhere. To safeguard critical assets, organizations need a two-pronged approach:

First, expand device management programs to cover devices anywhere on the network, ensuring they can be patched, updated and monitored for security telemetry.

Second, implement identity-based solutions and zero-trust access controls that continuously verify endpoint security before granting access to internal assets.

For companies of all sizes, adopting zero trust isn’t just a security upgrade; it’s a business imperative for minimizing risk and safeguarding critical data.

This report is based on Ivanti’s 2025 State of Cybersecurity Report: Paradigm Shift and 2025 Technology at Work Report: Reshaping Flexible Work. These reports were conducted in October 2024 and February 2025 respectively and surveyed a combined total of over 600 executive leaders, 3,000 IT and cybersecurity professionals and 6,000 office workers around the world.

The research was administered by Ravn Research, and panelists were recruited by MSI Advanced Customer Insights. The survey results are unweighted.