Securing the Borderless Digital Landscape Artwork

Ivanti Originals

Audio versions of original Ivanti research on IT, security and the future of work. Visit ivanti.com/research for additional media, including presentation-ready slides and downloadable charts and graphs.

All Episodes

Ivanti Originals

Securing the Borderless Digital Landscape

October 01, 2025 • Ivanti

Ivanti’s research — a survey of over 3,000 IT and security professionals and 6,600 executives and office workers — revealed that poor access controls and widespread unmanaged device use are leaving organizations networks and data wide open for cyberattackers. As IoT sensors, smart cameras and remote equipment, lack of IT control and visibility increases the risk at the edge of corporate networks

Listen to “Securing the Borderless Digital Landscape,” to understand why traditional perimeter-based security models fall short, and why a zero-trust strategy is the new norm for securing our borderless digital landscape.

Weak access controls and unmanaged devices are forcing organizations to rethink the concept of a defined, defensible perimeter. The future belongs to software-defined security, not walls.

You’re listening to the audio version of Securing the Borderless Digital Landscape, part of Ivanti’s state of cybersecurity research series. To see more Ivanti research visit ivanti, I-V-A-N-T-I.com/research.

[Music begins]

Part one: Out of sight, out of mind

Unmanaged devices, such as shadow BYOD, are prime vectors for attacks and sensitive data loss. Organizations must identify these rogue endpoints and bring them under control.

[Music ends]

Cybercriminals who steal sensitive data need a pathway into company networks. Increasingly, that pathway is through unmanaged devices — endpoints like personal devices that fall outside IT's direct control but still offer access to corporate networks and data.

A Microsoft study showed that in over 90% of ransomware cases, attackers used an unmanaged device to gain initial access to the organization's network. Ivanti's research identifies ransomware as the top predicted threat for 2025 (unsurprising given that 38% of security professionals expect AI to increase ransomware threats). Taken together, it's a one-two punch for opportunistic threat actors.

Ivanti’s research highlights the dimensions of the problem:

First, remote network access is extremely common across office workers.

85% of office workers say they at times (or even often) work remotely during off hours — for example, checking emails in the evening or completing small tasks over the weekend. Each of these remote connections, particularly if they're using personal devices, potentially exposes corporate data to security risks.

Second, use of personal devices is widespread and hard to track.

Fully 3 in 4 IT workers say BYOD is a regular occurrence, though only 52% say their organizations explicitly allow it. Within organizations where BYOD is not permitted, 78% of employees disregard the prohibition.

Unmanaged BYOD devices lack essential security controls, making them attractive entry points for cybercriminals seeking to access valuable organizational data. And when organizations ban BYOD, they often fail to develop clear controls to manage the inevitable use of personal devices — as well as the networks those devices access.

And third, IT lacks visibility into unmanaged devices and remote access.

More than 1 in 3 IT professionals (38%) say they have insufficient data about devices accessing the network. And 45% say they lack sufficient data about shadow IT.

These blind spots increase the risk of security breaches and compliance violations, as unauthorized or vulnerable devices may go undetected. Organizations cannot secure what they cannot see.

To effectively deal with widespread remote working and unmanaged devices, modern network perimeters are increasingly software-defined. Access and protections are governed by identity — essentially who the user, device or application claims to be (verified through authentication) — rather than where they are connecting from.

[Sting]

How can you take action?

Here’s what Daniel Spicer, Ivanti’s Chief Security Officer, has to say:

“The goal that all security and IT personnel need to keep in mind is getting an understanding of all the IT assets and bringing them under management. You can't really rely on an unmanaged device keeping company data safe. So that means making sure that you can discover all the devices, making sure that you have a clear BYOD policy, and making sure that that BYOD Policy includes the ability to manage a device that otherwise wasn't procured by the company itself.

In order to effectively safeguard critical assets in the rapidly evolving threat landscape, especially those that you cannot rely on being inside the perimeter, we're going to need different strategies. And those strategies are going to include, you know, making sure that you do have device management that considers the device can be anywhere on the network, making sure they can still get patches, they could still receive its necessary updates, and they can report telemetry.

But it's also going to require you to consider identity-based solutions and a zero-trust access strategy so that you can constantly check to make sure that the endpoint is safe and secure before you allow it to connect back to the assets that are inside your nice secure perimeter.”

[Music begins]

Part two: Edge devices under fire

Edge devices operate at the edges of networks. Their well-known security gaps make them prime targets for attackers.

[Music ends]

Edge devices like IoT sensors, smart cameras and remote equipment are increasing the risk at the edge of the network. Why?

Rather than relying on centralized cloud or data-center processing, edge devices process data at or near the source where it’s generated — meaning valuable information is stored locally on devices that are physically exposed and often less protected by enterprise security controls.

Edge devices often rely on poor default security configurations, infrequent security updates and limited endpoint-detection-and-response (or EDR) capabilities.

Ivanti’s research shows that 44% of IT professionals believe the growth in data generated by edge devices increases risk for their organizations.

On average, organizations have just 60% of edge devices under management. This means that 2 out of every 5 edge devices are essentially operating as unmonitored entry points into organizational networks.

Some organizations are trying to close the gap:

61% say they restrict network access for edge devices that do not meet configuration requirements.

55% use machine learning to monitor edge devices for anomalous activity.
47% use agents to control edge device configurations.
43% isolate edge devices within public cloud infrastructure.

Yet none of these actions will be effective if a sizable share of devices — by our count 40% — simply are not managed.

[Sting]

How can you take action?

Here’s what Mike Riemer, Ivanti’s Senior Vice President for the Network Security Group, has to say:

Well, I think the best way for organizations to have a security strategy for edge devices or IoT devices and prevent threat actors from attacking them or going after them is multi-faceted. Segmentation is always a great way. By utilizing VLANs, you can segment networks, and you can put restrictions firewalls in place so that siloing the data so that you don't have broad brush access across the network if one of these edge devices become infiltrated by a threat actor. The other thing that you can do is ensure that you have a least privilege access model going on with your users so that individuals on the network have only access to those solutions and systems that they need access to in order to perform their job. And then of course monitoring; monitoring their environment and looking for any type of various activity or attempts to circumvent any type of security that's been put in place.

The other thing we can do is we can also push security from these edge devices and push that security all the way to the endpoint, make it the user endpoint where users are actually logging into the network from and do the validation and the checking at that point. So therefore, you're not really relying upon the edge device for the security, but you're actually relying upon endpoint where the user is to validate that the person that is on that endpoint is actually who they say they are.

[Music begins]

Part three: From blind trust to zero trust

In a boundaryless threat landscape, a zero trust approach delivers software-driven, intelligent security.

[Music ends]

Perimeter-based security measures assume threats originate from outside the network — and once entities are inside, they can be trusted. However, as employees become more mobile, and as companies grapple with the growing number of unmanaged devices, this approach proves inadequate.

Zero trust offers a fundamentally different approach: "Never trust, always verify." This means every user, every device and every application must be authenticated and authorized before accessing any system or data, regardless of their location.

Achieving zero trust rests on three foundational principles: identity access management (verifying that users really are who they claim to be), least-privilege access (limiting user access to only those resources they need to do their jobs) and data obfuscation through encryption.

Here's the disconnect: While 79% of IT professionals insist that access controls are more important when employees work outside the office, the reality on the ground tells a different story.

Only 34% of employers actually use zero trust network access for remote workers, and a mere 30% implement privileged access management. The gap between what IT leaders know they should do and what they're actually doing is striking.

In today’s security environment, the boundaries of the enterprise are blurred, and threats can emerge from anywhere. To safeguard critical assets, organizations need a two-pronged approach:

First, expand device management programs to cover devices anywhere on the network, ensuring they can be patched, updated and monitored for security telemetry.

Second, implement identity-based solutions and zero-trust access controls that continuously verify endpoint security before granting access to internal assets.

For companies of all sizes, adopting zero trust isn’t just a security upgrade; it’s a business imperative for minimizing risk and safeguarding critical data.

[Sting]

How can you take action?

Here’s what Mike Riemer, Ivanti’s Senior Vice President for the Network Security Group, has to say:

The other thing we can do is we can also push security from these edge devices and push that security all the way to the endpoint, make it the user endpoint where users are logging into the network from and do the validation and the checking at that point. So therefore, you're not really relying upon the edge device for security, but you're actually relying upon an endpoint where the user is to validate that the person that is on that endpoint is actually who they say they are.

So, the easiest way for companies to update their security mindset as it were, is to secure the perimeter of their network from a software defined perimeter perspective. Just pushing that security out to the end point. And by utilizing the security at the endpoint from zero trust type perspective, least privilege access perspective, it gives us that ability to individualize each and every user's access. So no longer do you have just a single device that threat actors can go after.

[Sting]

If you enjoyed listening to this report and want even more Ivanti research, you can subscribe to this podcast to get the latest Ivanti research in your feed as soon as it’s released.

You can read the report and see the rest of Ivanti’s research at ivanti, I-V-A-N-T-I.com/research.

You can follow Ivanti on social media at Go Ivanti, and you can visit us at ivanti.com to learn more about our products and solutions.

Thanks for listening!