Your enterprise IT landscape has changed. Businesses have shifted to a flexible and dynamic browser-based, web application-intensive IT environment, and the IT management challenges have multiplied. The different architecture of web applications, when compared with native Windows applications, is a key driver of these challenges. The open and dynamic nature of this new IT landscape has increased security threats, and the complexities of the environment make it easy for your organization to unknowingly sacrifice efficiency, resulting in wasted money.
These risks can be placed into two categories – security threats and wasted money. Here are the top 10 hidden risks your enterprise faces in today’s modern enterprise.
Gone are the day when most business applications existed in the bubble of a client/server environment. The new IT landscape comes with web-based applications that have open, versatile, and dynamic architectures. While the functionality of these applications seems almost limitless, many companies are finding the security threats to their IT environment are compounding. Let’s take a look at the top 5 security threats that are common in most modern IT environments.
Browser extensions represent a critical blind spot for enterprise security, with 99% of employees using extensions that traditional security tools cannot monitor. Recent supply chain attacks compromised 30+ Chrome extensions affecting 2.6 million users, while research shows 67% of enterprise breaches now involve malicious extensions. With 53% of enterprise extensions having high-risk permissions to access passwords, cookies, and sensitive data, attackers exploit these trusted channels to bypass network and endpoint security controls entirely.
IT managers must deploy extension monitoring solutions because the risks are escalating while visibility remains minimal. Over half of extension publishers are anonymous, 26% of enterprise extensions are sideloaded outside official channels, and average breach costs have reached $4.88 million with browser-based attacks showing 51-second breakout times. Without proactive monitoring, organizations cannot detect when extensions update with malicious code, change permissions, or begin data exfiltration—leaving them vulnerable to compliance violations and sophisticated attacks that use browsers as both entry point and operational base.
According to Google’s Threat Intelligence Group, 75 zero-day vulnerabilities were discovered in 2024. Historically, research published at the ACM Computer and Communications Security Conferences shows the typical attack lasts an average of 312 days. And, according to Computerworld it is costs only $90,000 for a hacker to buy a vulnerability that could cost your company millions. With zero-day exploits continuing to escalate, and the vast majority of your line-of-business applications running in the browser, your company could be exposed to a threat. Unless you have a strategy to address a zero-day exploit, you could face the shut-down of IT services in your enterprise.
Old and unused software create an unnecessary attack surface in your browser environment. As early as 2010, TechAdvisory.org stated:
“If you have old or unused programs, or have software that hasn’t been updated in a while, you are running the risk of hackers exploiting these vulnerabilities and infiltrating your system.”
In an effort to maintain compatibility old, unused software can often be kept as a ‘temporary’ workaround to keep legacy software working. These workarounds are often forgotten and unintentionally increase your IT attack surface. The ability to get a full inventory of software usage can help you determine what software needs to be eliminated to reduce your company’s IT attack surface.
Audits – it’s not a question of if, but rather when you’ll need to be ready for an audit. In a Computerworld article, Forrester stated, only 2 of the 41 IT executives surveyed said they had seen a decrease in the number of audits conducted at their companies during the previous 12 months. A 2024 Cost of a Data Breach Report discovered that “40% of all data breaches involved data distributed across multiple environments”, indicating that cloud and distributed web application security issues are crucial areas for audit and compliance. Other research showed 77% of executives were in the dark, they did not know if their organization stored sensitive data in the cloud. With all of the sensitive information your company handles, real-time knowledge about the activity of your browser environment can make compliance and verification readiness much easier.
The topic of shadow IT appears to be top of mind for many these days. Shadow IT represents a huge blind spot to a very large amount of organization data and business workflows, which creates security risk and a disconnect between user expectation and IT reality.
In an Intel Corp. survey, 58% of respondents stated that shadow IT has a negative impact on IT’s ability to keep cloud services secure. While this may not be a surprise, a Cisco survey of CIOs determined there is an estimated average of 51 cloud services running in each of their organizations. However, Cisco determined that based on data analysis the number is closer to 730.
Today, browser-based applications, with their dynamic and complex architecture, dominate the enterprise IT landscape. They are made of diverse and disparate building blocks, that can be assembled in nearly any order or pattern. While this new IT landscape offers a great user experience, your organization faces the challenging task of tracking and managing all of these components and interdependencies. Without proper data, analytics, and control, your organization risks efficiency, productivity, and financial resources — all of which impact your bottom line. You modern IT landscape brings with it 5 hidden financial risks to your company’s IT budget. Let’s take a look them.
An accurate application inventory is essential to maintain security and compliance. According to Gartner: “Companies must obtain a detailed inventory of the user environments, including hardware, software and processes.” The inherent design of browser extension update mechanisms and the explosion of web-based applications access through browser extensions or components, as well as interdependencies makes collecting detailed inventory information even more important to smoothly operate your IT environment.
Collecting browser inventory and usage stats is prohibitively expensive if done manually, not to mention time consuming. One large enterprise Browsium customer quantified their effort for a manual inventory of browser-based applications, browser extensions, along with all cloud-based or SaaS services would take 4 people, working 6 months to complete. Doing the math, if you paid each staff member $160K per year, that would total an expense of $320K. And the worst part was, once they completed the inventory it would be obsolete in little time based upon the ease and speed at which web applications can be deployed.
Being able to identify critical security impacting changes when they happen is crucial to avoiding large scale compromise or data exfiltration.
The new IT landscape makes it easier to add applications, but this also makes it more challenging to manage all of these software assets. One Gartner research model predicts that by 2027 as much as 40% of cloud and web based AI projects in an organization will be retired or users will stop using them altogether. With the rapid pace of innovation today, the rate of abandonment is higher than ever meaning organizations are potentially leaving unused subscriptions – and data – across a multitude of services outside the organization.
Left undetected, those obsolete applications will not only leave potential data in unknown systems but those unused services may be used as the basis for software procurement and support planning. Doing the math, it can quickly get very expensive without the ability to properly analyze and address software usage. Using the 4% turnover rate from Gartner, an organization spending $100M on software assets could be wasting about $4M a year.
Money is lost if end-user productivity stalls. This includes anything that distracts employees from doing their job such as: broken applications, help desk calls, social media, and shopping during the work day.
According to Computerworld, 41% of organizations reporting an increase in help desk calls, attribute the uptick to infrastructure or product changes, upgrades, or conversions. When employees can’t do their jobs because of an IT outage, the company’s bottom line suffers. How would you like to face the executive staff at your company to explain why you took down an entire department by releasing a patch without first testing their critical applications (because you didn’t even know what web applications were being used)?
The study: Social media use cuts productivity at work, cited in Computerworld found that companies who allow employees to access personal social media sites, lose an average of 1.5% in total employee productivity. That statistic does not include online shopping and personal use activity.
Enterprise IT teams face an overwhelming software maintenance burden, managing hundreds of applications across diverse environments while balancing security, stability, and user productivity. With the average enterprise running 187 applications and receiving thousands of software updates annually, IT departments must continuously patch security vulnerabilities, test compatibility across complex technology stacks, and resolve bugs that can disrupt business operations. This workload is compounded by resource constraints—59% of IT teams are understaffed and only 12% can keep up with new technology requests—forcing teams to prioritize critical security patches while often deferring non-essential updates that can accumulate into larger compatibility and performance issues over time.
If you’re like most IT departments, you likely have unnecessary hardware or cloud services your organization is paying for, but not utilizing. After all, unless you have accurate real-time browser usage data, it’s nearly impossible to ensure you’re hosting only necessary applications.
According to a McAfee study, 1,200 global IT executives state that 80% of their budgets will go to cloud computing services within the year. But there is good news. A Gartner study states “eliminating poorly utilized hardware and software associated with older, seldom-used applications can reduce the IT budget by as much as 20%”. The key is understanding web application usage.
Elasticity is one of the core values cloud computing can offer. You also need usage data to know how your organization uses the browser-based applications you have in order to effectively migrate to the cloud.
