As 72% of organisations plan to implement Zero Trust capabilities in 2020 to mitigate growing cyber-risk, nearly half (47%) of cybersecurity professionals lack confidence applying a Zero Trust model to their Secure Access architecture, according to the 2020 Zero Trust Progress Report released by Cybersecurity Insiders and Pulse Secure, a leading provider of software-defined Secure Access solutions.
The 2020 Zero Trust Progress Report surveyed more than 400 cybersecurity decision makers to share how enterprises are implementing Zero Trust security in their organisation and reveal key drivers, adoption, technologies, investments and benefits. The report found that Zero Trust access is moving beyond concept to implementation in 2020, but there is a striking confidence divide among cybersecurity professionals in applying Zero Trust principles.
“The sheer volume of cyberattacks and enormity of data breaches in 2019 has challenged the veracity of secure access defences, even in well-funded organisations,” said Scott Gordon, Chief Marketing Officer at Pulse Secure. “Zero Trust holds the promise of vastly enhanced usability, data protection and governance. However, there is a healthy degree of confusion among cybersecurity professionals about where and how to implement Zero Trust controls in a hybrid IT environment – which is clearly reflected in respondents’ split confidence levels.”
Of the organisations building out Zero Trust capabilities in 2020, data protection, trust earned through entity verification and continuous authentication and authorisation were cited as the most compelling tenets of Zero Trust. The report also discovered nearly one-third of organisations (30%) are seeking to simplify Secure Access delivery, including enhancing user experience and optimising administration and provisioning. Additionally, 53% of respondents plan to move Zero Trust access capabilities to a hybrid IT deployment.
More than 40% of survey respondents expressed that vulnerable mobile and at-risk devices, insecure partner access, cyberattacks, over privileged employees and shadow IT risks are top challenges to secure access to applications and resources.
“Digital Transformation is ushering in an increase in malware attacks, IoT exposures and data breaches and this is because it’s easier to phish users on mobile devices and take advantage of poorly maintained Internet-connected devices. As a result, orchestrating endpoint visibility, authentication and security enforcement controls are paramount to achieve a Zero Trust posture,” said Gordon.
While 45% are concerned with public cloud application access security and 43% of respondents expressed Bring Your Own Device (BYOD) enablement issues, more than 70% of organisations are looking to advance their identity and access management capabilities.
“Secure Access starts with appropriate and well-maintained user provisioning but requires entity authentication and compliance checks to invoke conditional access – regardless if a user is remote or on a corporate network, if the device is personal or corporate-owned, or if the application is internal or in the cloud,” said Gordon.
Workforce mobility and hybrid IT models have placed most workloads beyond the shelter of corporate networks and traditional perimeter defence – which creates significant user access and data concerns.
The 2020 Zero Trust Progress Report revealed nearly a third of cybersecurity professionals expressed value in applying Zero Trust to address hybrid IT security issues.
“Organisations at all stages of cloud adoption should re-evaluate their access security posture and data privacy requirements as they move applications and resources from on-premises to public and private cloud environments. Applying a Zero Trust model that aligns to hybrid IT migration can allow organisations to realise utility computing economies while creating a non-disruptive way to implement Zero Trust Network Access (ZTNA) functionality when, where and how they require,” said Gordon.
The report highlighted that a quarter of organisations seek to augment their current Secure Access infrastructure with Software-Defined Perimeter (SDP) technology (aka Zero Trust Network Access – ZTNA).
“Organisations interested in exploring ZTNA should seek a solution that works in parallel with a perimeter-based VPN to gain essential operational flexibility for enterprises and service providers supporting data centre and multi-cloud environments,” said Gordon.
Of the respondents considering SDP, a majority (53%) would require a hybrid IT deployment and a quarter (25%) would adopt an SaaS (Software-as-a-Service) implementation.
“Some organisations are hesitant to implement Zero Trust as SaaS because they might have legacy applications that will either delay, or prevent, cloud deployment. Others might have greater data protection obligations, where they are averse to having controls and other sensitive information leaving their premises, or they have a material investment in their data centre infrastructure that meets their needs,” said Holger Schulze, Founder and CEO of Cybersecurity Insiders.