As 72% of organisations plan to implement Zero Trust capabilities in 2020 to mitigate growing cyber risk, nearly half (47%, in fact) of cyber security professionals lack confidence applying a Zero Trust model to their Secure Access architecture. That’s according to the 2020 Zero Trust Progress Report released by Cyber Security Insiders and Pulse Secure, the provider of software-defined Secure Access solutions.
The 2020 Zero Trust Progress Report surveyed more than 400 cyber security decision-makers to share how enterprises are implementing Zero Trust security in their organisation and reveal key drivers, adoption, technologies, investments and benefits. The base research finds that Zero Trust access is moving beyond concept to implementation in 2020, but there appears to be a striking confidence divide among cyber security professionals in applying Zero Trust principles.
“The sheer volume of cyber attacks and the enormity of data breaches in 2019 has challenged the veracity of secure access defences, even in well-funded organisations,” said Scott Gordon, chief marketing officer at Pulse Secure. “Zero Trust holds the promise of vastly enhanced usability, data protection and governance. However, there’s a healthy degree of confusion among cyber security professionals about where and how to implement Zero Trust controls in hybrid IT environments which is clearly reflected in respondents’ split confidence levels.”
Of those organisations building out Zero Trust capabilities in 2020, data protection, trust earned through entity verification and continuous authentication and authorisation were cited as the most compelling tenets of Zero Trust. The research also discovered that nearly one-third of organisations (30%) are seeking to simplify secure access delivery, including enhancing user experience and optimising administration and provisioning.
Additionally, 53% of respondents plan to move Zero Trust access capabilities to a hybrid IT deployment.
Top security concerns
More than 40% of survey respondents expressed the view that vulnerable mobile and at-risk devices, insecure partner access, cyber attacks, over-privileged employees and shadow IT risks are the top challenges when it comes to secure access for applications and resources.
“Digital transformation is ushering in an increase in malware attacks, Internet of Things exposures and data breaches, and this is simply because it’s easier to phish users on mobile devices and take advantage of poorly maintained Internet-connected devices,” explained Gordon. “As a result, orchestrating endpoint visibility, authentication and security enforcement controls are paramount to achieve a Zero Trust posture.”
While 45% of respondents are concerned with public cloud application access security and 43% of respondents focused on Bring Your Own Device enablement issues, more than 70% of organisations are looking to advance their identity and access management capabilities.
Gordon asserted: “Secure Access starts with appropriate and well-maintained user provisioning, but requires entity authentication and compliance checks to invoke conditional access regardless of whether a user is remote or on a corporate network, if the device is personal or corporate-owned or if the application is internal or in the cloud.”
Driving demand for Zero Trust
Workforce mobility and hybrid IT models have placed most workloads beyond the shelter of corporate networks and traditional perimeter defence, which in turn creates significant user access and data concerns.
The 2020 Zero Trust Progress Report reveals that nearly a third of cyber security professionals expressed value in applying Zero Trust to address hybrid IT security issues.
“Organisations at all stages of cloud adoption should re-evaluate their access security posture and data privacy requirements as they move applications and resources from on-premises to public and private cloud environments,” urged Gordon. “Applying a Zero Trust model that aligns to hybrid IT migration can allow organisations to realise utility computing economies while creating a non-disruptive way in which to implement Zero Trust Network Access functionality when, where and how they require.”
Current Secure Access infrastructure
The document highlights that a quarter of organisations are seeking to augment their current Secure Access infrastructure with Software Defined Perimeter technology (aka Zero Trust Network Access).
“Organisations interested in exploring Zero Trust Network Access should seek a solution that works in parallel with a perimeter-based VPN to gain essential operational flexibility for enterprises and service providers supporting data center and multi-cloud environments,” stressed Gordon.
Of the respondents considering Software Defined Perimeter technology, a majority (53%) would require a hybrid IT deployment, while one quarter (25%) would adopt a Software-as-a-Service (SaaS) implementation.
“Some organisations are hesitant to implement Zero Trust as SaaS because they might have legacy applications that will either delay, or prevent cloud deployment,” said Holger Schulze, founder and CEO of Cyber Security Insiders. “Others might have greater data protection obligations where they’re averse to having controls and other sensitive information leaving their premises, or they may well have a material investment in their Date Centre infrastructure that meets their needs.”