Study finds strong interest in zero trust strategies for cyber security improvement
- Published: Thursday, 06 May 2021 09:18
Enterprise Strategy Group (ESG) has released new research that found, despite the challenges posed by the pandemic, most organizations have either pressed forward as planned or accelerated their zero trust initiatives.
Zero trust strategies assume the network is compromised and brokers resource-specific access in isolation from network access through a least-privileged approach supported by continuous authentication, authorization, and risk evaluation for every request. These initiatives have seen increased interest over the last few years as enterprise architectures have become more distributed.
The ESG study surveyed 421 security and IT professionals responsible for driving zero trust security strategies and evaluating, purchasing, and managing related security technology products and services. It found that three-quarters of organizations are allocating net-new budget for zero trust programs and the vast majority plan to increase spending over the next 12-18 months.
While interest and budget for zero trust are robust, there remains some level of confusion in the market as to what the term means, where to start, and what technologies are required to support these initiatives. There does appear to be growing understanding that zero trust should be viewed as a strategic approach. However, most organizations continue to take a technology-centric view.
The study’s key findings include:
- Most organizations (51 percent) view zero trust as an avenue towards overall cyber security program modernization, updating traditional security processes and procedures to better align with today’s distributed enterprise reality.
- More than half (53 percent) of organizations began their zero trust journey with a specific use case, then broadened that strategy over time.
- 40 percent of organizations say they have either paused or abandoned a zero trust project they had previously started—often due to organizational and personnel issues.
- Organizations that have yet to implement zero trust do maintain some negative perceptions of the initiative, especially around complexity, cost, and user experience.
- Organizations that have implemented zero trust report a variety of benefits ranging from reduced cyber security incidents and data breaches.