A survey of nearly 1,300 security and risk professionals published today by Ericom, a provider of a secure access service edge (SASE) platform, finds 80% of respondents reporting their organization has a concrete plan to implement a zero-trust IT environment.
Well over one-third of respondents plan to make good on those plans within the next three months, while another 17% are targeting three to six months from the time the survey was taken last July. Just under a quarter (24%) said it would take them six to 12 months to implement.
The two primary areas of focus for respondents going forward are identity and access management (43%) followed by network security (21%).
Overall, 83% said they consider zero-trust to be an essential strategy for their organizations, with 68% strongly agreeing with that sentiment. A full 85% said they believe zero-trust security will stop attacks or limit attacks’ success, with more than half (51%) strongly agreeing.
The top reason cited for adopting a zero-trust IT architecture is that it provides a more proactive approach to cybersecurity (52%), followed by the belief that it’s the only way to combat sophisticated threats (33%).
The primary reasons these projects might be delayed are because of budget restrictions (28%) followed by other strategic security initiatives (25%) and conflicts with other IT/business frameworks (19%), the survey found.
From a technical perspective, the most difficult part of zero-trust to manage are policies (31%) and frequent changes to the IT environment (23%). The biggest technical obstacles to adopting zero-trust security are legacy technologies (28%) followed by different tools for user and application/application programming interface (API) access (16%) and a lack of automated asset identification or automated rule definition capability (15%).
A total of 71% of respondents said their organization would implement zero-trust IT architectures faster if they had a partner to help.
Dr. Chase Cunningham, chief strategy officer for Ericom, said it’s clear that when it comes to security that more organizations are starting to take the gloves off in terms of how willing they are to enforce zero-trust IT policies. At the core of those efforts will be increased reliance on identity management platforms to enforce those policies, he said.
Zero-trust IT as a concept has, of course, been around for decades. The challenge has always been finding a way to implement it in a way that didn’t result in end users trying to circumvent policies in the name of individual productivity. Organizations are now shifting toward a software-driven approach that should prove less intrusive than previous generations of hardware platforms that attempted to lock down an IT environment, noted Cunningham.
It’s unclear just how great the desire to embrace zero-trust approaches to IT really is versus the actual capabilities of an organization. Cybersecurity expertise, after all, is still difficult to find and retain. However, in the wake of a series of high-profile breaches, it appears the security alarm that has been blaring regularly for years is finally being heard. The issue now is finding a way to respond that doesn’t break the IT budget.