Zero-Trust is one of the core security strategies for organisations today. However, when it comes to zero trust implementations, over 50% of companies struggle to implement some core zero trust security basics reveals Fortinet’s Global State of Zero Trust Report.
Most organisations have a vision of zero trust or are in the process of implementing zero trust initiatives. But over 50% of companies cannot translate this vision into the solutions they are implementing as they lack some zero trust basic core fundamentals, reveals the survey.
With the evolving threat landscape, transition to work-from-anywhere, and the need to securely manage applications in the cloud, the shift from implicit trust to zero trust is top of mind for organisations, according to Rajesh Maurya, Regional VP- India and SAARC – Fortinet.
“Our survey shows while most organisations have some form of a zero trust strategy in place, they fall short of a holistic strategy and struggle to implement some core zero trust security basics,” says Maurya.
With the continuous increase in the volume and sophistication of cyberattacks, organisations are looking for solutions to protect against these evolving threats and zero trust is top of mind, but for multiple reasons.
Additionally, the shift to work-from-anywhere has put a spotlight on zero-trust network access (ZTNA) in particular, as organisations need to protect important assets from workers connecting from poorly protected home networks.
“An effective solution requires a cybersecurity mesh platform approach to address all zero trust fundamentals across the infrastructure, including endpoint, cloud, and on-premises, otherwise the result is a partial, non-integrated solution that lacks broad visibility,” explains Maurya.
Confusion Over Defining Zero-Trust Strategies
The report shows some confusion about what comprises a complete zero-trust strategy. Respondents indicated they understand zero trust (77%) and ZTNA (75%) concepts and over 80% reported already having a zero-trust and/or ZTNA strategy in place or development.
Yet, over 50% indicated being unable to implement core zero-trust capabilities. Nearly 60% indicated they do not have the ability to authenticate users and devices on an ongoing basis and 54% struggle to monitor users post-authentication.
This gap is concerning because these functions are critical tenets of zero-trust and zero trust implementations across organisations. Interchangeably used terms such as “Zero Trust Access” and “Zero Trust Network Access” also add to the confusion.
Zero Trust Is Top of Mind and Priorities Are Varied
Priorities for zero trust are “minimizing the impact of breaches and intrusions,” followed closely by “securing remote access” and “ensuring business or mission continuity.” Improving user experiences” and “gaining the flexibility to provide security anywhere” were also top priorities.
“Security across the entire digital attack surface” was the single most important benefit cited by respondents, followed by a “better user experience for remote work (VPN).”
The majority of survey respondents believe it is vital for zero trust security solutions to be integrated with their existing infrastructure, work across cloud and on-premises environments.
But for over 80% of respondents say that the zero trust implementations across an extended network are challenging. For organisations without a strategy in place or development, obstacles included a lack of skilled resources with 35% of organisations using other IT strategies to address zero trust.
472 IT and security leaders from 24 different countries, representing nearly all industries, including the public sector participated in the Fortinet survey conducted in September 2021.