Zero Trust Security Model: Forrester, Illumio Research Offers Reality Check
Cybersecurity decision-makers are eyeing zero trust security models to combat growing security threats to network and cloud exposures, Illumio said in a recently released, commissioned study.
Illumio, which makes ransomware mitigation and segmentation solutions purpose-built for zero trust frameworks, surveyed some 360 security strategy decision-makers at the C-suite, vice president and director levels in North America, EMEA, and APAC in a study conducted by consultancy Forrester.
Of the respondents, more than three in four cited the importance of zero trust to combat mounting security threats. Moreover, six in 10 said they are unprepared for the hastening pace of cloud transformation and migration.
What Is Zero Trust Model for Security?
In a zero trust model, no actor, system, network or service operating outside or within the security perimeter is trusted. Everything every time must be verified prior to access. It represents a dramatic shift from how infrastructure, networks and data are secured and, in increasing numbers, both the public and the private sector are navigating towards the security framework. In fact, federal government agencies will adopt zero trust cybersecurity principles to meet specific standards and objectives as newly detailed in a memorandum from the Office of Management and Budget.
Here are some top line findings from the survey:
- Advanced zero trust programs pose clear organizational benefits, including increased organizational agility (52 percent), safer cloud migrations (50 percent), and support of digital transformation (48 percent).
- Zero trust adoption will continue to mature, with 78 percent of firms planning to bolster zero trust security operations in the new year.
- 36 percent of organizations have started to deploy zero trust solutions, and six percent of them have fully implemented their Zero Trust projects to date.
“As we watch threats evolve and breaches become more devastating, the need to implement zero trust strategies has never been more urgent,” said PJ Kirner, Illumio chief technology officer and co-founder.
What about micro-segmentation? Nearly three in four respondents consider micro-segmentation and zero trust network architecture to be critical for their organization’s security strategy.
But, despite leaders acknowledging the importance of micro-segmentation, adoption rates are lagging, mostly owing to a lack of workforce expertise and skills to implement best practices (roughly six in 10 respondents) and an inability to identify the right zero trust micro-segmentation pilot (44 percent).
Micro-Segmentation And Zero Trust Security
Even though there’s still a knowledge gap around how to efficiently implement micro-segmentation:
- 62 percent of organizations attempted to use data center firewalls and software-defined networking but they took too long to deploy.
- 53 percent found them to be too expensive.
- 50 percent said these approaches didn’t scale.
“Micro-segmentation isn’t an all-or-nothing strategy, the path to a zero trust posture can be broken into bite-sized phases,” said Kirner. “Start by gaining visibility to see the risk created by open lateral pathways across your interconnected infrastructure and to the internet. Then, assume breach and secure your data by building security controls that close these risky pathways. This incremental approach is a journey that bolsters your security posture to reduce risk and increase cyber resiliency.”
As for investments in zero trust and micro-segmentation, two-thirds of respondents are planning to increase their budgets for the security model this year, allocating 36 percent of their total spend to micro-segmentation projects, the data showed. And, security leaders are counting on micro-segmentation to help in bolstering cloud and data center transformations (68 percent), and increasing support for new business and operational models (63 percent).