Cybersecurity leaders cited zero trust as "one of the most effective security practices" for today's organizations, according to a new report from Optiv Security, a Top 250 MSSP. In addition, the report indicated that 100 percent of cybersecurity leaders surveyed acknowledged zero trust is important in reducing cyber risk.
In the report, cybersecurity leaders cited the following as their top reasons for building a zero trust security strategy:
- Reducing an attacker's ability to move laterally (44 percent).
- Enforcing least-privilege access to critical resources (44 percent).
- Reducing an enterprise's attack surface (41 percent).
Also, cybersecurity leaders named the following as the biggest cultural and environmental factors that hamper their ability to implement a zero trust architecture:
- Too many internal silos or stakeholders for different components of zero trust (47 percent).
- Too many legacy technologies that do not "support" zero trust (44 percent).
- Lack of internal expertise to develop a zero trust roadmap and policies (39 percent).
To date, 21 percent of cybersecurity leaders have adopted zero trust as a foundational model across their organizations, Optiv's report showed. However, 93 percent stated zero trust benefits have matched or exceeded their expectations, and 97 percent expect the same or more funding for zero trust initiatives in 2022.
Most Cybersecurity Leaders Look to MSSPs for Help with Zero Trust Security
Roughly three-quarters of cybersecurity leaders said they expect to engage with MSSPs and other external services providers to help implement zero trust technologies, Optiv's report revealed. Furthermore, cybersecurity leaders noted these services providers can help in several areas, including:
- Assessing the current state of their security posture and identifying security gaps and best practices (64 percent).
- Recommending process improvements (43 percent).
- Building or redefining a zero trust roadmap (43 percent).
Many cybersecurity leaders are targeting zero trust security models to combat threats to network and cloud exposures. Meanwhile, MSSPs may increasingly offer security services to help organizations develop and maintain zero trust architecture.