How important is implementing a Zero Trust security framework to organizations? It’s important but not enough yet for most organizations to move forward with it, according to a newly released study.
Although three in four organizations consider Zero Trust “critically” or “very” important in their security armada, only one in seven have fully implemented the architecture, according to research results issued by One Identity, an Aliso Viejo, California-based unified identity security solution provider. Of the 1,000 survey professionals surveyed, 99 percent pegged Zero Trust overall as important. Still, about one in three organizations don’t understand how they can implement Zero Trust within their environments and only 20 percent of stakeholders believe that their organizations fully comprehend Zero Trust.
Despite the hesitation surrounding Zero Trust, there is much wind at its back generated by the federal government. On the heels of President Biden’s executive order in May 2021 covering the nation’s cybersecurity profile, the Office of Management and Budget (OMB) in September released a draft strategy to move the government towards a Zero Trust architecture. The Cybersecurity and Infrastructure Security Agency (CISA) simultaneously released its Cloud Security Technical Reference Architecture and Zero Trust Maturity Model to guide and assist agencies in their implementation planning.
Neither of these steps are incidental to Zero Trust’s expansion across the enterprise. Here’s reason for the optimism:
- 39% of organizations have begun to address Zero Trust.
- 22% plan to implement Zero Trust over the course of the next year.
What factors are holding organizations back from implementing Zero Trust?
- A lack of clarity (32%), other priorities (31%) and lack of resources (29%).
- 31% believe that Zero Trust security models negatively impact employee productivity.
How is Zero Trust progressing in the enterprise?
- 61% of security professionals are focusing their implementation on reconfiguring access policies.
- 54% believe it begins with identifying how sensitive data moves throughout the network.
- 51% are implementing new technology to achieve Zero Trust.
“Organizations recognize that the traditional perimeter is no longer enough and that they will be best served by prioritizing identity security and taking steps to ensure bad actors are limited once they gain access,” said Bhagwat Swaroop, One Identity president and general manager. “Zero Trust is fast becoming an enterprise imperative because it eliminates vulnerable permissions and excessive access by delivering a continuum of different rights across the organization to ultimately limit attack surfaces if they are breached.”