shane - stock.adobe.com
The Covid-19 pandemic has not slowed the rush to invest in and implement zero-trust secure access, perhaps unsurprising given the runaway growth in remote working, according to new statistics produced by analysts at Enterprise Management Associates (EMA) working alongside a number of suppliers.
The study, Enterprise zero-trust networking strategies: Secure remote access and network association, found that 60% of IT buyers had accelerated the implementation of zero-trust policies and technology over the past seven months.
The report said four in five respondents had defined zero-trust initiatives, but less than half of them had been given added budget for their projects.
These two factors were a strong predicator of success in zero trust, and the most successful initiatives were seen at organisations where IT teams had formalised their projects ahead of time, while those with dedicated budgets and set strategies were considerably more likely to have continued to accelerate that during the pandemic.
On the other hand, those who had been doing zero trust on an ad-hoc basis were found to be more likely to have stalled along the way, or to have abandoned zero trust altogether, although those who had failed were in a clear minority, as 94% of respondents said their zero-trust initiative had had some degree of success.
“The global pandemic has had some profound effects on the enterprise – with remote working being rolled out on an unprecedented scale, increased leverage of cloud resources and applications, and the transition to greater workplace flexibility,” said Scott Gordon, chief marketing officer at Pulse Secure, one of the report sponsors.
“The findings indicate that organisations that advance their initiatives and planning towards zero-trust process and technology implementation will be ahead of the digital transformation curve and much more resilient to threats and crises.”
EMA research vice-president Shamus McGillicuddy added: “Enterprises are clearly accelerating efforts to adopt zero-trust networking initiatives. The survey shows that organisations that move forward with formal initiatives and budget are more likely to achieve implementation success and operational gain.”
The researchers found that successful, dedicated zero-trust projects tend to be interdisciplinary, drawing on expertise from both security and networking teams. In 45% of such projects, security and networking practitioners had a formal partnership to share tools and processes.
Read more about zero trust
- Zero trust is a journey, not a destination. Ensure your corporate network is safe from internal and external threats by implementing these five principles of zero-trust security.
- Zero-trust security has three main on-ramps, each with its own technology path. For a clear-cut zero-trust implementation, enterprises need to choose their on-ramp wisely.
- The authors of Zero trust networks discuss how the zero-trust methodology’s popularity produces both vendor hype and renewed attention to critical areas of security weakness.
The study revealed three primary areas of collaboration – coordinating access security controls across different systems, assessing access security control requirements, and defining access requirements according to user, role, data and application.
However, there was also a note of warning, as many respondents who had established such zero-trust “taskforces” and cross-bench partnerships said they struggled with, variously, skills gaps, a lack of appropriate collaboration tools, and conflicting budget demands between security and networking.
Respondents said they considered the prime benefits of zero trust to be improved IT operational agility, improved governance risk and compliance, data breach mitigation or prevention, a reduction in vulnerable attack surfaces, and unauthorised access mitigation.
The full report also details a number of findings around the business of applying hybrid IT requirements to secure remote access, with a majority wanting to factor in cloud application access, and attitudes to internet-of-things devices and sensors in zero-trust initiatives, which can be tricky as such things often defy the application of the user identities on which zero trust is based.