Report: How companies are approaching and adopting Zero Trust security strategies

The highly distributed nature of today’s workplace is forcing companies to accelerate their Zero Trust strategies. Over the past 18 months, organizations have been focused almost exclusively on giving remote employees access to the tools and information they need to remain productive, no matter where they’re working. With that task largely accomplished, companies are now facing pressure to modernize their strategies to secure even the most complex environments.

As a solution to this challenge, many companies are adopting Zero Trust security strategies, which are based on the assumption that all content—regardless of whether or not it originates from a trusted source—is untrustworthy. This forces websites, web apps, Software-as-a-Service (SaaS) platforms, and even email content to be treated as if they are malicious and need to continually gain and maintain trust throughout every engagement.

Whether implementing least-privileged tenets for user access or securing the connections to and between the disparate aspects of today’s hybrid multi-cloud deployments, Zero Trust provides a framework to secure even the most complex environments. Yet for many organizations, there’s still confusion regarding what Zero Trust initiatives should entail, where to begin, and how best to overcome the organizational obstacles that result from such a cross-functional undertaking.

In a new ebook based on a research study, analyst firm ESG surveyed nearly 500 IT and cybersecurity professionals in the U.S. and Canada to better understand how the move to Zero Trust architectures is going. The results are nothing short of astounding—shedding light on a major transformation of security best practices and approaches across industries.

Some of the key takeaways that IT and cybersecurity leaders shared in the study include these:

• The definitions and drivers of Zero Trust vary, but many organizations claim multiple security and business benefits.

  Nearly half of organizations rate their Zero Trust initiatives as very successful and claim benefits such as reduced security incidents, better security operations center (SOC) efficiency, fewer data breaches, and higher user satisfaction.

• The broad range of tools required for Zero Trust drives interest in a platform approach, but opinions differ.

  The vast majority of organizations are using or interested in security platforms that can optimize their Zero Trust strategy. Not surprisingly, integrations are a top consideration when adopting tools in recognition of the fact that a single-vendor approach is not feasible. Some tools, however, are viewed as more effective than others. Zero Trust Network Access (ZTNA) tools were called out as among the most effective in supporting Zero Trust.

• The pandemic validates the importance of Zero Trust.

  Most organizations carried on with Zero Trust plans even as the pandemic put other initiatives on hold. But further, those with Zero Trust projects in place were less likely to see increased security team workloads as a result of the shifting focus to securing remote workers.

• Cross-functional collaboration is critical to Zero Trust success and is leading to interest in centers of excellence.

  Many individuals and groups are currently involved with Zero Trust strategies. And while only 12 percent of organizations have implemented a Zero Trust center of excellence (CoE) to date, interest is very high in this approach to formalize the collaboration across the different groups involved in Zero Trust.

• Formalized strategies for Zero Trust are common. However, most organizations begin with a specific use case and work their way back to a broader Zero Trust initiative.

  Nearly nine out of ten organizations have formalized Zero Trust strategies. While it is common for these early movers to begin with an approach that is specific to a use case or an inventory of the tools they have in place, many plan to build a broader strategy from those starting points.

• Budget for Zero Trust is often new, and organizations anticipate robust spending.

  More than three-quarters of organizations allocate at least some new budget to Zero Trust, and 34 percent expect spending to increase significantly over the next 12 to 18 months.

Zero Trust is radically transforming the way organizations around the world secure their most complex environments, but it’s clear that IT and cybersecurity professionals have varying ways of planning, implementing, and managing Zero Trust strategies. The good news is that there is no single way, and organizations of many different stripes that have taken different approaches have been immensely successful and are seeing tangible benefits through simpler, more efficient, and hardened security.

Download the ebook to get the complete research findings and insights. You’ll learn why ZTNA is considered a key pillar to the success and implementation of these cybersecurity initiatives.

Learn how Menlo Private Access can help your organization provide fast, reliable, and secure web application access to users.