Zero Trust: Seventy-two per cent of companies are planning to reduce their risk from cyberattacks this year by introducing.
- According to a study by Pulse Secure, 72 percent of companies plan to introduce Zero Trust this year.
- Fifty per cent of the security teams lack the necessary knowledge for the appropriate tools.
- Risk-prone devices in BYOD and IoT networks can pose the most significant security challenges.
Forty-seven per cent of responsible security teams feel they lack the expertise to apply the zero-trust approach to their access controls. This is the result of the “2020 Zero Trust Progress Report” from Cybersecurity Insiders and Pulse Secure, a software provider of secure access solutions. For the study, more than 400 decision-makers in the field of cybersecurity were asked about their strategies for switching to the zero trust model, in particular about their motives, the integration process, the technologies used and investments made, and the benefits hoped for or achieved.
Zero Trust: Great Willingness To Implement
The report clearly shows that most companies are ready to start the implementation phase for Zero Trust this year, but what exactly the network-wide, sustainable approach implementation should look like is still unclear to many. “The high number of cyber attacks and serious data leaks in 2019 put the effectiveness of access controls to the test of even well-funded companies,”.
“Many expect the model to be particularly user-friendly, stronger data protection and more effective governance. But there is still uncertainty among security professionals about where and how zero trust controls can best be used in hybrid IT environments. You can see that in our report,”.
Among executives looking to develop their organization’s Zero Trust capabilities in 2020, data protection, customer trust resulting from secure device usage, and effective authorization processes were seen as the top drivers. The study also found that 30 percent of the companies surveyed would like to simplify the management of their access controls through a better user experience and streamlined administration and provisioning procedures. It was also shown that 53 per cent of those surveyed plan to introduce a zero-trust approach in hybrid environments.
Zero Trust: Challenge From Risk-Prone Devices And IoT
More than 40 per cent of respondents said that risk-prone mobile and other devices, unprotected network access by partner companies, cyber-attacks, employees with privileged access rights, and shadow IT caused them the most difficulties in protecting their applications and resources network.
“With the digital transformation, the spread of malware and the number of data leaks and attacks on IoT devices are also increasing. It is easier to trick users into their mobile devices and take advantage of poorly protected mobile Wi-Fi connections. Therefore, full visibility into the management of endpoint devices and measures to enforce authentication and security controls are of the utmost importance when introducing Zero Trust,”.
Zero Trust: Weak Access Controls In Public Cloud Environments
The report also shows that weak access controls for applications in public cloud environments are a concern of 45 percent of respondents. Forty-three per cent have problems managing access to BYOD (bring your device) devices. More than 70 per cent are working on their identity – and improving access management.
“Effective user provisioning, device authentication, and compliance checks are essential to protecting access points. This means that only certain users can access certain resources via secure devices – regardless of whether the network access is via a remote connection or the company’s network, whether a personal or company-provided device is used and whether it is on-premises – or a cloud-based application,”.
Popular Security Approach In Hybrid IT Environments
Employee mobility and hybrid IT models are part of everyday life in many companies. Still, they also use a lot of workloads, data and resources outside the company network, and it is becoming increasingly difficult to protect them and enforce the necessary access controls. The report shows that almost a third of the cybersecurity experts surveyed expect significant benefits from using Zero Trust in hybrid IT environments.
“No matter what phase of the cloud migration companies are in, everyone should first check their security status and data protection requirements when moving their applications and resources from on-premises to public or private clouds. In the transition to a hybrid IT environment, aligning the zero trust model with the migration process can help companies save on utility computing and enable them to use access controls seamlessly and as needed,”.
Take A Close Look At The Security Strategy
Results from the study show that a quarter of companies want to supplement their access controls with functions for a software-defined network perimeter (SDP) or zero-trust network access (ZTNA). “Companies considering a zero-trust approach should look for a solution that can be combined with a perimeter-based VPN. The operational flexibility that this creates is significant for organizations and service providers who need to protect both data centers and multi-cloud environments,”.
Fifty-three per cent of those surveyed interested in SDP need a model suitable for hybrid IT environments, and a quarter (25 percent) would opt for SaaS (Software-as-a-Service). “Some companies are hesitant to implement the SaaS model because they don’t know how to accommodate their legacy applications and fear that they could cause problems during cloud migration,”.
“Others have to adhere to stricter data protection guidelines and would therefore prefer to keep access control internal so that they can better monitor sensitive data. And still, others have invested heavily in their current data center infrastructure and are still satisfied with their model,”.
About the methodology of the study: For the study “2020 Zero Trust Progress Report” commissioned by Pulse Secure and carried out by Cybersecurity Insiders, between August 2019 and January 2020, over 400 decision-makers in the field of cybersecurity, among others from finance and healthcare, manufacturing and high-tech industries, government agencies and the education sector were surveyed. The study aimed to examine the adoption rate and provide insights into companies’ strategies and motivations when implementing a zero-trust approach to security.