Zscaler, a cloud security provider, has found that almost nine in 10 (88%) Australian IT leaders who have started migrating to the cloud have implemented, are implementing, or are planning to implement a zero-trust security architecture.

Supporting the mass migration to zero trust to secure users and the cloud, 33% of IT leaders believe that implementing zero trust integration will help better to provide secure access for vendors, partners and contractors. Additionally, almost half of Australian IT leaders (46%) agree that zero trust network access has clear advantages over traditional firewalls and VPNs for securing remote access to applications.

These findings were published in The State of Zero Trust Transformation 2023 report by Zscaler, which shows that against a backdrop of rapid digital transformation, IT leaders believe zero trust is the ideal framework for securing enterprise users, workloads and IoT/OT environments in a highly distributed cloud and mobile-centric world. 

Notably, zero trust architecture is built on the principle that no user, device or application should be inherently trusted.

From an IT perspective, zero trust can unlock business opportunities across the overall digitisation process, from driving increased innovation to supporting better employee engagement or delivering tangible cost efficiencies.

IT leaders identified privacy concerns as the main barrier to embracing the full potential of the cloud.

When asked about legacy network and security infrastructures, 46% of Australian IT leaders agree that zero-trust network access has clear advantages over traditional firewalls and VPNs for secure remote access to applications. This further validates the findings that almost 40% agree that secure cloud transformation is impossible with a legacy network security infrastructure. 

While progress on zero trust is substantial globally, Zscaler found Australia is trailing behind, with only 17% of Australian organisations fully confident they are leveraging the full potential of their cloud infrastructure, so while organisations have made solid initial steps on their cloud journey, there is a massive opportunity to capitalise on the benefits of the cloud. 

While at first glance, security appears to stand in the way of fully realising the full potential of the cloud, the motivations behind cloud migration suggest a more fundamental barrier in how IT leaders view the cloud. IT leaders cited data privacy concerns, challenges to securing data in the cloud, and scaling network security as among the top barriers to embracing the cloud's full potential.

However, when asked about the main factors driving digital transformation initiatives in their organisations, the top three factors for Australians were cost reduction, allowing hybrid work, and managing multi-cloud environments, suggesting there may still be a distinct lack of understanding around how to capitalise on its broader business benefits fully.

Australian IT leaders surveyed in Zscaler's research predicted that in the next 12 months, their organisations' employee base would continue to be fully embracing the different work style options available to them, split between full-time office workers (36%), fully remote (33%) and hybrid (30%). However, it also found that organisations may still need to be equipped to handle the ever-evolving mix of hybrid working requirements.

Only 13% indicated that a hybrid work specific zero trust-based infrastructure is already in place, suggesting that organisations need more time to be fully ready to handle the security of this highly distributed working environment on a broad scale.

In line with the motivations behind cloud migration, Zscaler found that a focus on broader strategic outcomes must be added to how organisations plan emerging technology initiatives. Asked about the single most challenging aspect of implementing emerging technology projects, a quarter (25%) of Australian IT leaders cited adequate security, followed by strategic business decisions (23%) and budget requirements (19%). 

While budget concerns are natural, the focus on securing the network while ignoring strategic business alignment suggests organisations are focused on security without a complete understanding of its business benefit and that zero trust itself still needs to be understood as a business enabler.

“The state of zero trust transformation within organisations today is promising – implementation rates are strong,” says Nathan Howe, vice president of emerging technology, 5G at Zscaler. “But organisations could be more ambitious. There’s an incredible opportunity for IT leaders to educate business decision-makers on zero trust as a high-value business driver, especially as they grapple with providing a new class of hybrid workplace or production environment and reliant on a range of emerging technologies, such as IoT and OT, 5G and even the metaverse. A zero trust platform has the power to redesign business and organisational infrastructure requirements: to become a true business driver that doesn’t just enable the hybrid working model employees are demanding, but enables organisations to become fully digitised, benefiting from agility, efficiency and future-proofed infrastructure.”

“Asia Pacific is a great example of how 'one size does not fit all.' Every market in this region has a different approach to working. Even before the pandemic, we have observed significant differences, with markets like Japan and Singapore following a more hierarchical structure while Australia and India had a more relaxed working model," says Heng Mok, CISO, APJ at Zscaler.

“With the APAC region comprising some of the most locked down cities globally, these nuances are even more pronounced now as we emerge from lockdowns. Amongst the survey respondents, the majority of decision makers from Japan and Singapore expected their workforce to come into the office full-time, a stark contrast from those surveyed in Australia and India, who expected their workforce to be fully remote.”

“We expect to see more organisations doubling down on a hybrid work model in the long run. Many organisations are opting for hybrid work practices to reap the intangible benefits of attracting and retaining talent. With heightened competition for the limited talent pool, it is unsurprising that many are incorporating similar policies and looking at technology stacks to support this transition much more seamlessly.”

Finally, Zscaler makes four key recommendations for organisations to capitalise on zero trust in its report.

These include understanding, not all zero trust offerings are created equal. Implementing a true zero-trust architecture built on the principle that no user or application is inherently trusted is important. It starts with validating user identity and business policy enforcement based on contextual data to provide users, devices and workloads direct access to applications and resources, never the corporate network. This eliminates the attack surface so threats can't gain access to the corporate network and move laterally, thus improving the security posture.

Zero trust is an enabler of transformation and business outcomes. With its increased levels of security, visibility and control, leverage holistic a zero trust-based architecture to remove the complexity from IT operations to allow organisations to focus on gaining improved business outcomes as part of their digital transformation initiatives and remain competitive.

Zero trust is essential for the boardroom. To align with business strategies, CIOs and CISOs should leverage the findings to help dispel fear, uncertainty and doubt around zero trust and promote its full business impact with key decision makers.

It is important to note that zero trust-enabled infrastructure is the foundation for the future. Emerging technologies need to be considered a competitive business advantage, and zero-trust will support emerging trends' secure and performant connectivity requirements.