SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
More than half of organisations face gaps in their zero-trust implementations
Fri, 14th Jan 2022
FYI, this story is more than a year old

More than half of organisations face gaps in their zero-trust implementations, according to new research from Fortinet.

The cybersecurity company has unveiled the Global State of Zero Trust Report, which reveals that while most organisations have a vision of zero trust or are in the process of implementing zero-trust initiatives, more than half of organisations cannot translate this vision into the solutions they are implementing because they lack some basic core fundamentals of zero trust.

A recent FortiGuard Labs Threat Landscape Report demonstrated an increase in the volume and sophistication of attacks targeting individuals, organisations, and increasingly critical infrastructure. Organisations are looking for solutions to protect against these evolving threats, and zero trust is top of mind, but for multiple reasons.

Additionally, the shift to work-from-anywhere has put a spotlight on zero-trust network access (ZTNA) in particular, as organisations need to protect important assets from workers connecting from poorly protected home networks.

Confusion over defining zero-trust strategies

The report illustrates some confusion about what comprises a complete zero-trust strategy. Respondents indicated they understand zero trust (77%) and ZTNA (75%) concepts, and over 80% reported already having a zero-trust or ZTNA strategy in place or development. Yet, over 50% indicated being unable to implement core zero-trust capabilities.

Nearly 60% indicated they could not authenticate users and devices on an ongoing basis, and 54% struggled to monitor users post-authentication.

This gap is concerning because these functions are critical tenets of zero-trust, and it brings into question the actual reality of these implementations across organisations. Adding to the confusion are the terms “Zero Trust Access” and “Zero Trust Network Access,” which are sometimes used interchangeably.

Zero trust is top of mind and priorities are varied

Priorities for zero trust are “minimising the impact of breaches and intrusions” followed closely by “securing remote access” and “ensuring business or mission continuity.” “Improving user experiences” and “gaining flexibility to provide security anywhere” were also top priorities.

“Security across the entire digital attack surface” was the single most important benefit cited by respondents, followed by a “better user experience for remote work (VPN).

A vast majority of the survey respondents believe that it is vital for zero-trust security solutions to be integrated with their existing infrastructure, work across cloud and on-premises environments, and be secure at the application layer.

However, more than 80% of respondents indicated that it is challenging to implement a zero-trust strategy across an extended network. For organisations without a strategy in place or development, obstacles included a lack of skilled resources, with 35% of organisations using other IT strategies to address zero trust.

About the zero-trust report

The report is based on a global survey of IT decision-makers and aimed at better understanding how far along organisations are in their zero-trust journey. The survey is intended to better understand the following: how well zero trust and ZTNA understand the perceived benefits and challenges in implementing a zero-trust strategy adoption and the elements included in a zero-trust strategy.

The survey was conducted in September 2021 with 472 IT and security leaders from 24 different countries, representing nearly all industries, including the public sector.