Zero trust momentum continues

The Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network Segmentation, conducted by Enterprise Management Associates (EMA) and sponsored by Pulse Secure, surveyed more than 250 technology professionals. The newly published report examines how enterprises are moving forward with Zero Trust networking initiatives, where they’re being successful in doing so, and how COVID-19 has affected the forward movement of those projects. 

The research found that the main difference between those who were successful in moving their Zero Trust initiatives forward were those that started out with formalised Zero Trust projects. Those that had dedicated budgets and formal initiatives - (69%) were far more likely to continue accelerating those projects throughout the pandemic, while those that had ad hoc Zero Trust projects were more likely to stall progress or stop entirely.

“The global pandemic has had some profound effects on the enterprise - with remote working being rolled out on an unprecedented scale, increased leverage of cloud resources and applications, and the transition to greater workplace flexibility,” said Scott Gordon, Chief Marketing Officer at Pulse Secure. “The findings indicate that organisations that advance their initiatives and planning towards Zero Trust process and technology implementation will be ahead of the digital transformation curve and much more resilient to threats and crises.”

The research went further into enterprises’ efforts to bring about Zero Trust Networking in their environments. More than four out of five respondents (85%) have defined Zero Trust initiatives. However, less than half of them (42%) have received added budget for their projects. The projects that did receive added budget were more likely to persist through the pandemic.

Enterprises were overwhelmingly positive about their success in pursuing Zero Trust Networking, with the majority (94%) indicating degrees of success; half (50%) labeled their efforts as successful and less than half (44%) of respondents indicating somewhat successful.

Dedicated Zero Trust projects tend to be interdisciplinary, bringing together security and networking teams. In 45% of such projects, security and networking teams have a Zero Trust partnership in which they formally share tools and processes. In half of cases (50%), enterprises created a taskforce from both teams to pursue Zero Trust. The three primary ways in which they collaborated were by coordinating access security controls across different systems (48%), assessing access security control requirements (41%) and defining access requirements according to user, role, data and application (40%).

However, the survey found that collaboration is not without its own roadblocks. 85% of respondents in Zero Trust taskforces and partnerships found themselves struggling with cross-team skills gaps (33%), a lack of tools and processes that might facilitate collaboration (31%), and budget conflicts (31%).

“Enterprises are clearly accelerating efforts to adopt Zero Trust networking initiatives. The survey shows that organisations that move forward with formal initiatives and budget are more likely to achieve implementation success and operational gain,” said Shamus McGillicuddy, vice president of research at Enterprise Management Associates. “We appreciate Pulse Secure’s support and sponsorship of this report that organisations can use to benchmark and progress their Zero Trust programs.”

Additional key findings include:

• Prime Zero Trust Benefits:  When asked what they consider to be the prime benefit of Zero Trust networks, respondents said IT operations agility (40%), improved governance risk and compliance (35%), breach prevention (34%), reducing the attack surface (31%) and unauthorised access mitigation (28%) ranked among the strongest responses.
• Hybrid IT Remote Access: Respondents are applying hybrid IT requirement to Secure Remote Access requirements within their Zero Trust Network Strategy, while the majority (62%) wanted cloud application access, half of enterprises access to public and private cloud resources and applications.
• IoT Device Exposures: Respondents discussed their position towards IoT devices which cannot be provided with the user identities on which Zero Trust is based and how they intend to create access policies for them. Over a third (36%) said that devices would receive tailored access privileges based on function and characteristics, others said that all devices would receive a generic minimum level of access privileges (28%) and that untrusted devices would have limited network access with no access to high risk or compliance zones (23%).