Over the last two years, organizations worldwide have accelerated their digital transformation timelines in response to new security and business requirements. In this time, it’s become clearer than ever that perimeter security is an outdated model, ineffective at preventing and mitigating the damage of next-generation cyberattacks like those that struck Colonial Pipeline and SolarWinds.
Instead, the Zero Trust security framework, founded on the “never trust, always verify” rule, has emerged as the best way for enterprises to secure their networks, whether on-premises, hybrid, cloud, or multi-cloud.
But adopting Zero Trust security isn’t as simple as flipping a switch. It’s a strategic approach that touches every aspect of your business. At ColorTokens, we wanted to understand how companies are approaching the complex and important decisions involved in Zero Trust. We interviewed 1,283 InfoSec leaders and Zero Trust practitioners to understand:
- Do organizations understand the importance of Zero Trust?
- Do companies plan to implement Zero Trust? If so, when?
- What motivates organizations to implement Zero Trust?
- What challenges do companies face in adopting Zero Trust?
For this post, we teased out three overarching lessons we learned from talking to your peers about their Zero Trust plans and priorities.
1. Zero Trust framework is the best security model for today’s business requirements
A full 93% of our respondents say their organization sees Zero Trust as a necessity: a more proactive and effective security framework than perimeter security, capable of fending off sophisticated attacks and lightening the load on security teams by reducing false positives and limiting the blast radius of any attacks that do occur.
Companies recognize that Zero Trust works: 84% of respondents agreed that adopting a Zero Trust framework would prevent attacks or limit their success. A majority of companies are confident that implementing a Zero Trust model could thwart breaches, reduce attack surface area, and limit blast radius.
Given that most companies consider Zero Trust to be necessary and effective, it’s no surprise that a majority of respondents are planning to implement Zero Trust in less than a year: Almost 40% are planning to enable Zero Trust in three months or less, while 80% plan to enable Zero Trust within 12 months.
2. To get organizational buy-in for Zero Trust, start small and scale
“Zero Trust” is sometimes dismissed as a meaningless buzzword, and this attitude can create hurdles when you’re trying to get buy-in from stakeholders at your organization. Part of the problem is that marketers make unrealistic promises that confuse our understanding and expectation of what Zero Trust means and how it works.
Almost 80% of survey respondents reported that Zero Trust providers lack a strategic grasp of Zero Trust or focus on solutions selling instead of highlighting commercial capabilities. The result is that the burden is on you to educate your team about the many good reasons to implement Zero Trust.
Cybersecurity expert Dr. Chase Cunningham recommends that organizations take an incremental, progressive approach to the Zero Trust journey. Work on solving specific problems, like secure remote access for contractors and third parties, that support strategic goals, like the scalability and reliability of a fully cloud-based network. Trumpeting your successful outcomes, when you realize them, will help you get people across your organization on board with the benefits of a Zero Trust adoption.
3. Partnering with the right Zero Trust vendor can make your implementation successful
Survey respondents mentioned plenty of reasons why their Zero Trust implementation might be delayed, from budget constraints and lack of organizational buy-in to limited expertise. But one common theme was that most organizations feel their Zero Trust journey would be more successful with expert help: 70% percent of our respondents said their company could implement Zero Trust faster with the help of a partner.
Working with the right Zero Trust provider can help you manage the complexity of implementation, so your teams can focus on minimizing downtime and business disruption while continuing to support your core functions. From our conversations with Zero Trust advocates and practitioners, it’s clear that Zero Trust implementation can be a larger, more interconnected and complex problem than some companies might realize. If you recognize this going in, and if you look for a partner who’s committed to the success of your Zero Trust initiatives, you’re more likely to be successful.
Ready for more insight into how InfoSec leaders are tackling Zero Trust implementation? Download the report to hear from 1,283 of your peers, plus expert advice from former federal CIO Tony Scott and cybersecurity authority Dr. Chase Cunningham.