Zero Trust – a cybersecurity concept focused on eliminating vulnerable permissions and unnecessary/excessive access to an organization’s critical assets – isn’t a new idea. It was developed by Forrester Research more than a decade ago.
And while it has remained on security executives’ broad radar since that time, it hasn’t gotten the attention that it probably deserved over the past several years. That is, until 2021. The last 12 months have been marked by a number of cyberattacks that have involved user credentials (e.g., the Colonial Pipeline cyberattack and the SolarWinds hack) which have once again elevated the importance of Zero Trust. The attention was further heightened when the U.S. White house issued an executive order on the federal government’s cybersecurity practices in May 2021.
As a result, we are seeing a new wave of organizations looking to deliver a continuum of different rights across the organization – thereby ensuring access to only what’s needed for an employee’s job, reducing error-prone manual processes typically associated with managing access rights.
But how fast is Zero Trust being adopted, how many others plan to move to this model and what are some common barriers to deployment?
To learn more about the current state of Zero Trust (its awareness, adoption, and barriers to success) One Identity recently commissioned a survey of IT security leaders from around the globe. The online survey was conducted in September 2021 and was completed by more than 1,000 respondents from around the world and representing a range of company size and verticals.
Here are three key takeaways from this survey:
- Zero Trust is critical to cybersecurity strategy: 75% of organizations agree that Zero Trust is of great importance to their overall security posture. Only 1% of security leaders believe that Zero Trust is of no importance to their organization.
- Adoption is still a work in progress: Despite rising awareness, only 14% of organizations have already implemented a Zero Trust model. Lack of clarity (32%) around how Zero Trust should be implemented remains the largest barrier to success, which is quickly being addressed in many circles around the globe.
- Technology is an important component of the solution: More than half of organizations plan to implement new technology to achieve Zero Trust.
Need further evidence that Zero Trust is seeing a resurgence?
A White House fact sheet, which supplemented the aforementioned executive order, states: “The Executive Order helps move the Federal government to secure cloud services and a Zero Trust architecture, and mandates deployment of multifactor authentication and encryption with a specific time period.” And a follow-on FedScoop article stated this week: “Zero Trust security is no longer just an option for federal agencies.”
What does this all mean?
Security executives are recognizing that the traditional perimeter is no longer enough to protect the organization, in light of a rapidly evolving threat landscape. Organizations must therefore shift their focus from trying to protect everything to assuming that a breach is inevitable. And if you can prevent an attacker from gaining access to all your people, applications and data once they are in, you can effectively minimize the blast radius. Zero Trust is the key to this endeavor.
One Identity’s Unified Identity Security Platform enables organizations to make Zero Trust a reality. By providing 360-degree visibility across all identities (human, machine, and proliferating accounts caused by changes in how and where we work), the ability to verify everything before granting access, and adaptive security controls, organizations can reduce risk from cyberattacks, and limit damage from crippling and expensive breaches.