Interest levels in approaches to creating zero-trust IT environments are now reaching a zenith. A survey of 800 IT and security professionals, conducted by The Cloud Security Alliance (CSA), finds 94 percent of respondents are in the process of implementing zero-trust IT strategies, with 77 percent expecting to increase spending to achieve that goal over the next 12 months.
Zero-trust is a security framework that requires all users, applications, and machines, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated before being granted to keep access. It assumes there is no traditional network perimeter.
The CSA survey finds only 19 percent of respondents are currently implementing their zero-trust IT strategy. Another 33 percent are in the design phase while 37 percent are still in the planning stages, the survey finds. Nearly half (47 percent) said they have been working on their strategy for more than two years.
The survey also finds that among the 219 C-level executives that participated in the survey, a full 80 percent are making zero-trust IT a priority for their organizations during the next 12 months. Well over a third of all respondents (35 percent) said spending on these initiatives will increase by 26 percent or more. Respondents that have zero-day initiatives are being led by CTOs (44 percent), CFOs (39 percent), CISOs (33 percent), COOs (33 percent) and CIOs (32 percent), the survey finds.
It’s a major, also arguably long overdue, shift that is underway in terms of how organizations are approaching IT. Organizations are finally coming around to the idea that there is no defensible network perimeter. The survey finds the primary reasons for adopting a zero-trust IT strategy are to enable cloud adoption (35 percent), simplify user experiences (34 percent) reduce attack surface (32 percent), improve security risk posture and resilience (32 percent), enforce least privileges (28 percent), improve governance and accountability (28 percent) and reduce complexity (25 percent).
The survey also identifies the biggest security concerns are protecting against zero-day threats (53 percent), protecting employees working from home (51 percent), data loss (36 percent), threats hidden in encrypted traffic (32 percent) and protecting all ports and protocols (18 percent).
Top IT issues cited are identity and access management (34 percent) data flow management (31 percent), network security (31 percent, asset management (30 percent), application dependencies (29 percent), governance and policy (29 percent) behavioral (29 percent) and endpoint security (29 percent). The top technical challenges are policy enforcement (35 percent), defining access requirements (34 percent), access across technology stack (34 percent) and legacy technology (30 percent).
Business challenges inhibiting the adoption of zero-trust IT include lack of knowledge and expertise (40 percent), lack of alignment and buy-in (34 percent) additional staffing needs (33 percent), lack of technology solutions (32 percent) and lack of an executive sponsor (26 percent).
It’s clear that while most organizations are moving toward zero-trust IT frameworks their ability to execute is limited. Managed services providers (MSPs), on the other hand, typically already have much of that expertise at their disposal. An MSP that positions itself as an enabler of zero-trust IT is going to strike a chord with organizations that are looking for a way to make themselves less vulnerable to cybersecurity attacks that only continue to increase in volume and sophistication.
This kind of fundamental shift in IT strategy comes along but once a decade. MSPs that have the skills to deliver on the zero-trust IT promise should not waste the opportunity.
Photo: Fit Ztudio / Shutterstock