The security world has been under the spell of zero trust for some time. Zscaler research now confirms that organizations also see the framework as an ideal tool for securing users, workloads and devices. Cloud migration contributes to this: 91 percent of the organizations have implemented or are in the process of implementing a zero trust strategy. Yet the full potential is only used by a small portion of the organization, 22 percent of IT decision makers believe. It presents an opportunity for zero trust.
Prior to the announcement of the survey, we attended a presentation by VP Emerging Technology & 5G Nathan Howe. Howe has a lot of visibility into zero trust from his role at Zscaler, as the company is fully committed to the concept with its Zero Trust Exchange platform. However, a survey could bring things into sharper focus. That’s why Zscaler surveyed 1,908 IT decision makers (CIOs, CISOs, Chief Digital Officers and Heads of Network Architecture). It can conclude that business is taking zero trust seriously as a framework. In the Netherlands and worldwide, the concept is popular among organizations with a started cloud migration.
Cloud an ideal tool with new challenges
It is now clear to many organizations that the cloud is an attractive infrastructure option. By purchasing applications, data and workloads as hosted services, they achieve benefits around performance, scalability and availability. It is an easy way to support hybrid working and enable innovations, for example.
However, embracing the cloud and thus moving toward a hybrid cloud makes complete reliance on legacy network security architecture difficult. Such legacy architecture was created to direct traffic to the data center, where the additional security steps are taken care. Traditional firewalls and VPNs are far from ideal, Zscaler argues. On top of that, the attack surface of hackers is increasing as more services, users and devices connect to the Internet. On paper, each new connection is a new entry point for a cybercriminal.
Zero trust is a journey to a more secure architecture
Zscaler’s research shows that IT decision makers are concerned about a number of issues surrounding the cloud. The top concerns are security, access and complexity. This is exactly why interest is growing in zero trust as a technology to address the concerns. It allows organizations to secure themselves based on least-privileged access and the principle of not trusting any user or application. Zero trust assumes that everything is suspected. Trust can only be established based on user identity and context. Policies serve as a kind of gatekeeper. “Never trust, always verify,” is the idea.
The CIOs, CISOs, CDOs and Heads of Network Architecture surveyed demonstrated a good basic understanding of the security benefits of zero trust. For example, Zscaler asked them about traditional network and security infrastructure. Just over half indicated that VPNs or perimeter firewalls are ineffective for protecting against cyber attacks or providing visibility into application traffic and attacks. In addition, 68 percent admit that zero trust network access has advantages over traditional firewalls and VPNs for secure remote access. They may also be convinced that secure cloud transformation cannot be achieved with legacy network security infrastructure.
Implementation rate of 90 percent
So awareness seems to be in good shape. For example, globally, 91 percent of those surveyed who started the cloud migration have either implemented a zero trust strategy or planned to do so in the next 12 months. Italy and India stand out in this regard. Respectively, 97 percent and 96 percent of organizations have implemented or plan to implement the strategy. Further topping the list are the United Kingdom (95 percent), the U.S. (95 percent), Japan (94 percent), Brazil (93 percent), Singapore (93 percent), Germany (92 percent), Mexico (91 percent), the Netherlands (90 percent), Spain (89 percent), France (89 percent), Australia (88 percent) and Sweden (85 percent).
A siloed IT-centric security solution?
When zooming in a bit further on why companies are implementing a zero trust architecture, several motivations are mentioned. Ranking highest is “improving detection of advanced threats or Web application attacks and extending security for sensitive data” (65 percent). A solid second place finishes “securing remote access for vendors, partners and operational technology” (44 percent). This is followed by “improving secure access for a hybrid workforce” (27 percent) and “reducing the cost and complexity of legacy network security” (24 percent).
Yet Zscaler concludes that while interest in zero trust is high, the technology’s potential as a “business enabler” is not being fully exploited. In fact, the survey results indicate that zero trust is still predominantly seen as a siloed IT-centric security solution. In other words, the concept is primarily deployed to address security challenges. However, Zscaler points out that zero trust can offer organizations much more.
Recommendations for taking advantage of zero trust
As far as we are concerned, this brings us to one of the most important things Zscaler comes up with during the presentation of the study: the recommendations for taking advantage of the potential of zero trust. First, it involves emphasizing that companies would be wise to implement a “true zero trust architecture”. That architecture should be based on the principle of not trusting any user or application.
Zscaler’s second recommendation focuses a bit more on removing complexity around IT operations. Namely, zero trust aims for a higher level of security, visibility and control. With IT people less occupied with such tasks, they can focus on achieving improved business outcomes with other ongoing digitization projects.
Zscaler’s other recommendation is the fact that zero trust can serve as a foundation for the future. Indeed, zero trust may be necessary to deploy emerging technologies, such as 5G. Zero trust supports connectivity needs around performance and security for emerging technologies. Such technologies should be deployed as a competitive business advantage in Zscaler’s view.
Finally, Zscaler talks about zero trust for the boardroom. To match business strategy, Zscaler recommends that CIOs and CISOs use the survey results to eliminate fear, uncertainty and doubt about what zero trust means. Ideally, they can convince other decision makers that the entire company will benefit.
“Organizations could be more ambitious. There is an incredible opportunity for IT leaders to educate business IT decision makers about zero trust as a high-value business driver, especially as they struggle to provide a new class of hybrid workplace or production environment and depend on a range of emerging technologies such as IoT and OT, 5G and even the metaverse,” Howe said.
“A zero trust platform has the power to redesign business and organizational infrastructure requirements: to become a true business driver that doesn’t just enable the hybrid working model employees are demanding, but enables organizations to become fully digitized, benefiting from agility, efficiency and future-proofed infrastructure,” Howe stated.
Zscaler sees plenty of opportunity in that regard, especially realizing that the reason behind cloud migration shows how IT leaders view the cloud. IT leaders in the Netherlands cited the challenges of scaling network security, the challenge of enabling third-party access to applications and data and concerns about data privacy as the biggest barriers to embracing the full potential of the cloud.
In addition, IT leaders believe the workforce will continue to embrace different work options in the coming year. They expect a mix of full-time office workers (37 percent), fully remote (34 percent) and hybrid. Zero trust may be the architecture in that situation to reliably connect everything.
Curious about all of the Zscaler survey results? You can download the results on the Zscaler website.