Organisations turning to zero trust amid cloud and network security exposure
Organisations are turning to zero trust amid cloud and network security exposure, according to new research.
llumio has released new findings of a commissioned study conducted by Forrester Consulting that explore how organisations are approaching their Zero Trust strategies in 2022 to better navigate the remote world brought on by the COVID-19 pandemic and continuing digital transformation initiatives.
Organisations are Still Grappling with Accelerated Change
The Forrester study, which surveyed decision-makers at large organisations in North America, Europe, the Middle East, Africa (EMEA), and the Asia-Pacific (APAC) region in September 2021, revealed that more than 75 percent of leaders surveyed cited the importance of Zero Trust to combat mounting security threats.
The study also discovered that teams are still fighting to catch up with critical initiatives (over 60 percent of respondents say they were unprepared for the rapid pace of cloud transformation and migration) and are increasingly turning to Zero Trust and micro-segmentation to better adapt to today's hybrid realities.
Additionally, the study uncovered that security leaders believe:
- Advanced Zero Trust programs pose clear organisational benefits, including increased organisational agility (52 percent), safer cloud migrations (50 percent), and support of digital transformation (48 percent).
- Zero Trust adoption will continue to mature, with 78 percent of firms planning to bolster Zero Trust security operations in the new year.
- Implementing Zero Trust technologies can address emerging security gaps, but most enterprises are still in early stages of adoption. Only 36 percent of organisations have started to deploy Zero Trust solutions, and merely 6 percent of them have fully implemented their Zero Trust projects to date.
- Lack of Expertise and Stakeholder Buy-in Compounds Implementation Challenges
- Today, security leaders recognise micro-segmentation as a key technology pillar for achieving Zero Trust at scale. In fact, 73 percent of business leaders consider micro-segmentation and Zero Trust Network Architecture (ZTNA) to be "critical technical foundations'' for their organisation's Zero Trust strategy.
Despite leaders acknowledging the importance of micro-segmentation, adoption rates are lagging, the report found.
The top obstacles facing successful micro-segmentation adoption specifically remain a lack of workforce expertise (nearly two-thirds of respondents believe that internal teams lack the time, subject matter expertise, and skills to implement best practices for micro-segmentation), and an inability to identify the right Zero Trust micro-segmentation pilot (44 percent of leaders report their organisation needs help in identifying and designing the most appropriate Zero Trust pilot – an important step in demonstrating the value of the technology and making the case for further investment).
Additionally, although security leaders understand the value of micro-segmentation, they often have trouble successfully articulating that value-add to organisational stakeholders.
Although there's still a knowledge gap around how to efficiently implement micro-segmentation, 62 percent of organisations attempted to use data center firewalls and software-defined networking (SDN), but they took too long to deploy—53 percent found them to be too expensive, and 50 percent said these approaches didn't scale.
"As we watch threats evolve and breaches become more devastating, the need to implement Zero Trust strategies has never been more urgent," says PJ Kirner, CTO and co-founder, Illumio.
"Micro-segmentation isn't an all-or-nothing strategy, the path to a Zero Trust posture can be broken into bite-sized phases. Start by gaining visibility to see the risk created by open lateral pathways across your interconnected infrastructure and to the internet," Kirner says.
"Then, assume breach and secure your data by building security controls that close these risky pathways. This incremental approach is a journey that bolsters your security posture to reduce risk and increase cyber resiliency.
Greater Zero Trust Adoption and Investment Is Ahead
Organisations are planning to increase their investment in Zero Trust and micro-segmentation in the year ahead. Despite reporting difficulties in obtaining funding, two-thirds of those surveyed say they are planning to expand their Zero Trust budgets in 2022—allocating 36 percent of their total spend to micro-segmentation projects.
Survey findings revealed that security leaders are counting on micro-segmentation to help in a variety of areas crucial to organisational success amid the new business landscape, including bolstering cloud and data center transformations (68 percent), and increasing support for new business and operational models (63 percent).