Cybersecurity solutions provider Fortinet recently published a report revealing that a large number of companies who are already implementing zero trust security strategies are still struggling to monitor their users’ post-authentication or are unable to completely deploy core zero-trust capabilities at all.
The “Global State of Zero Trust Report” is based on the results of a survey for organizations that either support the vision of zero trust strategy, or are already in the process of implementing zero-trust initiatives.
Despite the high level of respondents expressing an understanding of zero trust (77%) and zero trust network access (75%), more than 50% admitted to failing zero trust implementation, as well as authenticating users and devices on an ongoing basis.
According to John Maddison, EVP of Products and CMO at Fortinet, the shift from implicit trust to zero trust is top of mind for organizations who are now dealing with an evolving threat landscape, transition to work-from-anywhere, and the need to securely manage applications in the cloud.
“Our survey shows while most organizations have some form of a zero-trust strategy in place, they fall short of a holistic strategy and struggle to implement some core zero-trust security basics. An effective solution requires a cybersecurity mesh platform approach to address all zero-trust fundamentals across the infrastructure, including endpoint, cloud, and on-premises, otherwise the result is a partial, non-integrated solution that lacks broad visibility,” he added.
In the work-from-anywhere, the spotlight is put on zero-trust network access specifically since organizations have a responsibility in protecting its assets especially if its remote workers are connected to poorly protected home networks.
This gap is concerning because these functions are critical tenets of zero-trust and it brings into question what the actual reality of these implementations is across organizations. Adding to the confusion are the terms “Zero Trust Access” and “Zero Trust Network Access,” which are used sometimes interchangeably.
The priorities for zero trust also vary for each organization, some of which are focused on minimizing the impact of breaches and intrusions, while others securing remote access or ensuring business or mission continuity.
When it comes to the significant benefits of zero trust, a majority of the respondents are taking advantage of security across their entire digital attack surface, and the resulting better user experience for remote work (VPN).
More than 80% of the respondents expressed worries over implementing a zero-trust strategy across an extended network, especially those enterprises with shortage of skilled resources.
Nevertheless, this majority also believes that zero-trust security solutions should be integrated with existing infrastructure, work across cloud and on-premises environments, and begins at the the application level.
