Leveraging the full potential of zero trust

More than 90% of IT leaders who have started migrating to the cloud have implemented, are implementing, or are planning to implement a zero-trust security architecture, according to Zscaler.

OPIS

Supporting the mass migration to zero trust to secure users and the cloud, 68% believe that secure cloud transformation is impossible with legacy network security infrastructures or that ZTNA has clear advantages over traditional firewalls and VPNs for remote access to applications.

Zscaler’s research shows that against a backdrop of rapid digital transformation, IT leaders believe zero trust – built on the principle that no user, device or application should be inherently trusted – is the ideal framework for securing enterprise users, workloads and IoT/OT environments in a highly distributed cloud and mobile-centric world.

Approached from a holistic IT perspective, zero trust has the potential to unlock business opportunities across the overall digitization process, from driving increased innovation to supporting better employee engagement or delivering tangible cost efficiencies.

The leading cloud concerns

IT leaders identified security, access, and complexity as top cloud concerns, creating a clear case for zero trust to overcome these hurdles. When asked about legacy network and security infrastructures, 54% indicated they believed VPNs or perimeter-based firewalls are ineffective at protecting against cyberattacks or providing poor visibility into application traffic and attacks. This further validates the findings that 68% agree that secure cloud transformation is impossible with a legacy network security infrastructure or that ZTNA has clear advantages over traditional firewalls and VPNs for secure remote access to critical applications.

The cloud context – A lack of confidence

While progress on zero trust is strong, Zscaler found that globally only 22% of organizations are fully confident they are leveraging the full potential of their cloud infrastructure, so while organizations have made solid initial steps on their cloud journey, there is a massive opportunity to capitalize on the benefits of the cloud.

Regionally, the results vary, with 42% of organizations in the Americas feeling fully confident in using their cloud infrastructure, compared with 14% of organizations across EMEA and 24% in APAC. While India (55%) and Brazil (51%) are leading on a country level followed by the US (41%) and Mexico (36%), European and Asian countries are less confident in Europe, Sweden (21%) and the UK (19%) are leading followed by Australia (17%), Japan (17%) and Singapore (16%). The remaining European countries are lagging: The Netherlands with 14%, Italy (12%), both France and Spain at 11% and Germany with 9%.

This chasm between the most progressive country being more than six times the most lagging country shows varying confidence levels of the cloud by region. Further, it presents an opportunity for education and closing the skills gap.

While at first glance, security appears to stand in the way of fully realizing the full potential of the cloud, the motivations behind cloud migration suggest a more fundamental barrier in how IT leaders view the cloud. IT leaders cited data privacy concerns, challenges to securing data in the cloud, and the challenges of scaling network security as among the top barriers to embracing the cloud’s full potential.

However, when asked about the main factors driving digital transformation initiatives in their organizations, the top three factors were cost reduction, managing cyber risk, and facilitating emerging technologies like 5G and Edge computing, suggesting there may still be a distinct lack of understanding around how to capitalize on its broader business benefits fully.

Meeting the hybrid mix with zero trust

IT leaders surveyed in Zscaler’s research predicted that in the next 12 months, their organizations’ employee base will continue to be fully embracing the different work style options available to them, split between full-time office workers (38%), fully remote (35%) and hybrid (27%). However, it also found that organizations may still be unequipped to handle the ever-evolving mix of hybrid working requirements.

Globally, only 19% indicated that a hybrid work specific zero trust-based infrastructure is already in place, suggesting that organizations are not fully ready to handle the security of this highly distributed working environment on a broad scale. Next to those who have already updated their infrastructure, a further 50% are in the process of implementing or are planning a zero trust-based hybrid strategy.

Employee user experience was mentioned as the top reasons for implementing a zero-trust-based hybrid work infrastructure. More than half (52%) agreed that implementation would help tackle inconsistent access experiences for on-premise and cloud-based applications and data, 46% that it would tackle productivity loss due to network access issues, and 39% that using zero trust would allow employees to access applications and data from personal devices. These views reflect the wider challenge beyond security that hybrid working presents around access, experience, and performance and the role zero trust plays in response.

The potential of zero trust as a business enabler

In line with the motivations behind cloud migration, Zscaler found that a focus on wider strategic outcomes is missing from how organizations are planning emerging technology initiatives. Regarding the single most challenging aspect of implementing emerging technology projects, 30% cited adequate security, followed by budget requirements for further digitization (23%). However, only 19% cited dependency on strategic business decisions as a challenge.

While budget concerns are natural, the focus on securing the network while ignoring strategic business alignment suggests organizations are focused on security without a full understanding of its business benefit, and that zero trust itself is not yet understood as a business enabler.

“The state of zero trust transformation within organizations today is promising – implementation rates are strong,” said Nathan Howe, VP of Emerging Tech, 5G at Zscaler. “But organizations could be more ambitious. There’s an incredible opportunity for IT leaders to educate business decision-makers on zero trust as a high-value business driver, especially as they grapple with providing a new class of hybrid workplace or production environment and reliant on a range of emerging technologies, such as IoT and OT, 5G and even the metaverse. A zero trust platform can redesign business and organizational infrastructure requirements: to become a true business driver that doesn’t just enable the hybrid working model employees are demanding, but enables organizations to become fully digitized, benefiting from agility, efficiency and future-proofed infrastructure.”

Key recommendations for organizations to capitalize on zero trust

  • Not all zero trust offerings are created equal: It’s important to implement a true zero trust architecture built on the principle that no user or application is inherently trusted. It starts with validating user identity combined with business policy enforcement based on contextual data to provide users, devices and workloads direct access to applications and resources – never the corporate network. This eliminates the attack surface so threats can’t gain access to the corporate network and move laterally thus improving the security posture.
  • Zero trust as enabler of transformation and business outcomes: With its increased levels of security, visibility and control, leverage holistic a zero trust-based architecture to remove the complexity from IT operations to allow organizations to focus on gaining improved business outcomes as part of their digital transformation initiatives and remain competitive.
  • Zero trust for the boardroom: To align with business strategies, CIOs and CISOs should leverage the findings to help dispel fear, uncertainty and doubt around what zero trust means and to promote its full business impact with key decision makers.
  • Zero trust-enabled infrastructures as foundation for the future: Emerging technologies need to be looked at as a competitive business advantage and zero trust will support the secure and performant connectivity requirements of emerging trends.

Don't miss