More Companies Moving From Implicit Trust to Zero Trust

KUALA LUMPUR, Malaysia – 21 January – In cybersecurity, zero-trust has been a hot topic for years, and most experts support the concepts behind the zero-trust security model. Instead of assuming anyone or anything that has gained access to the network can be trusted, zero-trust assumes the opposite. Nothing can be trusted anywhere, whether outside or inside the network perimeter.

According to a new survey from Fortinet, although many organizations have a vision for zero-trust, it isn’t necessarily translating into solutions in place. And granting too much trust can have dire consequences. According to IBM, the global average cost of a data breach is now at a whopping $4.24M. However, it’s no surprise that more organizations are looking to shift from implicit trust to zero trust.

Gap Between Ideas and Reality

The survey showed that organizations see the benefits of the zero-trust security model. When organizations were asked what they perceived as the most significant benefit of a zero-trust solution, 22% said, “security across the entire digital attack surface,” followed closely by “better user experience for remote work (VPN)”.

Not only do organizations believe in zero-trust, a vast majority of the survey respondents reported that they already have a zero trust and/or ZTNA strategy in place or development. And 40% report that their strategy is fully implemented.

But here’s where zero-trust ideas crash into reality. More than half of the respondents don’t have the ability to authenticate users and devices on an ongoing basis and are struggling to monitor users post-authentication.

These functions are critical tenets of the zero-trust philosophy, which makes you wonder what type of zero-trust implementation these organizations actually have. It’s possible that although the survey respondents feel they have implemented zero trust, they may not truly have done so. Or perhaps, that they have incomplete deployments.

Either way, the resulting lack of security is concerning.

Maybe Zero Trust Is Harder

Interestingly, although respondents reported that they understand zero-trust concepts, more than 80% felt that implementing a zero-trust strategy across an extended network wasn’t going to be easy. Most of them (60%) report it would be moderately or very difficult, and another 21% said it would be extremely difficult.

Survey respondents almost universally acknowledge that it is vital for zero-trust security solutions to be integrated with their infrastructure, work across cloud and on-premises environments, and be secure at the application layer.

However, even realizing the importance of integration, the most prominent challenge organizations report facing in building a zero-trust strategy is the lack of qualified vendors with a complete solution.