The 2023 Zero Trust Security Report reveals how enterprises are implementing Zero Trust security in their organizations, including key drivers, adoption trends, technologies, investments, and benefits.
To provide this information, we surveyed cybersecurity professionals ranging from technical executives to IT security practitioners, representing a balanced cross-section of organizations of varying sizes across multiple industries.
Key findings include:
■ Despite Zero Trust’s importance, knowledge and readiness gaps persist. Many cybersecurity teams buckle at the overhead that a Zero Trust framework implies. Some companies aren’t ready to spend what it takes to do it properly. This may be reflected in the survey, in which only 15% of respondents indicated Zero Trust Network Access (ZTNA) was “already implemented” while another 9% said they had “no plans” to implement. Despite its fad-like identity, Zero Trust is an important security trend and ongoing philosophy that should take a key role in improving an organization’s security maturity. And Zero Trust is not something organizations can ever mark “complete.” Rather, Zero Trust is a journey, and continuous steps in the right direction will contribute to success and support incremental improvement.
■ Are over-privileged users the problem? Respondents were divided. In one question, it was surprising to see that less than 25% of organizations’ security incidents were believed to have been as a result of over-privileged users. This could indicate that respondents either misrepresented the root cause of events, or perhaps there’s been a shift in strategy and compromise methods away from the user space and into other domains like SaaS and identity. However, in another question, over privileged users were listed as a top challenge, indicating this is a moving target for organizations.
■ Device security needs more attention. Many respondents identified the importance of protecting data but had mobile device management (MDM) and bring your own device (BYOD) low on their priority lists. Addressing BYOD can be complex, as privacy is the key to BYOD but it must be balanced with control. However, securing these devices should be a primary focus area as they are a major pain point today for corporate security teams in their intrusion prevention and data loss prevention (DLP) efforts.
Many thanks to Fortra for supporting this important research project.
We hope you’ll find this report informative and helpful as you continue your efforts in protecting your IT environments.