Cybersecurity: Organizations face key obstacles in adopting zero trust

2 years ago 360

Security pros surveyed by One Identity cited a deficiency of clarity, different priorities and a deficiency of resources arsenic bumps connected the roadworthy to Zero Trust.

zero-in-on-zero-trust.jpg

Image: Illumio

Zero trust is progressively being touted arsenic a solution that tin hole galore of the information problems and weaknesses faced by organizations. But implementing a zero spot exemplary is easier said than done arsenic it requires a rethinking of your full information posture and environment. A study released Tuesday by individuality information steadfast One Identity looks astatine the challenges that harvest up erstwhile organizations question to follow zero trust.

SEE: Zero spot security: A cheat expanse (free PDF) (TechRepublic)

To compile its caller "Zero Trust and IT Security" report, One Identity commissioned Dimensional Research to behaviour a survey of 1,009 IT information professionals to get their opinions connected adoption and experiences with zero spot security. The responses came from a assortment of industries, countries, and institution sizes.

Among the respondents, 75% cited zero spot arsenic critically oregon precise important to their organization's information posture. Some 24% said it was somewhat important, portion lone 1% dismissed it arsenic not important.

For astir of the organizations polled, zero spot is inactive a enactment successful progress. Only 14% person already adopted a zero spot model. Among the rest, 39% said that they've started their implementation but aren't finished, 22% program to acceptable up a afloat zero spot exemplary wrong the adjacent 12 months, and 14% said that an implementation is coming but it volition instrumentality much than 12 months. Just 8% reported nary plans to acceptable up zero trust, portion 2% didn't cognize what zero spot meant.

There's nary 1 close attack to kicking disconnected a zero spot initiative. Instead, the respondents pointed to a assortment of methods. A afloat 49% suggested that organizations commencement by continuously verifying who has entree to what and when. Some 48% advised organizations to amended show idiosyncratic entree and privileges, 41% recommended starting by mounting up caller entree absorption technologies and 35% suggested mapping the postulation of delicate data.

SEE: 5 tips for implementing a zero spot model (TechRepublic)

Other suggestions for starting a zero spot task were to leverage situational consciousness and behavioral monitoring, modify privileges conscionable successful clip and rearchitect the network. Just 1% said that zero spot lacks clarity, truthful it's hard to cognize wherever to start.

Asked however and wherever their ain enactment plans to statesman with a zero spot initiative, 61% said they would reconfigure entree policies, 54% would place however delicate information moves passim the network, 51% would commencement it by mounting up caller technology, and 39% would rearchitect the network.

So far, these suggestions and plans each dependable viable. So, what's the problem? First, there's a deficiency of implicit assurance expressed by the respondents. Just 21% said they were precise assured successful their organization's knowing of a zero spot model. Some 69% said they were somewhat confident, 9% had minimal confidence, and 1% had nary confidence.

Asked astir the barriers they look successful establishing a zero spot model, those surveyed cited a big of items.

The 2 astir communal barriers were a deficiency of clarity astir however zero spot should beryllium implemented and the request of zero spot for ongoing individuality and entree management, each listed by 32%. The 3rd and 4th reasons were the information that zero spot information models interaction worker productivity and that information staffers are excessively engaged and person different priorities, each cited by 31%.

Other obstacles to kicking disconnected a zero spot inaugural were a deficiency of resources oregon budget, the challenges successful predicting the benefits and gathering a concern usage case, the inclination of zero spot to make a siloed approach, and the deficiency of entree to zero spot technology. Only 6% said they faced nary barriers to implementing zero trust.

SEE: Why galore information pros deficiency assurance successful their implementation of Zero Trust (TechRepublic)

How tin an enactment surmount immoderate of these hurdles and successfully instrumentality a zero spot model?

"To flooded the superior barriers, organizations request to statesman reasoning much holistically astir Zero Trust by taking a unified attack to individuality security," said Larry Chinski, VP of planetary IAM strategy astatine One Identity. "Siloed information absorption limits visibility and causes gaps, inconsistencies and adjacent much risk—forcing organizations to assistance always-on privilege. Therefore, it's important to instrumentality a cybersecurity strategy that is flexible and dynamic, which is not locked into a circumstantial acceptable of processes oregon constrained by your hybrid infrastructure."

Chinski suggests that professionals looking to acceptable up a zero spot exemplary commencement by addressing the summation successful identities successful the enterprise, known arsenic identity sprawl. To get escaped of excessive spot and privileges crossed your organization, you request to see not conscionable quality identities but instrumentality identities.

"Overall, the cardinal to palmy implementation and deployment of zero spot is to absorption connected the wide conception of ne'er trust, ever verify," Chinski added. "Third-party sources specified arsenic the National Institute of Standards and Technology (NIST) developed standards for Zero Trust implementation based connected this concept, allowing organizations to weave zero spot models into their wide strategy. Looking astatine zero spot successful a holistic mode is simply a cardinal to helping organizations astir efficaciously instrumentality a ZT architecture."

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also see

Read Entire Article