What do we want? Zero trust! When do we want it? Later!
Almost half, of the participants in a new survey say zero trust is critical to their organizational security model, with only two percent of business leaders believing zero trust non-essential for their enterprise security posture.
But the study from Illumio, based on responses from over 460 IT and security professionals, finds that real world adoption is lagging. Of the respondents who find zero trust to be extremely or very important to their security posture, only 19 percent have fully implemented or widely implemented their zero trust plan.
"Zero Trust is mission critical to any cybersecurity strategy. Adversaries don't stop at the point of breach -- they move through environments to reach their intended target or access your crown jewels," says Matthew Glenn, senior vice president of product management at Illumio. "In today's world, stopping the lateral movement of attackers has become fundamental to a defender's job. What's more, as employees continue to work remotely at scale, it is essential to extend Zero Trust to the endpoint to further reduce the attack surface and secure the enterprise."
Part of the slowness to adopt could be because no single product or solution enables organizations to achieve zero trust on its own. The survey asked which technologies companies have implemented on the way to achieving zero trust. Not surprisingly, those with a lower barrier to entry, like multi-factor authentication (MFA) and single sign-on (SSO), are most widely adopted.
Of more sophisticated solutions, 32 percent of respondents have adopted campus-wide segmentation, another 30 percent have incorporated software-defined perimeter (SDP) technologies, and 26 percent are leveraging micro-segmentation, a key zero trust technology for preventing the lateral movement of attackers.
In the longer term, 51 percent of respondents plan to deploy micro-segmentation as one of their primary zero trust controls in six months or more, due to its effectiveness and importance in preventing high-profile breaches by stopping lateral movement. Plus, over the next six months, 23 percent of organizations plan to implement MFA and 18 percent plan to deploy SSO.
The full report is available on the Illumio site.