The digital landscape can be hard to keep up with, especially from a security standpoint. First off, it’s growing and expanding. The number of connected machines and devices needing to be secured has grown exponentially, and that growth shows no promise of slowing down. Plus, there is no traditional security perimeter to speak of. Everyone is working from anywhere, anytime. All this, while attacks and breaches are on the rise and attackers are becoming more and more sophisticated. That’s a lot, and like I said, it can be hard to keep up.
So, what can organizations do to properly mitigate these threats and ensure their assets remain secure? Look to best-practice strategies and leverage their principles within their own security practice. One such strategy: Zero Trust.
We recently worked with the Ponemon Institute (our 18th year!) to conduct a study with over 4,000 respondents made up of IT professionals across the globe. Our goal was to understand if they were implementing Zero Trust and what the state of that adoption was. The following is just a few of the findings from the 2024 State of Zero Trust & Encryption Study.
The Current State of Zero Trust Adoption
We first wanted to know if organizations are adopting Zero Trust. We know that it’s seen as a best practice to adopt from Forrester (who coined the term over 10 years ago) and Gartner. And we’ve even seen some government direction in recent times when CISA came out with their Zero Trust Maturity Model. But are organizations taking Zero Trust seriously and applying the security principles within their own organization? The short answer: yes. Whether it’s on their plan to implement or they’ve already implemented some aspects of it, a solid 82% of respondents understand the importance of leveraging Zero Trust principles as a best practice, which is an important step in risk mitigation.
Which best describes the current stage of Zero Trust in your organization? (only one choice permitted)
Considerations and Drivers
Another key piece we looked at was the key drivers to change. When the respondents were asked what most influences their organization’s security investment decisions, the top answer (41%) was “to reduce the risks of a potential data breach or other security incident.” That was the exact same response they gave specific to Zero Trust implementation, with 37% stating a potential breach or other security incident as the top driver. No surprise here. We’ve read the news – breach after breach within large organizations cause not only reputational damage but also significant financial damage. In the past few years we’ve seen the number of breaches more than double, and at a global average cost of $4.88M per breach, it most certainly should be top of mind.
What most influences your organization's security investment decisions? (two choices permitted)
What is the most important driver to implementing a Zero Trust strategy? (only one response permitted)
Implementation Challenges
But all of this is easier said than done at times. Like anything, implementing Zero Trust doesn’t come without its challenges. The top challenge is something we’ve seen time and time again: lack of in-house expertise (47%). We know there’s a skills and resources challenge – those (along with no clear ownership) have been the top challenges for the last eight years when it comes to implementing and managing PKI. This highlights how critical it is to work with the right technology vendors. If you’re unable to manage these changes, they can help do it for you via managed services. Just make sure they:
- Understand the state of your environment and any dependencies
- Know your priorities and where you want to take your security practice
- Have crypto-agile solutions that are interoperable
- Not only understand Zero Trust principles and have solutions to help you achieve a more mature security practice but also have a roadmap for PQ to help ensure you’re investing in technology and changes today that can withstand future threats
What are the top two challenges when implementing a Zero Trust strategy? (two choices permitted)
After looking through the results of the survey, our main takeaway – and the good news – is that organizations are looking at Zero Trust as a security best practice and top priority. While that can take time and can come with its own set of challenges, those challenges are easy to overcome with an iterative and incremental approach. But what change to your security practice wouldn’t come with a set of challenges? By making improvements now, and ensuring your organization is crypto-agile, you’re setting yourself up for success in the long run for bigger changes like preparing for post-quantum.
To learn more, check out our recent webinar where I was joined by Dr. Larry Ponemon to discuss this topic and the findings of the study. Download the full study here.