By Nick Alevetsovitis
Zero trust as a security approach is gaining traction as organizations face increasingly complex infrastructures due to transitions to remote work and the need for cloud access to data and applications. However, a recent global survey from Fortinet uncovers challenges facing organizations as they implement a zero trust security framework.
Zero trust is a philosophy that assumes no one inside or outside the network should be trusted unless their identity has been thoroughly verified. This model operates on the assumption that threats are omnipresent and takes a security posture that sees every attempt to access the network or an application as a potential breach.
It is a powerful approach, and when implemented correctly, can help organizations protect against increased cyberattacks. Given that the cost of data breaches is on the rise – an average of $4 million globally, according to IBM – it is critical that the implementation of organizations’ zero-trust security framework delivers.
The value of Zero Trust
With more organizations supporting remote work and work-from-anywhere initiatives, zero trust is not likely to go away. The more people work from anywhere, the less secure a traditional perimeter-based approach becomes. Because the zero trust philosophy is about “securing work and learning everywhere”, it’s a good way to secure hybrid working models and should be included as part of any comprehensive cybersecurity strategy.
Our survey findings illustrate that the benefits of the zero-trust security model are well-known. Of the organizations surveyed, 22% indicated that the most significant benefit was the ability to provide “security across the entire digital attack surface,” as well as adapt to changing network infrastructure and provide a consistent experience for users.
Not only do organizations believe in zero trust, but a vast majority of the survey respondents reported that they already have a zero trust or zero trust network access (ZTNA) strategy in place or in development. In fact, 40% reported that their strategy is fully implemented.
Getting it right
However, the survey also illustrates how many organizations are struggling to implement some core zero-trust security basics even though so many have some form of a zero-trust strategy in place. Although survey respondents felt they understood zero-trust concepts, more than 80% anticipated implementing a zero-trust strategy across an extended network would be challenging. In fact, 60% reported a moderate or high difficulty, and 21% indicated they thought it would be extremely difficult.
One area of concern is the ability to authenticate, a vital part of any zero-trust approach. Authentication of users and devices helps ensure the right people access the right information, systems, and applications. Yet, more than half of respondents don’t have that ability on an ongoing basis and struggle to monitor users’ behaviour after they authenticate. This is a central principle to an effective zero-trust security stance and without it, any zero-trust implementation would be seriously flawed.
Other areas of concern were the ability to micro-segment network and users and to integrate with all aspects of the network, from on-premise to the cloud. One way to ensure organizations can unlock all the benefits of a zero-trust approach is through a cybersecurity mesh platform. This approach can address all zero-trust fundamentals across endpoint, cloud, and on-premises, helping organizations avoid ending up with a partial solution incapable of providing broad visibility.
Find the best solution
For organizations without a zero-trust strategy, the lack of skilled resources was viewed as a significant barrier. According to the survey, 35% of organizations use other IT strategies to address zero trust. Other challenges include finding qualified vendors with a solution that checks all the boxes.
Zero trust solutions are most effective when elements are designed to work as an integrated system, which is the best way to prevent the security gaps challenging survey respondents. Fortinet’s Security Fabric, the industry’s highest-performing cybersecurity platform, unifies Fortinet’s portfolio of zero trust, endpoint, and network security solutions, and more. As a result, security, services and threat intelligence can automatically follow users across distributed networks, providing proactive, context-aware security that can automatically adapt to users no matter where they are or what device they are on.
This is timely given cyber adversaries continuing to target remote work and learning attempting to access corporate networks.
Keep striving for Zero
The zero-trust philosophy of “trust no one” is the right approach for today’s expanding networks and hybrid working models. But moving away from traditional perimeter-driven security presents challenges for today’s complex networks. By working with the right partners and with vendors that can provide a security mesh approach, organizations can move to a zero-trust security stance without the gaps experienced by some organizations in the survey.
Nick Alevetsovitis is VP of Canada Enterprise and Commercial Business at Fortinet