Majority of organisations face gaps in their zero-trust implementations: survey

Fortinet’s  Global State of Zero Trust Report reveals that while most organisations have a vision of zero trust or are in the process of implementing zero-trust initiatives, more than half of organisations cannot translate this vision into the solutions they are implementing. This is because they lack some basic core fundamentals of zero trust.

A FortiGuard Labs Threat Landscape Report demonstrated an increase in the volume and sophistication of attacks targeting individuals, organisations, and increasingly critical infrastructure.

Organisations are looking for solutions to protect against these evolving threats and zero trust is top of mind, but for multiple reasons. Additionally, the shift to work-from-anywhere has put a spotlight on zero-trust network access (ZTNA) in particular, as organisations need to protect important assets from workers connecting from poorly protected home networks.

John Maddison, EVP of Products and CMO at Fortinet said: “With the evolving threat landscape, transition to work-from-anywhere, and the need to securely manage applications in the cloud, the shift from implicit trust to zero trust is top of mind for organisations. Our survey shows while most organisations have some form of a zero-trust strategy in place, they fall short of a holistic strategy and struggle to implement some core zero-trust security basics. An effective solution requires a cybersecurity mesh platform approach to address all zero-trust fundamentals across the infrastructure, including endpoint, cloud, and on-premises, otherwise the result is a partial, non-integrated solution that lacks broad visibility.”

Struggling to consistently authenticate users and devices? ?‍???‍♀️#Fortinet’s Global State of #ZeroTrust Report reveals that more than half of organizations face gaps in their zero-trust implementations. Get more key survey findings: https://t.co/MAaDtYmnu4 #ZTNA pic.twitter.com/5kRM7qXSMG

— Fortinet (@Fortinet) January 12, 2022

The report illustrates some confusion about what comprises a complete zero-trust strategy. Respondents indicated they understand zero trust and ZTNA concepts. Over 80 per cent reported already having a zero-trust and/or ZTNA strategy in place or development. Yet, over 50 per cent indicated being unable to implement core zero-trust capabilities. Nearly 60 per cent indicated they do not have the ability to authenticate users and devices on an ongoing basis and 54 per cent struggle to monitor users post-authentication.

This gap is concerning because these functions are critical tenets of zero-trust and it brings into question what the actual reality of these implementations is across organisations. Adding to the confusion are the terms ‘zero trust access and ‘zero trust network access,’ which are used sometimes interchangeably.

Priorities for zero trust are ‘minimising the impact of breaches and intrusions’ followed closely by ‘securing remote access’ and ‘ensuring business or mission continuity.’ Improving user experiences and gaining flexibility to provide security anywhere were also top priorities. Security across the entire digital attack surface was the single most important benefit cited by respondents, followed by a better user experience for remote work (VPN).

A vast majority of the survey respondents believe that it is vital for zero-trust security solutions to be integrated with their existing infrastructure, work across cloud and on-premises environments, and be secure at the application layer. However, more than 80 per cent of respondents indicated that it is challenging to implement a zero-trust strategy across an extended network.

For organisations without a strategy in place or development, obstacles included a lack of skilled resources with 35 per cent of organisations using other IT strategies to address zero trust.

Read: Why closing cyber skills gap remains critical today