2020 #Zero Trust Progress Report lists at-risk devices among top secure access challenges – highlighting BYOD and IoT security trends
SAN JOSE, Calif.– Feb. 4, 2020 – As 72% of organizations plan to implement Zero Trust capabilities in 2020 to mitigate growing cyber risk, nearly half (47%) of cyber security professionals lack confidence applying a Zero Trust model to their Secure Access architecture, according to the 2020 Zero Trust Progress Report today released by Cybersecurity Insiders and Pulse Secure, the leading provider of software-defined Secure Access solutions.
The 2020 Zero Trust Progress report surveyed more than 400 cyber security decision makers to share how enterprises are implementing Zero Trust security in their organization and reveal key drivers, adoption, technologies, investments and benefits. The report found that Zero Trust access is moving beyond concept to implementation in 2020, but there is a striking confidence divide among cybersecurity professionals in applying Zero Trust principles.
“The sheer volume of cyberattacks and enormity of data breaches in 2019 has challenged the veracity of secure access defenses, even in well-funded organizations,” said Scott Gordon, chief marketing officer at Pulse Secure. “Zero Trust holds the promise of vastly enhanced usability, data protection and governance. However, there is a healthy degree of confusion among cyber security professionals about where and how to implement Zero Trust controls in hybrid IT environment – which is clearly reflected in respondents’ split confidence levels.”
Of the organizations building out Zero Trust capabilities in 2020, data protection, trust earned through entity verification, and continuous authentication and authorization were cited as the most compelling tenets of Zero Trust. The report also discovered nearly one-third of organizations (30%) are seeking to simplify secure access delivery, including enhancing user experience and optimizing administration and provisioning. Additionally, 53% of respondents plan to move Zero Trust access capabilities to a hybrid IT deployment.
Top Security Concerns Include Vulnerable Mobile and At-Risk Devices, a BYOD and IoT Trend
More than 40% of survey respondents expressed that vulnerable mobile and at-risk devices, insecure partner access, cyberattacks, over privileged employees, and shadow IT risks are top challenges to secure access to applications and resources.
“Digital transformation is ushering in an increase in malware attacks, IoT exposures and data breaches, and this is because it’s easier to phish users on mobile devices and take advantage of poorly maintained Internet-connected devices. As a result, orchestrating endpoint visibility, authentication and security enforcement controls are paramount to achieve a Zero Trust posture,” said Gordon.
While 45% are concerned with public cloud application access security and 43% of respondents expressed Bring Your Own Device (BYOD) enablement issues, more than 70% of organizations are looking to advance their identity and access management capabilities.
“Secure Access starts with appropriate and well-maintained user provisioning but requires entity authentication and compliance checks to invoke conditional access – regardless if a user is remote or on a corporate network, if the device is personal or corporate-owned, or if the application is internal or in the cloud,” said Gordon.
Secure Access for Hybrid IT Driving Demand for Zero Trust
Workforce mobility and hybrid IT models have placed most workloads beyond the shelter of corporate networks and traditional perimeter defense – which creates significant user access and data concerns.
The 2020 Zero Trust Progress Report revealed nearly a third of cybersecurity professionals expressed value in applying Zero Trust to address hybrid IT security issues.
“Organizations at all stages of cloud adoption should re-evaluate their access security posture and data privacy requirements as they move applications and resources from on-premises to public and private cloud environments. Applying a Zero Trust model that aligns to hybrid IT migration can allow organizations to realize utility computing economies while creating a non-disruptive way to implement Zero Trust Network Access (#ZTNA) functionality when, where and how they require,” said Gordon.
Companies Re-evaluating Current Secure Access Infrastructure
The report highlighted that a quarter of organizations seek to augment their current secure access infrastructure with Software Defined Perimeter (SDP) technology (aka Zero Trust Network Access – ZTNA).
“Organizations interested in exploring ZTNA should seek a solution that works in parallel with a perimeter-based VPN to gain essential operational flexibility for enterprises and service providers supporting data center and multi-cloud environments,” said Gordon.
Of the respondents considering SDP, a majority (53%) would require a hybrid IT deployment and quarter (25%) would adopt a SaaS (Software-as-a-Service) implementation.
“Some organizations are hesitant to implement Zero Trust as SaaS because they might have legacy applications that will either delay, or prevent, cloud deployment. Others might have greater data protection obligations, where they are averse to having controls and other sensitive information leaving their premises, or they have a material investment in their datacenter infrastructure that meets their needs,” said Holger Schulze, founder and CEO of Cybersecurity Insiders.
About the 2020 Zero Trust Progress Report
This 2020 Zero Trust Progress report shares how enterprises are implementing Zero Trust security in their organization and reveals key drivers, adoption, technologies, investments and benefits. Conducted by Cybersecurity Insiders and commissioned by Pulse Secure, the report surveyed over 400 security decision makers across several industries, including financial services, healthcare, manufacturing, high-tech, government and education, from Aug. 2019 to Jan. 2020 to gauge sentiment and adoption of Zero Trust.
Key findings include:
- Nearly equal confidence and lack of confidence in applying Zero Trust model in their Secure Access architecture (53% have confidence, 47% are not confident);
- More than 50% of survey respondents cited data protection, breach prevention, and endpoint, IOT and insider threat reduction are key drivers for Zero Trust;
- Over 40% expressed privilege management, insecure partner access, cyberattacks, shadow IT risks, and vulnerable mobile and at-risk device resource access as top challenges to secure access to applications and resources;
- 45% are concerned public cloud application access security, and 43% with BYOD exposures;
- 70% of organizations plan to advance their identity and access management capabilities;
- 30% of organizations are seeking to simplify secure access delivery including enhancing user experience and optimizing administration and provisioning;
- 53% considering Software Defined Perimeter (SDP) would implement a hybrid IT deployment, with 25% adopting a SaaS implementation.
To download a full copy of the report, please visit: https://www.pulsesecure.net/2020zero-trust-report
About Pulse Secure
Pulse Secure provides easy, comprehensive software-driven Secure Access solutions for people, devices, things and services that improve visibility, protection and productivity for our customers. Our suites uniquely integrate cloud, mobile, application and network access to enable hybrid IT in a Zero Trust world. Over 23,000 enterprises and service providers across every vertical entrust Pulse Secure to empower their mobile workforce to securely access applications and information in the data center and cloud while ensuring business compliance. Learn more at www.pulsesecure.net
Follow @PulseSecure on Twitter or visit us on LinkedIn and Facebook.