Research Insights: Zero Trust

A new survey of over 1,000 IT security pros, New Research from One Identity Characterizes Zero Trust as a Core Element of a Contemporary Cybersecurity Strategy, Highlights Common Barriers to Success

reveals:

• 75% of organizations characterize #Zero Trust as critically or very important to bolstering their overall cyber maturity
• Only 14% report they have already implemented a Zero Trust strategy
• Lack of clarity (32%) remains the top barrier to Zero Trust adoption; only 1 in 5 security stakeholders are confident in their organization’s understanding of Zero Trust

White Paper: ZERO TRUST AND IT SECURITY

Research Insights:

Saryu Nayyar, CEO, Gurucul (she/her):

“Zero trust is rapidly emerging as an important strategy in cybersecurity. Zero trust means that everyone and every device attempting to connect to systems must be verified before granting access.  There is no sharing of credentials of systems and access just because someone is logged onto the network. Research from One Identity notes several issues with Zero Trust, the most significant is the lack of a clear understanding of SOC and IT staff as to what it entails and where to begin. While more tools are becoming available for zero trust planning and implementation, more education and training is needed to give staff the confidence to do the job right. Vendors, training firms, and educational institutions can take on this responsibility to make sure enterprises are fully prepared to implement this strategy.”

Rajiv Pimplaskar, CRO, Veridium:

“The One Identity research illustrates the continued market confusion with zero trust especially with enterprises struggling to rapidly implement such solutions in response to the executive order from the White House this summer. The foundational pillar of any zero trust strategy is identity and access management. Work from home, remote hiring and onboarding at scale has resulted in significant challenges from a digital identity perspective for employees, contractors and business partners. These challenges span security, risk, user experience / well being and productivity, as well as privacy and consent. The adoption of passwordless authentication methods provides an immediately actionable solution to shore up the “first mile” of digital identity verification by establishing an unphishable connection between the user and the IT system or application. Such connections are resistant to MITM attacks as well as reducing OPEX by eliminating unnecessary overhead and risk with password resets and account recovery. Passwordless solutions are increasingly ubiquitous with the proliferation of W3C‘s WebAuthN web standard and FIDO Alliance certified solutions. Furthermore, passwordless authentication can be adopted independently from the Identity Provider (IDP) to manage the user experience and provide improved customer choice.”

Garret Grajek, CEO, YouAttest:  

“There is no doubt that Zero Trust is a key IT Security component going forward to secure enterprises against cyber attacks. The concept that every IT component must re-establish trust when requesting resources is needed to secure against these threats. The key point is – it’s not just a network concept. The concept must be extended to identity – where a risk value is associated with every identity and the resource can decide whether that there is enough trust for that identity to honor the resource request – if not, a step up in identity veracity is needed. In addition, identity governance is needed to ensure that identities are not overprivileged, allowing access beyond the trust they should be granted.