Barely anyone is using Zero Trust protection

Trust
(Image credit: Image Credit: Xtock / Shutterstock)

Zero-trust network access (ZTNA) is often hailed as the next big thing in corporate cybersecurity, but it seems businesses aren’t as eager to jump aboard as it would seem. 

Cybersecurity firm Optiv Security recently surveyed 150 CISOs, CSOs and other security professionals from various sectors on their thoughts over zero-trust, and learned that just a fifth (21%) made the jump from legacy solutions to ZTNA.

At the same time, literally everyone (100%) sees ZTNA as either “somewhat” or “critically” important to reducing cyber risk within the enterprise. The solution makes it harder for attackers to move laterally across the enterprise’s endpoints, and thus reduces the attack surface.

Silos in the way

But if ZTNA is such a step up, and if all CISOs and CSOs are aware of it - why haven’t they made the jump yet? Optiv says there are multiple reasons, with siloing of different departments and stakeholders being the biggest one (47%). The fact that enterprises have plenty of legacy technologies that don’t support zero trust was also cited by many (44), as well as an overall lack of internal expertise for the development of roadmaps and policies (39%).

For Jerry Chapman, engineering fellow at Optiv, the news doesn’t come as much of a surprise.

“Organizations are very siloed, and zero trust goes across the organization,” he says. “The silos can cause barriers when you start talking about how to start with zero trust and what framework to drive down.” 

But just because few organizations already have zero trust deployed, doesn’t mean the rest won’t be moving in that direction. In fact, almost three-fourths have engaged (or plan to engage) external service providers to help them with the migration. 

Third-party providers can help organizations assess their current state, identify weaknesses, recommend future steps, and draft a solid roadmap, the report concluded.

Via: VentureBeat

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.