The Landscape of Zero Trust Adoption: Insights from Our 2023 Zero Trust Progress Report
Organizations are responding to the changing cybersecurity landscape. And zero trust is at the heart of this change, with 68% of respondents saying they’re planning or actively working towards adopting a zero trust access model.
In collaboration with Cybersecurity Insiders, Ivanti surveyed 421 US-based IT and cybersecurity professionals to identify the latest enterprise adoption trends, challenges, gaps and solution preferences related to zero trust security.
Zero trust best practices
Zero trust requires the strict verification of every user, device and request. Here are some of the best practices organizations are using in their implementation process:
1. Implement multi-factor authentication (MFA)
Multi-factor authentication uses multiple methods like biometrics or tokens, in addition to usernames and passwords to strengthen security.
In fact, investing in Multi-Factor Authentication stands out as the top priority for 65% of respondents, emphasizing its importance in the Zero trust framework.
2. Continuously verify and monitor devices
It’s easy for unverified devices to slip through the cracks in an era of rapid digitalization. Enforcing strict device verification and continuous monitoring of assets creates an environment where only trusted devices can access sensitive resources.
And this threat is raising concerns. 48% of respondents said at-risk devices accessing their network resources was a top challenge for their organization.
3. Regularly review and update access controls
Continuously evaluate and adjust access controls to keep them relevant and secure, aligned with your organization’s changing roles and responsibilities.
4. Provide security awareness training
Educating employees on zero trust principles and good cyber hygiene shouldn’t be a one-time occurrence. Rather, it should be an evolving and continuing process that keeps pace with the cybersecurity landscape.
Educating employees on how to recognize and report potential security threats to reduces the likelihood of security incidents resulting from human error.
Overprivileged employee access
IT and cybersecurity professionals also raised concerns regarding overprivileged employee access. 47% of respondents said overprivileged employee access was the biggest challenge their organization faced to securing access to applications and resource.
In the context of zero trust, this highlights the importance of implementing the principle of least privilege, ensuring that users only have the minimum necessary access rights to perform their job functions.
What’s the timeframe on adopting zero trust?
Adopting a zero trust strategy overnight isn’t a reality. In fact, 39% of organizations are estimating up to 10 or more months for implementation. And only 11% reported a time frame of 0-3 months.
- The survey results do point to a heightened interest in zero trust, including:
- 38% reporting they have plans to start implementing.
- 30% are already underway with their zero trust project.
- 65% plan to invest in a Multi-Factor Authentication tool.
- Only 12% have no plans to pursue zero trust.
A layered approach to zero trust
It’s not a one-stop-shop for zero trust solutions. Most organizations are implementing zero trust as a layered approach, utilizing multiple products to manage access, verify devices and segment networks.
The survey showed 54% of respondents are using 2-4 products to implement zero trust. This suggests that organizations are taking a comprehensive approach to secure access, rather than relying on a single solution.
Implementing a zero trust program with multiple products can help ensure that users are only granted access to the resources they need and that all connections are verified.