In reality, how important is zero trust?

Although most IT and security professionals think of zero trust as an important part of their cybersecurity approach, many still have a long way to go on their quest to deploying it, according to Illumio.

Especially as users continue to move off campus networks to a distributed work-from-home model and face new and expanding threat vectors, organizations must quickly adopt the zero trust security mindset of “never trust, always verify” to mitigate the spread of breaches by limiting access and preventing lateral movement.

Notably, 49 percent of the participants surveyed find zero trust to be critical to their organizational security model. Only 2 percent of business leaders believe zero trust is nonessential for their enterprise security posture.

“Zero trust is mission critical to any cybersecurity strategy. Adversaries don’t stop at the point of breach – they move through environments to reach their intended target or access your crown jewels,” said Matthew Glenn, senior vice president of product management at Illumio.

“In today’s world, stopping the lateral movement of attackers has become fundamental to a defender’s job. What’s more, as employees continue to work remotely at scale, it is essential to extend zero trust to the endpoint to further reduce the attack surface and secure the enterprise.”

Zero trust adoption is just beginning

While organizations clearly value zero trust as a necessary part of their cybersecurity strategy, widespread adoption is lacking. Of the respondents who find zero trust to be extremely or very important to their security posture, only 19 percent have fully implemented or widely implemented their zero trust plan.

Over a quarter of these leaders have begun their zero trust planning or deployment process. In short, all but 9 percent of the organizations surveyed are in some way working toward achieving zero trust.

Technologies bolstering the zero trust journey

No single product or solution enables organizations to achieve zero trust alone, so Illumio asked which technologies companies have implemented on their journey to achieve zero trust. Not surprisingly, solutions with a lower barrier to entry, like multi-factor authentication (MFA) and single sign-on (SSO), are more widely adopted.

Still, 32 percent of respondents have adopted campus-wide segmentation, another 30 percent have incorporated software-defined perimeter (SDP) technologies, and 26 percent are leveraging micro-segmentation, a key zero trust technology for preventing the lateral movement of attackers.

What’s next?

In the intermediate term, beyond six months, most respondents plan to implement micro-segmentation and SDP, which will pave the way for zero trust adoption at scale. In fact, 51 percent of respondents plan to deploy micro-segmentation as one of their primary zero trust controls, given its effectiveness and importance in preventing high-profile breaches by stopping lateral movement.

Lastly, over the next six months, 23 percent of organizations plan to implement MFA and 18 percent plan to deploy SSO.