The COVID-19 pandemic has not impacted the adoption of zero trust technology globally, a Pulse Secure report reveals. In fact, 60% of organizations said they have accelerated zero trust implementation during the pandemic.
The report surveyed more than 250 technology professionals. The newly published report examines how enterprises are moving forward with zero trust networking initiatives, where they’re being successful in doing so and how COVID-19 has affected the forward movement of those projects.
Formalized zero trust projects putting orgs ahead of the DX curve
The research found that the main difference between those who were successful in moving their zero trust initiatives forward were those that started out with formalized zero trust projects.
Those that had dedicated budgets and formal initiatives (69%) were far more likely to continue accelerating those projects throughout the pandemic, while those that had ad hoc zero trust projects were more likely to stall progress or stop entirely.
“The global pandemic has had some profound effects on the enterprise – with remote working being rolled out on an unprecedented scale, increased leverage of cloud resources and applications, and the transition to greater workplace flexibility,” said Scott Gordon, CMO at Pulse Secure.
“The findings indicate that organizations that advance their initiatives and planning towards zero trust process and technology implementation will be ahead of the digital transformation curve and much more resilient to threats and crises.”
The research went further into enterprises’ efforts to bring about zero trust networking in their environments. 85% of respondents have defined zero trust initiatives. However, 42% have received added budget for their projects. The projects that did receive added budget were more likely to persist through the pandemic.
Enterprises were overwhelmingly positive about their success in pursuing zero trust networking, with 94% indicating degrees of success; 50% labeled their efforts as successful and 44% of respondents indicating somewhat successful.
Bringing together security and networking teams
Dedicated zero trust projects tend to be interdisciplinary, bringing together security and networking teams. In 45% of such projects, security and networking teams have a zero trust partnership in which they formally share tools and processes. In 50% of cases, enterprises created a taskforce from both teams to pursue zero trust.
The three primary ways in which they collaborated were by coordinating access security controls across different systems (48%), assessing access security control requirements (41%) and defining access requirements according to user, role, data, and application (40%).
However, the survey found that collaboration is not without its own roadblocks. 85% of respondents in zero trust taskforces and partnerships found themselves struggling with cross-team skills gaps (33%), a lack of tools and processes that might facilitate collaboration (31%), and budget conflicts (31%).
“The survey shows that organizations that move forward with formal initiatives and budget are more likely to achieve implementation success and operational gain. We appreciate Pulse Secure’s support and sponsorship of this report that organizations can use to benchmark and progress their zero trust programs.”
Additional key findings
- Prime zero trust benefits: When asked what they consider to be the prime benefit of zero trust networks, IT operations agility (40%), improved governance risk and compliance (35%), breach prevention (34%), reducing the attack surface (31%), and unauthorized access mitigation (28%) ranked among the strongest responses.
- Hybrid IT remote access: Respondents are applying hybrid IT requirements to Secure Remote Access requirements within their zero trust network strategy, while 62% wanted cloud application access, half of enterprises access to public and private cloud resources and applications.
- IoT device exposures: Respondents discussed their position towards IoT devices which cannot be provided with the user identities on which zero trust is based and how they intend to create access policies for them. 36% said that devices would receive tailored access privileges based on function and characteristics; others said that all devices would receive a generic minimum level of access privileges (28%) and that untrusted devices would have limited network access with no access to high risk or compliance zones (23%).