98 percent of UK business leaders and IT decision makers either plan to or have already started implementing zero trust strategies at their organizations, according to Illumio.
The report also revealed the challenges organizations face when implementing zero trust architecture. Respondents cited employee perception and resistance to change as the primary barriers to activating their zero trust plans. Notably, 32 percent of respondents expressed concern about employees thinking the company doesn’t trust them.
“This research makes one thing clear – UK business leaders and IT professionals know how important zero trust strategies are in making their organizations resilient, particularly as ransomware wreaks havoc across every industry,” said Raghu Nandakumara, EMEA Field CTO, Illumio.
“It’s especially encouraging to see over 90 percent of organizations prioritizing segmentation, since this is an essential control in keeping critical assets safe from attacks. Despite some technological and organizational barriers, we all need to start, or continue, making incremental progress on our zero trust plans. It’s better to be slightly more secure tomorrow than to have the perfect plan on paper in two years.”
Why are UK organizations adopting zero trust strategies?
For organizations that have already adopted a zero trust approach, the top two reasons cited for implementation were either because it was a part of a strategy refresh on security infrastructure (48 percent), or to enable the business to improve its agility through digital transformation (47 percent).
Furthermore, 60 percent stated the greatest benefit from their zero trust approach was feeling more confident they had secured their critical data and reduced their organization’s risk exposure (54 percent).
Barriers to implementing zero trust architecture
The research revealed the technological, operational, and cultural barriers that prevent organizations from adopting zero trust. The main technological barriers included legacy systems that couldn’t be upgraded (29 percent) and cost constraints (22 percent).
Culturally within organizations, 33 percent of respondents said their business was resistant to change unless mandated by compliance regulations. As mentioned, 32 percent feared that their employees would think that they don’t trust them – though it’s important to note that zero trust grants trust to users, devices, and applications once they are verified.
How organizations approach zero trust
Zero trust is a strategy and philosophy, and no one technology can make an organization achieve zero trust overnight. An essential pillar to any zero trust strategy is segmentation, and 92 percent of organizations are segmenting their networks in some way.
While a lot of respondents are using legacy approaches like virtual firewalls (52 percent) and network-based segmentation (49 percent), many said that they’re also taking a more modern, scalable approach and segmenting by application characteristics (32 percent), or implementing workload based micro-segmentation (32 percent).