The current state of zero trust: Awareness is high, adoption is lagging

One Identity released global survey findings that unpack the current state of zero trust awareness and adoption across the enterprise.

As zero trust awareness continues to rise on the heels of the U.S. White House’s Executive Order that was released in May, and a year plagued by one disastrous cybersecurity incident after another, new findings reveal that only 1 in 5 security stakeholders are confident in their organizations’ understanding of zero trust.

According to the Dimensional Research-conducted survey of 1,009 IT security professionals, zero trust is a main security priority for most organizations, but comprehensive understanding and adoption of the Forrester-founded framework remains inconsistent.

While 75% of organizations recognize zero trust as being critically or very important to bolstering overall cybersecurity posture, only 14% report that they have fully implemented a solution. Another 39% of organizations have begun to address this important need, and an additional 22% noted that they plan to implement zero trust over the course of the next year.

Lack of clarity remains the top barrier to zero trust adoption

Among key barriers to widespread zero trust success is a lack of clarity on how adoption can be achieved. 61% of security professionals are focusing their implementation on reconfiguring access policies, while 54% believe it begins with identifying how sensitive data moves throughout the network. While 51% are implementing new technology to achieve zero trust.

In total, a substantial 32% of security teams lack a comprehensive understanding of how zero trust should be implemented within their organization. Other key barriers to zero trust adoption include competing priorities (31% are too busy with other daily priorities), and beliefs that zero trust can hinder business productivity (for example, 31% erroneously believe that zero trust security models impact employee productivity).

“Organizations recognize that the traditional perimeter is no longer enough and that they will be best served by prioritizing identity security and taking steps to ensure bad actors are limited once they gain access,” said Bhagwat Swaroop, president and general manager, One Identity.

“Zero trust is fast becoming an enterprise imperative because it eliminates vulnerable permissions and excessive access by delivering a continuum of different rights across the organization to ultimately limit attack surfaces if they are breached.”