Illumio released findings of a study conducted by Forrester Consulting that explore how organizations are approaching their zero trust strategies in 2022 to better navigate the remote world brought on by the COVID-19 pandemic and continuing digital transformation initiatives.
Organizations are still grappling with accelerated change
The study, which surveyed decision-makers at large organizations in North America, Europe, the Middle East, Africa (EMEA), and the Asia-Pacific (APAC) region in September 2021, revealed that more than 75 percent of leaders surveyed cited the importance of zero trust to combat mounting security threats.
The study also discovered that teams are still fighting to catch up with critical initiatives (over 60 percent of respondents say they were unprepared for the rapid pace of cloud transformation and migration) and are increasingly turning to zero trust and micro-segmentation to better adapt to today’s hybrid realities. Additionally, the study uncovered that security leaders believe:
- Advanced zero trust programs pose clear organizational benefits, including increased organizational agility (52 percent), safer cloud migrations (50 percent), and support of digital transformation (48 percent).
- Zero trust adoption will continue to mature, with 78 percent of firms planning to bolster zero trust security operations in the new year.
- Implementing zero trust technologies can address emerging security gaps, but most enterprises are still in early stages of adoption. Only 36 percent of organizations have started to deploy zero trust solutions, and merely 6 percent of them have fully implemented their zero trust projects to date.
Lack of expertise and stakeholder buy-in compounds implementation challenges
Today, security leaders recognize micro-segmentation as a key technology pillar for achieving zero trust at scale. In fact, 73 percent of business leaders consider micro-segmentation and Zero Trust Network Architecture (ZTNA) to be “critical technical foundations” for their organization’s zero trust strategy.
Despite leaders acknowledging the importance of micro-segmentation, adoption rates are lagging. The top obstacles facing successful micro-segmentation adoption specifically remain a lack of workforce expertise (nearly two-thirds of respondents believe that internal teams lack the time, subject matter expertise, and skills to implement best practices for micro-segmentation), and an inability to identify the right zero trust micro-segmentation pilot (44 percent of leaders report their organization needs help in identifying and designing the most appropriate zero trust pilot – an important step in demonstrating the value of the technology and making the case for further investment).
Additionally, although security leaders understand the value of micro-segmentation, they often have trouble successfully articulating that value-add to organizational stakeholders.
Although there’s still a knowledge gap around how to efficiently implement micro-segmentation, 62 percent of organizations attempted to use data center firewall and software-defined networking (SDN), but they took too long to deploy—53 percent found them to be too expensive, and 50 percent said these approaches didn’t scale.
“As we watch threats evolve and breaches become more devastating, the need to implement zero trust strategies has never been more urgent,” said PJ Kirner, CTO, Illumio. “Micro-segmentation isn’t an all-or-nothing strategy, the path to a zero trust posture can be broken into bite-sized phases. Start by gaining visibility to see the risk created by open lateral pathways across your interconnected infrastructure and to the internet. Then, assume breach and secure your data by building security controls that close these risky pathways. This incremental approach is a journey that bolsters your security posture to reduce risk and increase cyber resiliency.”
Greater zero trust adoption and investment expected in 2022
Organizations are planning to increase their investment in zero trust and micro-segmentation in the year ahead. Despite reporting difficulties in obtaining funding, two-thirds of those surveyed say they are planning to expand their zero trust budgets in 2022—allocating 36 percent of their total spend to micro-segmentation projects.
Survey findings revealed that security leaders are counting on micro-segmentation to help in a variety of areas crucial to organizational success amid the new business landscape, including bolstering cloud and data center transformations (68 percent), and increasing support for new business and operational models (63 percent).