Optiv has published a report based on a recent survey of cybersecurity leaders that highlights the critical importance of implementing zero trust as an effective way to reduce cyber risk.
Respondents cited zero trust as one of the most effective security practices, and 100% acknowledged it as important in reducing their organization’s cyber risk.
Zero trust is an information security model based on the principle of maintaining strict access controls by not trusting anyone or any action by default, even those already inside the network perimeter. Each transaction is evaluated for need and risk. In other words, assume breach and trust nothing by taking the default position that any entity — user or device — is a potential threat. In a networked world full of threat actors, never trust, always verify.
“The need for and importance of implementing a zero trust strategy remains top of mind for cybersecurity leaders,” says Jerry Chapman, engineering fellow at Optiv.
While survey respondents agreed on the need for a zero trust architecture, they noted several cultural and environmental factors impeding a zero trust evolution within their organization. The top three include:
- Too many internal silos/stakeholders for different components of zero trust (47%)
- Too many legacy technologies that do not “support” zero trust (44%)
- Lack of internal expertise to develop zero trust roadmap and policies (39%)
The 150 survey responses came from various sectors, including financial, health care, high tech and government. Forty-three percent of respondents were at the CISO/CSO level at organizations with 1,000-5,000 employees.