A study by Infinipoint has revealed a significant gap between a high level of interest in zero trust for device access yet relatively low adoption due to obstacles in implementation.
Surveying 388 IT and security professionals, the study explores the challenges inherent in device security, along with the potential of a zero trust security model to be the basis of a lasting solution.
Priorities and implementation tell a conflicting story
68% of respondents said they are planning to use zero trust for device security, however 56% said they are not implementing the model now. There is a notable split between intent and action, with implementation falling behind interest in the zero trust for device security model.
Overall, about 30% have either completed a zero trust implementation or are in the process of implementing. Of those who have an active zero trust model in their organization today, only 42% have enabled it for devices, the 4th lowest category behind zero trust for networks, user access and applications. Other obstacles impeding implementing zero trust for device access include concerns around IT support issues, administrative burden, disruption to end user access and lack of remediation options.
Respondents stated that updating software patch levels for critical vulnerabilities was one the biggest security challenges they face (33%). 31% also identified gaining visibility into which devices are accessing which services as a significant challenge.
Low confidence in device security – yet device posture checks are under-utilized
Trends such as remote work are exacerbating devices’ tendency to expose organizations to cyber risk. Unsurprisingly, more than 82% of IT and security professionals agreed that the increase in remote workers has increased overall organizational risk.
Surprisingly, only 27% of respondents shared that they were “very confident” that end-user devices connecting to company applications were secure. 63% claimed that they were “somewhat confident.”
To help mitigate risk, 69% of respondents shared that it is very important that only devices that have been validated to be compliant with their organization’s security policy are allowed to access corporate services and applications. In addition, 54% consider security posture checks continuously upon user access to be “very important.”
However, only 28% of respondents say they are conducting security posture checks. Even fewer are doing it continuously, with only 35% of those doing security posture checks continuously upon access. 29% only do security posture checks on a monthly—or longer—basis.
To stop device-related threats, 73% of respondents rely on firewalls, with 70% using malware or antivirus protection, 68% implementing endpoint protection platforms (EPP), and 51% using extended detection and response (XDR) solutions. However, even with a combination of these tools in place, confidence in current device security is low.
“Zero trust offers a way to bolster device security posture for end user devices and access control but legacy tools have not fully addressed the implementation obstacles to apply zero trust to device access,” said Ran Lampert, CEO, Infinipoint.