Cybersecurity Leaders See Zero Trust as the Future of Computing
More than 80% of cybersecurity decision makers see Zero Trust as the future of IT security, but that trust isn’t trickling down to their stakeholders.
Only 52% of security teams were considered Zero Trust supporters at the start of the implementation. And only 40% of operational business or technology teams could be considered Zero Trust supporters despite having responsibility for maintaining the processes and technologies to enable its adoption.
These statistics come from a study commissioned by Datacom and conducted by Forrester Consulting and should be cause for concern for any Australian organization looking to adopt a Zero Trust cybersecurity strategy.
Senior executives who have rolled out a new company-wide strategy or major technology know that buy-in from across the organization makes the difference between success and failure.
Receive daily company news.
The latest stories, funding information and expert advice. Free registration.
But the solution for Zero Trust Membership might be relatively simple. The results of the study – which included a survey of more than 200 cyber decision makers – showed that 52% of cyber leaders considered their technical capabilities essential to driving Zero Trust programs, while only 13% considered communication as important.
Neglecting the importance of communication is one of the fastest ways to lose buy-in. On the other hand, if people understand the value of Zero Trust, they can champion its adoption.
The simplest description of Zero Trust is that it is an approach that protects your people, information and organization by giving the right people access to the right data and applications and removing unnecessary risk.
Benefits of its approach include greater visibility into an organization’s security posture and simplified and secure access to technology and information for employees working remotely or in a hybrid working model.
Survey results show that these benefits are well recognized by cybersecurity leaders with 83% consider Zero Trust to be critical to the future of their organization’s security, but their enthusiasm doesn’t trickle down to all of their stakeholders.
Nearly half (48%) of decision makers surveyed acknowledged that their “stakeholders struggled to understand the business value of adopting a Zero Trust approach.”
Other barriers identified include the misconception that Zero Trust is expensive and requires a complete IT overhaul (74%), difficulty knowing where to start (42%) and a lack of understanding of the definition of Zero Trust (36%).
Companies and their cyber leaders need to be highly motivated to overcome obstacles and embrace Zero Trust given the security challenges they face.
Three of the biggest IT security challenges for cyber decision-makers in Australian organizations were identified: meeting privacy requirements (61%), the changing/evolving nature of IT threats (60%) and creating a culture data management (39%). %). A Zero Trust approach addresses each of these challenges.
The other major challenge is the unavailability of security employees with the right skills (54%), but this should arguably be another driver in moving to Zero Trust and implementing processes and technologies that introduce built-in protection for an organization’s data and applications.
Another potential issue highlighted by the study results is how organizations choose to implement Zero Trust. When respondents were asked to describe how their company was adopting Zero Trust, 69% said their organization was “adopting Zero Trust piecemeal rather than taking a structured big bang approach.”
Although a more gradual implementation of a Zero Trust strategy may seem attractive from a resource perspective, it is an approach that can lead to inefficiencies and ultimately lead to integration and operational costs later.
With signs of global moves towards adopting Zero Trust as a best practice, including with the Biden administration directing all US government departments to adopt an approach as part of its National Cybersecurity Policy – most organizations see the decision to change as a case of “when” not “if”.
For Australian leaders embarking on the adoption of Zero Trust, one of the critical steps should be to fully communicate its value to stakeholders at all levels of your business and take a holistic approach to implementation. .
The full study commissioned by Datacom and conducted by Forrester Consulting can be found here.
*A commissioned study conducted by Forrester Consulting on behalf of Datacom over the period March-May 2022. The survey included 204 decision makers responsible for cybersecurity in Australia (60%) and New Zealand (40%). Firm size ranged from 200-499 employees to 20,000 or more employees.