Why many security pros lack confidence in their implementation of Zero Trust

Almost half of security professionals don't know where or how to use Zero Trust policies in a hybrid IT environment, says a survey commissioned by security provider Pulse Secure.

Zero Trust has been touted as a necessary security approach in light of cyberthreats. In a nutshell, Zero Trust means that an organization trusts no one and nothing, either internally or externally, when granting access to data, systems, and other assets. As such, all types of access must be verified and authorized before they're allowed.

Zero Trust is a promising concept and one that a lot of organizations are now executing. But many security professionals aren't confident in their ability to apply this type of security in today's IT environments, according to the 2020 Zero Trust Progress report released on Tuesday by Pulse Secure and Cybersecurity Insiders.

SEE: The 6 Business and Security Benefits of Zero Trust (free PDF) (TechRepublic)

The report found that confidence levels around the implementation of Zero Trust are about split down the middle. Some 53% of those polled said they're confident in their ability to set up Zero Trust, while 47% admitted that they lack such confidence.

The lack of confidence among the doubters stems largely from the complexity of IT environments. Specifically, more organizations are operating in a hybrid IT environment with both cloud-based and on-premises infrastructure. And many security pros are unsure exactly how to set up and manage Zero Trust in such a hybrid environment.

confidence-zero-trust-pulse-secure.jpg

Pulse Secure

"Zero Trust holds the promise of vastly enhanced usability, data protection, and governance," Scott Gordon, chief marketing officer at Pulse Secure, said in a press release. 

"However, there is a healthy degree of confusion among cybersecurity professionals about where and how to implement Zero Trust controls in hybrid IT environment–which is clearly reflected in respondents' split confidence levels."

Organizations face other challenges in implementing Zero Trust, particularly when it comes to securing access to key assets. Among respondents, 62% said that overprivileged employees are one challenge in securing access. Some 55% pointed to partner access to sensitive resources as a challenge, while 49% cited access from vulnerable mobile and at-risk devices.

Further, 44% of those surveyed are concerned about public cloud access security, while 43% are worried about exposure from users bringing their own devices onto the network.

"Secure Access starts with appropriate and well-maintained user provisioning but requires entity authentication and compliance checks to invoke conditional access–regardless if a user is remote or on a corporate network, if the device is personal or corporate-owned, or if the application is internal or in the cloud," Gordon said.

Despite the challenges, a full 72% of respondents said their organizations plan to assess, implement, or continue using Zero Trust in some capacity in 2020. 

The overall goal is to mitigate growing cyber threats. More specifically, 85% are looking to use Zero Trust for security and data protection, 70% want it for breach prevention, 56% want it to reduce endpoint and IoT security threats, and 52% see it as a way to reduce insider threats.

The 2020 Zero Trust Progress report is based on a January 2020 online survey of 413 IT and cybersecurity professionals in the US. The point of the survey was to identify the latest enterprise adoption trends and challenges related to Zero Trust security. The respondents ranged from technical executives to IT security practitioners at organizations of varying sizes across multiple industries.

Also see

cybersecurityistock-1132228216valerybrozhinsky.jpg

Image: ValeryBrozhinsky, Getty Images/iStockphoto