Survey Reveals Challenges of Zero Trust Implementation

In cybersecurity, zero trust has been a hot topic for years, and most experts support the concepts behind the zero trust security model. Instead of assuming anyone or anything that has gained access to the network can be trusted, zero trust assumes the opposite. Nothing can be trusted anywhere, whether outside or inside the network perimeter.

According to a survey from Fortinet, although many organizations have a vision for zero trust, that vision isn't necessarily being translated into the solutions they're able to put in place. And granting too much trust can have dire consequences. According to IBM, the global average cost of a data breach is now at a whopping $4.24M. That said, it's no surprise that more organizations are looking to shift from implicit trust to zero trust.

Examining the Key Tenants of Zero Trust Implementation

The survey showed that organizations see the benefits of the zero trust security model. When organizations were asked what they perceived as the most significant benefit of a zero trust solution, 22% said, "security across the entire digital attack surface," followed closely by "better user experience for remote work (VPN)."

Not only do organizations believe in zero trust, but a vast majority of the survey respondents reported that they already have a zero trust and/or zero trust network access (ZTNA) strategy in place or development. In fact, 40% report that their strategy is fully implemented.

But here's where zero trust ideas crash into reality. More than half of the respondents don't have the ability to authenticate users and devices on an ongoing basis and are struggling to monitor users post-authentication.

These functions are critical tenets of the zero trust philosophy, which makes you wonder what type of zero trust implementation these organizations actually have. It's possible that while the survey respondents feel they have implemented zero trust, they may not truly have done so. Or perhaps, that they have incomplete deployments.

Either way, the resulting lack of security is concerning.

Zero Trust Implementation May Be Easier Said Than Done

Interestingly, although respondents reported that they understand zero trust concepts, more than 80% felt that implementing a zero trust strategy across an extended network wasn't going to be easy. Most of them (60%) report it would be moderately or very difficult, and another 21% said it would be extremely difficult. Survey respondents almost universally acknowledge that it is vital for zero trust security solutions and services to be integrated with their infrastructure, work across cloud and on-premises environments, and be secure at the application layer.

However, even if they do realize the importance of integration, the most prominent challenge organizations report facing in building a zero trust strategy is the lack of qualified vendors with a complete solution.

Zero Trust Needs to Happen

With more organizations supporting remote work and work-from-anywhere initiatives, zero trust is not likely to go away. The more people work from anywhere, the less secure a traditional perimeter-based approach becomes. Because the zero trust philosophy is about "securing work and learning everywhere," it is a good way to secure hybrid working models and should be included as part of any comprehensive cybersecurity strategy.

An effective zero trust solution requires elements designed to work together as an integrated system to prevent the types of security and management gaps that have challenged survey respondents. For example, the Fortinet Security Fabric unifies the broad portfolio of Fortinet zero trust, endpoint, and network security solutions to deliver security, services, and threat intelligence that can automatically follow users across distributed networks. This unified approach enables proactive, integrated, and context-aware security that automatically adapts to where users are, what device they are using, and what resources they are accessing.

Access the full report or learn about how to better secure access for remote users to applications anywhere with Fortinet Zero Trust Network Access.

Learn more about how the Zero Trust Education Pathway including certifications from the Fortinet NSE Institute can help you navigate the knowledge, skills and abilities needed to grow your career in Zero Trust Access.