SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
Gartner
#
Zero Trust Security
Gartner survey reveals challenges in zero-trust strategy implementation
Tue, 23rd Apr 2024
Author image
By Sean Mitchell, Publisher
Follow us

A recent global survey by Gartner has revealed that while 63% of organisations have fully or partially implemented a zero-trust strategy, this approach typically covers half or less of an organisation’s environment. Moreover, it often mitigates merely a quarter or less of the overall enterprise risk.

78% of the surveyed organisations investing in a zero-trust strategy allocated less than a quarter of their total cybersecurity budget towards this initiative. This suggests that businesses are grappling with the scale of investment and operational overhaul required to fully implement zero-trust security protocols.

Interestingly, 56% of organisations chose to follow this pathway as they regard zero trust as an industry best practice. However, confusion prevails regarding the top practices for zero-trust implementations. In the words of John Watts, VP Analyst, KI Leader at Gartner, "Despite this belief, enterprises are not sure what top practices are for zero-trust implementations. For most organisations, a zero-trust strategy typically addresses half or less of an organisation’s environment and mitigates one-quarter or less of overall enterprise risk."

In the same report, Gartner details three primary top-practice recommendations for security leaders aiming to utilise a zero-trust strategy. Firstly, organisations must determine the scope of their zero-trust strategy in the early stages. According to the survey, surprisingly, only 16% of respondents believed their zero-trust strategy would cover 75% or more of the organisational environment. Watts points out that "scope is the most critical decision for a zero-trust strategy."

Secondly, Gartner underscores the importance of communicating zero-trust strategic and operational metrics to measure success. These metrics need to be tailored towards specific zero-trust outcomes rather than re-used from other cybersecurity areas. Watts highlights that "Zero-trust efforts deliver on specific outcomes—such as reduction of malware’s lateral movement on a network—often not captured by existing cybersecurity metrics."

Finally, organisations must anticipate increases in cost and staffing requirements. 62% of organisations expect their costs will go up, and 41% anticipate a rise in staffing needs due to zero-trust implementation. Yet, only 35% of organisations have encountered a failure that disrupted their zero-trust strategy implementation. As Watts concludes, "The budget impacts of organisations who adopt a zero-trust strategy will vary based on the scope of the deployment as well as how robust the zero-trust strategy is early in the planning process."

These insights shed light on the broader challenges and strategies organisations need to consider while implementing zero-trust. The complexities of the modern security landscape require nuanced approaches tailored to individual business contexts and risks, and one-size-fits-all compliance with perceived best practices is unlikely to suffice.

Related stories
CrowdStrike & TCS unite for AI-driven cybersecurity revolution
Qualys launches MSSP Portal to streamline partner management in cybersecurity
Businesses weigh up transition from best-of-breed to platform security
Halcyon introduces Ransomware Warranty Program for enhanced protection
Senetas lands record-breaking Middle Eastern encryption hardware order
Top stories
Resilience named as National Cyber Resilience Centre Group Ambassador
Cybersixgill launches third-party module to tackle cybersecurity risks
Absolute Security to reveal next-gen cyber resilience at RSA Conference 2024
Teradata expands Strategic Collaboration Agreement with AWS
New Relic integrates with Atlassian for innovative engineering solutions