Zscaler is a Business Reporter client.
In a world in which technologies, users and services need to seamlessly communicate with one another, the importance of the network as a security authority is decreased. Communication between third parties, home offices, workloads or IoT and edge devices is no longer network-dependent. And yet, everything still has to be secured through a continuous process of validation and verification.
For those working with outdated network and security architectures, the challenges are ubiquitous. Managing them requires a rethink to ensure secure connectivity in the modern IT world. This is where Zero Trust comes in – the principle that no user or application is inherently trustworthy. Policy-based access permissions are monitored using a cloud-based Zero Trust approach, ensuring only authorised sources are allowed to communicate to dedicated destinations.
But Zero Trust can be so much more than a security tool – it can be a business enabler in a landscape of digital transformation and hybrid work environments. However, many organisations are only halfway on the journey to discovering the full potential of both the cloud and Zero Trust as a business enabler – and we want to change that.
Much of the cloud’s potential remains untapped
This year, we spoke with more than 1,900 senior IT decision-makers who have already begun migrating to the cloud, to understand global adoption patterns of cloud-based Zero Trust architectures, the current state of implementation and the barriers to updating their infrastructure to future-proof digital transformation.
The results, captured in The State of Zero Trust Transformation 2023, showed huge potential for positive change. Only 22 per cent of those we spoke to said they were completely confident that they were realising the full potential of their cloud infrastructure. That picture changes depending on location, hitting a low of 14 per cent in EMEA, compared with 42 per cent in the Americas and 24 per cent in Asia. But what is clear everywhere is that there is a lot of room for improvement.
While at first glance security seems to be the main thing standing in the way of true cloud utilisation, the reasons for cloud migration point to a more fundamental issue. IT leaders cited privacy concerns, challenges to data security in the cloud, and scaling network security as the biggest barriers to realising the cloud’s full potential. But when asked about the most important factors for digital transformation initiatives, it was cost reduction, support for new technologies (such as 5G and edge computing), and the management of cyber-risks that were primarily cited, suggesting a lack of understanding of how the cloud can help execute business strategies.
Traditional network security is no longer enough
Cloud concerns aside, decision-makers were much more optimistic about the role Zero Trust plays in the organisational transformation process. And education plays a large part in this.
If you went back five years and brought up “Zero Trust”, the response was often “what does that mean?” Today, that understanding has evolved – and the vast majority of enterprises are considering Zero Trust solutions. In fact, we discovered that more than 90 per cent of IT leaders have installed, are currently implementing, or planning to implement Zero Trust security architecture. More than one in five already have Zero Trust security up and running, another 39 per cent are in the roll-out phase and almost a third are still involved in strategic planning. The fact that fewer than one in 10 companies have no plans to implement Zero Trust, or are unfamiliar with the terminology, underlines the importance companies attach to their security transformation.
That means the question is no longer “what is this?” Instead, it’s “what additional benefits can Zero Trust bring for my organisation?”
Zero Trust for distributed working environments
To answer this question, we first need to understand why organisations are implementing Zero Trust.
These were the top priorities expressed in our study:
- Improving threat or attack detection on web applications and security for sensitive data
- Securing remote access from vendors, partners or to operational technology (OT)
- Securing connectivity for a hybrid workforce
- Reducing the cost and complexity of legacy network security
At the same time, more than two-thirds (68 per cent) of decision makers believe secure cloud transformation is simply not possible with existing network security, or that Zero Trust network access (ZTNA) offers advantages over traditional firewalls and VPNs for remote application access. For these reasons, ZTNA ranks as the highest priority for investing in Zero Trust technologies over the next 12 months.
However, there is still some catching up to do, especially around securing hybrid working environments. Worldwide, only 19 per cent of the IT decision-makers already have a Zero Trust-based infrastructure for their hybrid workplace, suggesting that organisations are still not fully prepared to ensure the security of a highly distributed work environment, almost three years on from the start of the global pandemic. But they are working on it: in addition to those who have already updated their infrastructure, another 50 per cent of IT decision-makers are currently implementing or planning a Zero Trust-based hybrid strategy.
And this is so important, because if a company is not enabling its employees to work in a hybrid way, it’s going to lose those employees. Retention in that regard is vital: companies need to be open to the idea of hybrid work and provide the technology to enable it, which Zero Trust helps to do.
As recent years have shown, user experience is critical to productivity in hybrid work environments. In many companies with traditional network structures, however, employees find themselves confronted with inconsistent access conditions for local and cloud-based applications and data – making it a top reason for more than half of the companies (52 per cent) implementing or planning a Zero Trust-based hybrid work infrastructure. Almost as many – 46 per cent – found employees suffer from lost productivity due to network access issues. Meanwhile, 39 per cent struggle with employees not being able to access applications and data from their personal devices.
These are all factors that contribute to workforce dissatisfaction, so it’s reassuring to see user experience cited as the top reason for adopting a Zero Trust-based hybrid work infrastructure. In fact, just over half of decision-makers agreed that its implementation would help eliminate disparate access experiences for on-premises and cloud-based applications and data.
These assessments reflect the challenge beyond security that hybrid work poses in terms of access, user experience and performance.
Driving transformation
The survey results also pointed to a gap between management and IT leaders, as well as a misunderstanding of the reasons for digital transformation. More specifically, our report shows that companies still view digital transformation as a technology issue – a way to shift spending from internal infrastructure to the cloud rather than categorising it as an integral part of business strategy.
But IT leaders involved in planning future business models understand that transformation can’t just be about moving applications to the cloud. For companies to realise the full potential of digitalisation, network and security transformation have to come together to ensure the short and secure communication paths of users, applications or machines.
As leaders of transformation, CIOs and CISOs have a key role to play in bringing this expanded message of Zero Trust to the boardroom. In addition to reducing IT infrastructure costs and complexity by replacing legacy components, holistic digitisation initiatives are emerging, which will require a focus on the secure communication streams of emerging technologies around 5G, edge computing and services in the cloud. Adequate security is regarded by 30 per cent of decision-makers as the biggest challenge when implementing such innovative projects. Zero Trust approaches offer the right answers to these hurdles.
A need for continued education
Despite high Zero Trust implementation rates, there is still a need for further explanation of the Zero Trust approach, in which nothing and no one is trusted from the outset. On one hand, it is important to reduce fears and uncertainties. On the other, it is about clarifying how Zero Trust-based security can form the basis for further digitisation.
Zero Trust won’t just transform the way in which we do IT. It will change the way in which business can be executed, creating a much more free-flowing environment where one no longer needs to anchor to legacy network infrastructure.
We need to move away from fear, uncertainty and doubt around security. Organisations need to be strategic about what they’re doing and understand that if they have Zero Trust in place or on the horizon, they already have access to great benefits or have taken the right steps. The key here is not necessarily just about building new tech, but to build tech that will help their enterprise become more competitive. And Zero Trust is well placed to provide that functionality as organisations move forward.
Originally published on Business Reporter