Zero Trust goes beyond “simply” protecting valuable data and mission-critical services within hybrid cloud environments
As the emphasis on digital transformation has increased, the Zero Trust concept is increasingly gaining traction among enterprises, indicates a recent survey of nearly 1,500 IT decision makers and security professionals in the U.S., Europe and the Middle East (EMEA) and Latin America (LATAM).
The study, done by Ponemon Institute on behalf of Appgate, a secure access provider, shows a definite correlation between the achievement of cloud transformation goals and the application of Zero Trust security techniques to reduce dispersed IT infrastructure risks.
This report presents consolidated global findings and insights from the research. According to the study, there is enormous cloud environment diversity in respondents’ organizations. Specifically, there are varied mixes of public/private clouds and on-premises infrastructure, different adoption rates for containers and disparate portions of IT and data processing in the cloud. However, as the research reveals, the drivers of cloud investments are broadly consistent from region to region. Overall, increasing efficiency is the top motivation for cloud transformation, according to 62 percent of respondents. The second most common motivation is reducing costs (53 percent) followed by a virtual tie between improving security (48 percent) and shortening deployment timelines (47 percent).
New cybersecurity risks not addressed by traditional solutions
Cloud transformation has its own set of security risks and challenges. In fact, nearly 50 percent of respondents, according to the survey, flag network monitoring and visibility difficulties as the most significant challenge, followed by a lack of in-house expertise (45 percent) and a recognition of the increased attack vectors that come with having more resources in the cloud (38 percent). Focusing on specific security threats, 59 percent of study participants indicate account takeover or credential theft is a major concern, just ahead of third-party access risks. This points to widespread worries about secure access to cloud resources by an organization’s users and outside vendors/suppliers alike.
Addressing cloud security risks is a known hurdle, with 36 percent of respondents reporting that the siloed nature of traditional security solutions creates cloud integration challenges. Modern “shift left” development methodologies only partially address the issue and may even add new risks into the mix. For instance, 52 percent of respondents agree or strongly agree that the inability of current network security controls to scale fast enough affect DevOps productivity or introduce vulnerabilities.
Zero Trust is an enabler—not an add-on
The survey results indicate that Zero Trust goes beyond “simply” protecting valuable data and mission-critical services within hybrid cloud environments. In fact, it can drive enterprise productivity gains and accelerate digital transformation. In other words, Zero Trust security principles shouldn’t be regarded as something to add after completing a cloud migration, but instead can be recognized as supporting the speeding up and securing of the transformation. Ultimately, the speed of business is only going to continue to accelerate the adoption of cloud, containers, DevOps and microservices. Zero Trust security can help organizations quickly and securely keep pace with agile cloud deployments.
A comprehensive Zero Trust Network Access solution is the unified policy engine glue that delivers secure access for all users, devices and workloads, regardless of where they reside. The cloud train has left the station and continues to accelerate without regard for increased risk and security complexity. The results of this study demonstrate the ability for Zero Trust principles to help security keep pace.
Need greater visibility
To effectively secure the cloud, organizations need greater visibility of their cloud infrastructures and the ability to secure access to their cloud environments. Respondents in the Ponemon Global Study on Zero Trust Security for the Cloud were asked to rate their organizations’ confidence in the ability to know all cloud computing applications, platforms or infrastructure services on a scale.
According to the study, perimeter-based security solutions are considered inadequate to reducing threats in modern, complex and interconnected enterprise cloud architectures. As shown in Figure 10, 62 percent of respondents say perimeterbased security solutions are no longer adequate to mitigate the risk from ransomware, DDoS attacks, insider threats and man-in-the middle incidents and 58 percent of respondents say solutions such as firewalls, VPNs and NACs are not equipped to secure modern, complex and interconnected enterprise cloud architectures.
Fifty-seven percent of respondents cite the remote/hybrid workplace as introducing new risk to organizations and 55 percent of respondents say moving to the cloud brings new security and compliance risks.
Zero Trust maturity a major barrier
While 65 percent of respondents say Zero Trust increases the productivity of the IT security team perhaps because of confidence in controls over unauthorized access, and Sixty-one percent of respondents say a benefit is stronger authentication using identity and risk posture, the lack of Zero Trust maturity is preventing many organizations from realizing its benefits.
Forty-nine percent of respondents say their organizations have adopted Zero Trust with different levels of maturity. 51 percent of respondents say their organizations are in the planning stage (21 percent) or in the early adoption stage (30 percent). Only 23 percent of respondents say their organizations have achieved full maturity. “The different levels of maturity suggest that Zero Trust is not a one-and-done activity. Rather it should be achieved in a step-by-step manner and integrated into other IT and cybersecurity programs,” the study says.
The experiences of organizations that have already adopted and applied Zero Trust principles— particularly from the high-performing organizations— demonstrate Zero Trust’s efficacy for securing cloud access.
The study says that confident organizations are more likely to adopt certain security practices. High performer respondents say their organizations are more likely to cloak servers, workloads and data so they are not visible or accessible until authenticated (62 percent vs. 43 percent), to integrate security tooling with the IT ecosystem for greater telemetry and automation capabilities (55 percent vs. 42 percent and enforce least privilege for all workload-to workload connections (52 percent vs. 39 percent).
The other respondents are more likely to adopt the following practices: identification device posture and contextual risk as authentication criteria (61 percent vs. 48 percent), provide users with a single access solution that connects to all hybrid workloads or services concurrently (48 percent vs. 38 percent) and implement dynamic policies that adjust in real time as risk posture or context changes (45 percent vs. 36 percent).