According to Gartner, only one-tenth of large enterprises will have “mature and measurable” Zero Trust programs by 2026, and even those that do will not be able to mitigate the impact of attacks with their controls. will notice more and more.
Analysts claim that Zero Trust adoption will grow over time from just 1% today, demonstrating the difficulty of realizing the plan.
Zero Trust got a big boost with the 2021 Executive Order of the President of the United States, which forced federal agencies to adopt Zero Trust.
But it is by no means a silver bullet. Gartner warns that over the next three years, more than half of all cyberattacks will be focused in areas not covered and unmitigated by Zero Trust controls.
Gartner VP Analyst Jeremy D’Hoinne said:
“This could be scanning and exploiting public APIs, or targeting employees through social engineering, bullying, or exploiting flaws by allowing employees to create their own “bypasses” to circumvent strict Zero Trust policies. may take shape. “
But despite this, Gartner says this approach still provides a valuable way to reduce risk and limit the impact of many threats.
“Many organizations have established infrastructure using implicit rather than explicit trust models to facilitate access and operation of workers and workloads. It exploits implied trust to create malware that moves laterally to achieve its goals.”
“Zero Trust is a mindset shift to address these threats by requiring continuously evaluated, explicitly calculated and adaptive trust between users, devices and resources.”
CISOs and risk management leaders should start by defining the scope of their enterprise Zero Trust program and then focus on identity first. Keep in mind that Zero Trust is as much about people and processes as it is about technology, he continues Watts.
Editorial Credit Icon Image: T. Schneider / Shutterstock.com
