Only one-tenth of large enterprises will have mature implementations of Zero Trust by 2026, new Gartner research reveals, highlighting challenges in adopting security frameworks I was.
This was despite the fact that Zero Trust is a top priority for most organizations as a key strategy for mitigating risk. According to Gartner, less than 1% of large enterprises currently have a mature and measurable Zero Trust program in place.
Gartner defines Zero Trust as a security paradigm that explicitly identifies users and devices and grants an appropriate amount of access. This allows you to run your business with minimal friction while reducing risk.
“Many organizations have established infrastructure using implicit rather than explicit trust models to facilitate access and operation of workers and workloads. They exploit implicit trust to create malware that moves laterally to achieve their goals,” said John Watts, vice president analyst at Gartner.
“Zero Trust is a mindset shift to address these threats by requiring continuously evaluated, explicitly calculated, and adaptive trust between users, devices, and resources.” he added.
For organizations to complete the scope of their Zero Trust implementation, Chief Information Security Officers (CISOs) and risk management leaders develop effective Zero Trust strategies that balance the need for security with the need for business operations. According to Gartner, it is important to .
“That means starting with your organization’s strategy and defining the scope of your Zero Trust program,” says Watts. “Once the strategy is defined, CISOs and risk leaders need to start with identities, which are the cornerstones of Zero Trust. need to do it.
“However, CISOs and risk management leaders should not assume that Zero Trust will eliminate cyber threats. Rather, Zero Trust will mitigate risk and limit the impact of attacks.”
Gartner analysts predict that by 2026, more than half of cyberattacks will target areas uncovered and unmitigated by Zero Trust controls.
Gartner Vice President Analyst Jeremy D’Hoinne said:
“This can take the form of scanning and exploiting publicly available APIs. [application programming interfaces] Or they target employees through social engineering, bullying, or exploiting flaws by creating their own ‘bypasses’ to circumvent strict Zero Trust policies,” he added. .
Gartner recommended that organizations implement Zero Trust to improve risk mitigation for their most critical assets and achieve the greatest return on their investment.
However, Zero Trust does not solve all security needs. He adds that CISOs and risk management leaders should implement an ongoing threat exposure management program to manage exposure to threats beyond the scope of the ZTA.
Michael Smith, Chief Technology Officer at Neustar Security Services, called on organizations to review their current security technologies and mitigation plans as demand for Zero Trust measures increases.
“Investments need to operate quickly to deliver time to value and keep up with the accelerating changes we are seeing across the cybersecurity industry, especially if we want to stay ahead of more dangerous threats. All organizations should be committed to current best practices and be aware that they are responsible for their customers’ data,” he added.