Over the last two years, organizations have turned to Zero Trust security and micro-segmentation to better navigate the new normal of surging cyberattacks, cloud computing and work-from-anywhere business models.
But many are still in the early stages of deploying key Zero Trust defenses and face multiple challenges, despite the imperative to keep up with the security demands of today's business reality.
Those are some of the key findings in a Illumio-commissioned study "Trusting Zero Trust" conducted by Forrester Consulting. Based on a survey of 362 decision-makers at organizations in North America, Europe and the Asia-Pacific, the study details both the progress and struggles on the journey to Zero Trust security.
Organizations are turning to Zero Trust and micro-segmentation for their security foundation
Based on the findings from the study, most organizations were caught off guard by the way the pandemic accelerated the pace of technological change. In addition to a more dynamic workforce, that change included an acceleration in cloud adoption.
Leaders were trying to "build the plane" in the air as they struggled with overlapping and conflicting security frameworks and technologies not designed for the new challenges.
Many organizations turned to Zero Trust and micro-segmentation for answers to these mounting security threats. Yet, a lot of these efforts are still in their early stages, with only one-third in deployment and a mere 6 percent completed.
Security teams need organizational support and funding
In the Forrester study, 64 percent of participants reported their security organizations had difficulty earmarking the necessary funding to advance Zero Trust projects. Stakeholder skepticism was the primary reason: They doubted the business value of new security approaches.
Other key challenges included:
- Implementation expertise is in short supply – but many organizations are using the wrong tools for the job in the first place. Sixty-two percent said their organization attempted micro-segmentation with data center firewalls and software-defined networking (SDN) technologies, but these approaches took too long to deploy, were too expensive (53 percent), or didn’t scale (50 percent).
- Identifying the right Zero Trust segmentation pilot is crucial. Respondents need help pinpointing and designing the best pilot with proven segmentation technologies purpose-built for Zero Trust security. With the right pilot, security teams can make a better case for a greater investment.
- Older technologies inhibit adoption The belief that micro-segmentation can best be implemented via ZTNA, ICAM and EIG technologies continues to impede progress.
Investment increases are planned for Zero Trust
Despite previous funding constraints, many firms — two-thirds of study respondents — plan to increase their Zero Trust budgets in 2022. These firms also plan to allocate an average of 36 percent for micro-segmentation.
- Organizations have realized benefits from Zero Trust investments. Study participants noted measurable increases in security operations center (SOC) efficiency from a Zero Trust strategy, as well as the ability to create a well-defined cybersecurity roadmap.
- Micro-segmentation is expected to deliver far-reaching advantages. Micro-segmentation can help in several areas crucial to the new business landscape, including enhancing security for cloud and data center transformations, increasing support for new business and operational models, and proactively reducing risk from ransomware and other threats.
Based on its research, Forrester recommends that organizations prioritize stakeholder buy-in. Without stakeholder buy-in, security leaders won't have access to the resources they need to advance and fine-tune their Zero Trust approach or the flexibility to hire expertise internally and externally.
Forrester also recommends prioritizing business-critical applications for micro-segmentation — a proven approach to successfully operationalizing Zero Trust to ensure complete protection for future networking, compute and cloud environments.
For more recommendations and insights on how organizations are using micro-segmentation to accelerate Zero Trust security adoption, download the Forrester Consulting study "Trusting Zero Trust."