Today’s chief information security officers (CISOs) are challenged from all sides. The scale of threats facing their organizations and the size of the corporate attack surface are such that security breaches are a case of "when," not "if." That makes Zero Trust an increasingly popular approach. It assumes that your organization has already been breached. And it requires continuous, dynamic authentication and verification of users and devices so that they can access key resources. But making this a reality first requires the right type of segmentation approach.
To find out more about how U.K. organizations are faring, we recently commissioned Sapio Research to poll senior IT security decision-makers in the country. Reassuringly, Zero Trust and segmentation are being adopted by the majority of respondents. However, technical and cultural challenges remain, not least over legacy approaches to segmentation.
What we found
Like their counterparts in North America and across the globe, U.K. CISOs have been struggling to protect the business over the course of the pandemic. Major digital investments to support mass remote working and new ways to reach customers have largely succeeded. But they also opened the door to an influx of malicious activity. These challenges will remain long after the pandemic has receded.
Zero Trust offers something of a bulwark against serious cyber risk, which is why 91% of U.K. respondents told us it's "extremely" or "very" important to their security model. Just 2% have no plans to implement Zero Trust.
Here are some of the other key findings of the report:
Organizations are already seeing major benefits: The most common was "securing critical and confidential data" (60%), followed by "reducing risk exposure" (54%).
Technological and cultural barriers exist: These include legacy tech, cost and resource challenges, and resistance to change.
Network segmentation is widespread, but approaches differ: The good news is 92% of respondents are segmenting their networks, but most do so via legacy methods like virtual firewalls and network-based segmentation, which have drawbacks.
There's plenty in the report to be optimistic about. While barriers exist, there's nothing insurmountable. Many of the cost, resource and even cultural challenges we found could be overcome if CISOs started out small, with bite-sized projects that can demonstrate quick wins to convince sceptical board members.
Their choice of segmentation technology is also critical. Legacy approaches don't offer the scale or ease-of-use needed to deliver effective Zero Trust across a growing technology stack. Instead, CISOs should follow the third (32%) of their counterparts who said they use micro-segmentation at a workload level.
This is how Illumio Core works, collecting data on how workloads interact in order to generate application-centric policies. The resulting rules are then automatically pushed to native firewalls to enforce these policies. It's all about simple deployment, broad visibility, and consistent protection enhanced by risk-based policy recommendations.
To learn more:
- Check out this overview for more on Illumio's approach to Zero Trust segmentation.
- Read the full report, The Current State of Zero Trust in the United Kingdom: Barriers and opportunities for improved security practices.