Global Study on Zero Trust Security for the Cloud

Implementing Zero Trust security methods doesn’t just safeguard hybrid cloud environments, but actually enables—and likely even accelerates—cloud transformation, according to a survey of nearly 1,500 IT decision makers and security professionals in the U.S., Europe and the Middle East (EMEA) and Latin America (LATAM).

The survey, conducted by Ponemon Institute on behalf of Appgate, the secure access company, reveals a clear link between the implementation of Zero Trust security measures to mitigate distributed IT infrastructure risks and the realization of cloud transformation objectives.

Different cloud environments, but consistent motivations

This report presents consolidated global findings and insights from the research. According to the study, there is enormous cloud environment diversity in respondents’ organizations. Specifically, there are varied mixes of public/private clouds and on-premises infrastructure, different adoption rates for containers and disparate portions of IT and data processing in the cloud. However, as the research reveals, the drivers of cloud investments are broadly consistent from region to region.

Overall, increasing efficiency is the top motivation for cloud transformation, according to 62 percent of respondents. The second most common motivation is reducing costs (53 percent of respondents) followed by a virtual tie between improving security (48 percent of respondents) and shortening deployment timelines (47 percent of respondents).

New cybersecurity risks not addressed by traditional solutions

But cloud transformation has its own set of security risks and challenges. In fact, nearly 50 percent of respondents flag network monitoring and visibility difficulties as the most significant challenge, followed by a lack of in-house expertise (45 percent) and a recognition of the increased attack vectors that come with having more resources in the cloud (38 percent).

To read the entire study, download it from the website.

To hear Larry on a podcast discussing the study, visit the Zero Trust Thirty podcast.

Focusing on specific security threats, 59 percent of study participants indicate account takeover or credential theft is a major concern, just ahead of third-party access risks. This points to widespread worries about secure access to cloud resources by an organization’s users and outside vendors/suppliers alike.

Addressing cloud security risks is a known hurdle, with 36 percent of respondents reporting that the siloed nature of traditional security solutions creates cloud integration challenges. Modern “shift left” development methodologies only partially address the issue and may even add new risks into the mix. For instance, 52 percent of respondents agree or strongly agree that the inability of current network security controls to scale fast enough affects DevOps productivity or introduces vulnerabilities.

Zero Trust Network Access (ZTNA) offers a proven solution

The research also reveals that Zero Trust Network Access (ZTNA) is a practical solution to cloud security pain points poorly addressed by the over-privileged access approach of siloed solutions and traditional perimeter defenses. As evidence, the top two security practices identified as being the most important to achieving secure cloud access are enforcing least privilege access (62 percent of respondents) and evaluating identity, device posture and contextual risk as authentication criteria (56 percent of respondents).

Ranking third and fourth are a consistent view of all network traffic across IT environments (53 percent of respondents) and cloaking servers, workloads and data to prevent visibility and access until the user or resource is authenticated (51 percent of respondents). The robust capabilities of ZTNA directly addresses all four of these major cloud security practices deemed as necessities.

Zero Trust is a victim of its own success

The survey also hints that Zero Trust security may be dismissed by some as a buzzword despite high-profile industry calls for action, including a U.S. White House mandate for federal agencies to meet a series of Zero Trust security requirements by 2024. However, there is evidence that this dismissal is based on a poor understanding of what Zero Trust actually is. For example, of those respondents who have not deployed ZT, roughly a quarter of respondents point to it as being “just about marketing”. Many of these respondents also highlight specific ZTNA capabilities as being essential to protect cloud resources.

Similarly, many of the respondents who indicate that their organizations are not implementing Zero Trust nevertheless believe that security components that strongly align with Zero Trust security principles are important. This further indicates the confusion about what Zero Trust security actually means.

Those who have knowingly adopted Zero Trust tenets (49 percent of respondents) report a range of benefits. Of the 49 percent of respondents, 65 percent of respondents say the top benefit is increased productivity of the IT security team, followed by stronger authentication using identity and risk posture (61 percent of respondents) and a tie between increased productivity for DevOps and greater network visibility and automation capabilities (both 58 percent of respondents).

Zero Trust is an enabler not an add-on

These benefits suggest that Zero Trust goes beyond “simply” protecting valuable data and mission-critical services within hybrid cloud environments.  In fact, it can drive enterprise productivity gains and accelerate digital transformation. In other words, Zero Trust security principles shouldn’t be regarded as something to add after completing a cloud migration, but instead can be recognized as supporting the speeding up and securing of the transformation.

Ultimately, the speed of business is only going to continue to accelerate the adoption of cloud, containers, DevOps and microservices. Zero Trust security can help organizations quickly and securely keep pace with agile cloud deployments. A comprehensive Zero Trust Network Access is the unified policy engine glue that delivers secure access for all users, devices and workloads, regardless of where they reside. The cloud train has left the station and continues to accelerate without regard for increased risk and security complexity. The results of this study demonstrate the ability for Zero Trust security to help security keep pace.

To read the entire study, download it from the website.

To hear Larry on a podcast discussing the study, visit the Zero Trust Thirty podcast.

Leave a Reply

Your email address will not be published. Required fields are marked *