Organizations are keen to implement zero trust architecture but have been held back by a continued lack of understanding about what that entails, according to new survey findings.
The survey, sponsored by Attivo Networks and HP Wolf Security, was conducted in January and February 2022 among 300 IT and cybersecurity decision-makers and influencers from the United States. Respondents represented organizations of all sizes and industries. Survey objectives were to gauge how well organizations understand zero trust and to obtain current deployment and usage trends.
With all the attention focused on zero trust, one could reasonably expect that organizations would be in the advanced stages of implementation. But for many, deployment has been slowed by a struggle to fully comprehend the pieces that embody a zero-trust architecture, as well as lack of budget and boardroom buy-in.
Among the findings:
- Only 35% are very familiar with zero trust concepts. The highest percentage — 40% — are only somewhat familiar, and 25% are “a little” familiar.
- Only 36% have implemented zero trust, but another 47% plan to adopt it in the next 12 months.
- Nearly half of those who have not implemented zero trust are constrained by management/investment. Twenty-six (26%) percent cite a lack of management support and an additional 23% cite lack of budget.
- Ransomware attacks and remote worker risks are driving current and planned zero trust strategies. Specifically, 55% said an increase in ransomware is a motivating factor, 53% point to the increased risks from remote workers, and 32% are driven to implement zero trust out of concern over potential supply-chain attacks.
- Only 35% are “highly confident” in their zero trust capabilities. Sixty percent (60%) are moderately confident, and 5% are slightly confident.