It’s been nearly two decades since Forrester analyst John Kindervag brought the concept of zero trust into the mainstream, advising organizations to trust no one and verify everything. Easier said than done, our respondents might say. While respondents almost universally regard zero trust as the right path forward, less than a third have actually implemented it in their organizations. Many blame the high costs of implementation and the complexities of introducing zero trust practices to existing workflows. Others say they can’t get leadership buy-in and struggle to show ROI for something that defies easy explanation.
Zero trust isn’t a security solution, it’s a strategy. It doesn’t have to mean ripping and replacing legacy IT, but sometimes it does require that. It’s not supposed to disrupt the user experience, but its emphasis on authentication and least privileged access could frustrate those unaccustomed to the extra scrutiny.
“Our culture values employee empowerment and collaborative innovation,” writes one respondent. “To some, zero trust is considered draconian.”
In this report, we examine how organizations are facing this dilemma, and the factors that have helped some organizations make the leap where others have stalled. We hope that this research contributes to the dialogue and provides data to help organizations better understand and translate zero trust to key stakeholders.