If you were having doubts about the efficacy of a zero trust approach to cybersecurity, recently released research suggests that such a network architecture is expected to double the efficacy of cybersecurity products.
The research, conducted by Osterman Research on behalf of cybersecurity firm Symmetry Systems, found from a survey of 125 IT and security decision-makers that they expect a zero trust architecture to dramatically help stop data breaches.
According to the white paper, the highest anticipated increase is in the ability to stop data breaches—with a 144% increase in anticipated efficacy from the assessment of efficacy before zero trust (25%) to the assessment after zero trust (60%).
Zero trust is also expected to lead to an 83% increase in the ability to stop ransomware, the research found.
When asked what organizations are focusing on when designing its zero trust architecture, 73% of respondents say they are focused on identity and access management for employees as the key design modification.
According to the whitepaper, addressing internally-facing identity and access management concerns is viewed as almost twice as important as the same concerns for external entities, such as supply chain partners.
“Every organization must start somewhere with zero trust, and strengthening internal issues is critical to get right,” the paper reads. “We hope that organizations do not neglect the other issues above as their internal strategies mature, because the external threats— including supply chain attacks—are increasingly significant.”
However, many organizations are struggling with implementing a zero trust approach due to existing legacy systems, such as the inability to leverage contextual signals to determine which micro-segmentation policy is appropriate. More than half (55%) of respondents said legacy systems were a key barrier.
The research identifies many recent trends impacting the decision to embrace a zero trust architecture, but high-profile cybersecurity incidents led the way, with 53% of respondents citing that as their reason for adopting zero trust.
Others cite remote work (51%), general ransomware attacks (51%), credential theft (45%), hybrid work (45%) and other factors.
However, just 18% said a previous data breach or security incident was impactful enough to move them toward zero trust, suggesting that significant media attention of cybersecurity incidents plays a larger role in an organization’s IT security strategy.
“Today’s threat environment is drastically different from what we have experienced even in recent years – with relentless cyberattacks, the adoption of cloud services and mass remote or hybrid work,” said Michael Sampson, senior analyst at Osterman Research, in a statement. “Many organizations have begun the transition to a zero trust architecture and those who have not are behind the curve.”