Optiv Security has published a report based on a recent survey of cybersecurity leaders that highlights the critical importance of implementing Zero Trust as an effective way to reduce cyber risk.
The survey, which was conducted from June through October of 2021, was in collaboration with Palo Alto Networks and Information Security Media Group (ISMG). Respondents cited Zero Trust as one of the most effective security practices, and 100% acknowledged it as important in reducing their organization’s cyber risk.
Zero Trust is an information security model based on the principle of maintaining strict access controls by not trusting anyone or any action by default, even those already inside the network perimeter. Each transaction is evaluated for need and risk. In other words, assume breach and trust nothing by taking the default position that any entity — user or device — is a potential threat. In a networked world full of threat actors, never trust, always verify.
According to the survey report, the top three reasons for building a Zero Trust strategy are:
- Reduce attacker’s ability to move laterally – 44%
- Enforce least privilege access to critical resources – 44%
- Reduce enterprise attack surface – 41%
“The need for and importance of implementing a Zero Trust strategy remains top of mind for cybersecurity leaders,” says Jerry Chapman, engineering fellow at Optiv and co-author of the book “Zero Trust Security: An Enterprise Guide.” “Optiv’s adaptive, holistic approach provides clients with integrated real-time solutions that provide the type of cyber resiliency needed to identify, manage and respond to today’s internal and external threats.”
While survey respondents agreed on the need for a Zero Trust architecture, they noted several cultural and environmental factors impeding a Zero Trust evolution within their organization. The top three include:
- Too many internal silos/stakeholders for different components of Zero Trust (47%)
- Too many legacy technologies that do not “support” Zero Trust (44%)
- Lack of internal expertise to develop Zero Trust roadmap and policies (39%)
As more organizations have, or plan to, leverage the expertise of external consulting partners to aid in their Zero Trust journey, Optiv is helping clients adopt a Zero Trust approach through a host of gap analysis, best practice deployment and roadmap development services. They are designed to guide cybersecurity leaders and organizations through their Zero Trust strategy by meeting clients where they are and building prioritized roadmaps and action plans based on their needs.
The 150 survey responses came from various sectors, including financial, health care, high tech and government. Forty-three percent of respondents were at the CISO/CSO level at organizations with 1,000-5,000 employees.