We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!


A new survey from Optiv Security found that 100% of respondents believe that zero trust architecture is “somewhat” to “critically” important in reducing their enterprise’s cyber risk. They note the top three objectives for embracing a zero trust strategy include reducing attackers’ ability to move laterally, enforcing the least privilege access to critical resources, and reducing the enterprise attack surface.

However, despite acknowledging its importance, only 21% have so far adopted zero trust as a foundational model across their enterprise. Additionally troublesome is that only 32% of respondents consider their enterprises to have high cybersecurity maturity.

Why does this juxtaposition between beliefs and action exist? Survey respondents noted several cultural and environmental factors impeding a zero trust evolution within their organization. The top three include: too many internal silos/stakeholders for different components of zero trust (47%); too many legacy technologies that do not “support” zero trust (44%); lack of internal expertise to develop zero trust roadmap and policies (39%).

According to the survey report, the top three reasons for building a zero trust strategy are: reducing attackers' ability to move laterally at 44%; enforcing least privilege access to critical resources at 44%; and reducing enterprise attack surface at 41%.

Jerry Chapman, engineering fellow at Optiv, believes it wasn’t all that surprising that personnel issues landed at the top of the zero trust inhibitors list. “Organizations are very siloed, and zero trust goes across the organization,” he said. “The silos can cause barriers when you start talking about how to start with zero trust and what framework to drive down.” 

The good news is that organizations lagging behind on the zero trust journey have hope. To overcome the talent and technology hurdles to zero trust, nearly three-fourths of respondents expect to engage external service providers to assist them on their journey. Respondents note their top three reasons to engage third-party providers are to have them assess their current state and identify gaps, recommend process improvements, and build/refine a zero trust road map. 

The road to zero trust is a journey, not a race, and Optiv’s new research report illustrates that many companies are on the path to success. 

Optiv Security’s survey was conducted between June and October 2021 with Palo Alto Networks and Information Security Media Group (ISMG). The survey polled 150 CISOs, CSOs and other security professionals from various sectors, including financial, health care, high-tech and government, to gauge their efforts and investments around zero trust.

Read the full report by Optiv Security.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.

Author
Topics