Cloud adoption continues to grow and accelerate across a diverse range of environments. 

But despite – or perhaps because of – this, IT and security leaders are not confident in their organization’s ability to ensure secure cloud access. Further compounding this is the fact that traditional tools are falling far behind increasingly complex and ever-evolving cybersecurity risks. 

One solution to this confluence of factors: zero-trust network access (ZTNA). This strategic approach to cybersecurity seeks to eliminate implicit trust by continuously validating every stage of digital interaction. 

“Clearly what’s showing up time and again is that traditional legacy security tools are not working,” said Jawahar Sivasankaran, president and chief operating officer of Appgate, which today released the findings of a study examining pain points around securing cloud environments and the benefits of ZTNA. 

“Traditional tools are no longer adequate to mitigate against modern threats that we are seeing,” Sivasankaran said. “There’s a clear need to move toward a zero-trust approach.” 

Cloud insecurity

A new study, “Global Study on Zero Trust Security for the Cloud,” conducted by Ponemon Institute on behalf of Appgate, surveyed nearly 1,500 IT decision makers and security professionals worldwide. Respondents’ organizations represented a diverse mix of public and private cloud and on-premises infrastructure, as well as varying container adoption rates and cloud IT and data processing.

Notably, the survey indicates that there are many motivators for cloud transformation, but organizations still face numerous barriers in securing cloud environments. 

Top identified motivators include increasing efficiency (65%), reducing costs (53%), improving security (48%) and shortening deployment timelines (47%).

On the other hand, top barriers identified by respondents include: 

    The survey also found that 60% of IT and security leaders are not confident in their organization’s ability to ensure secure cloud access. Furthermore, 62% of respondents said that traditional perimeter-based security solutions are no longer adequate to mitigate the risk of threats like ransomware, distributed denial of service (DDoS) attacks, insider threats and man-in-the-middle attacks.

    And while cloud-native development practices continue to grow over the next three years, 90% of respondents will have adopted devops and 87% will have adopted containers – yet modern security practices aren’t as widespread. 

    For instance, only 42% of respondents can confidently segment their environments and apply the principle of least privilege, while just around a third of organizations have no collaboration between IT security and devops — ultimately presenting a significant risk, according to Sivasankaran. 

    “There are a plethora of security technologies for the cloud,” he said. “What this is highlighting is the low level of confidence that organizations have in these technologies.”

    Additionally: 

      Trusting in security

      According to Markets and Markets, the global zero-trust security market size is expected to reach $60.7 billion by 2027, representing a compound annual growth rate (CAGR) of more than 17% from 2022 (when it was valued at $27.4 billion). There have also been many high-profile calls to action in the area – such as a mandate from the U.S. White House that federal agencies meet a series of zero-trust security requirements by 2024.

      Still, the survey appears to indicate that zero-trust security may be dismissed by some as a buzzword or a trendy concept.

      For instance, more than half (53%) of respondents that don’t plan to adopt zero trust said they believe that the term is “just about marketing.” Still, many of those same respondents highlight ZTNA capabilities as being essential to protecting cloud resources. This, Sivasankaran noted, points to confusion around what “zero trust” actually means. 

      At its simplest definition, zero trust works to secure organizations by eliminating implicit trust and continuously validating every stage of digital interaction. This applies to networks, people, devices, workloads and data, Sivasankaran explained. 

      He identified the key concepts of zero trust as being secure access;, identity-centricity, and least privileged-based access models that only grant access to what users truly need. 

      From a network perspective, this means: 

        From a people perspective, it means:  

          From a device perspective:  

            From a workload perspective:  

              Ultimately, Sivasankaran said, “the key for customers is to focus on zero trust as a framework, a principle; not as a product.”

              It is essential, he added, to provide for remote access, enterprise access, cloud access, and IoT access. “You want to make sure customers and organizations are getting access to the right data so that they can make quick decisions.” 

              Zero trust done right

              As Sivasankaran said, adopting zero trust doesn’t just help organizations safeguard their hybrid cloud environments, it actually enables – and even accelerates – cloud transformation initiatives. 

              Survey respondents identified the top benefits of adopting ZTNA as: 

                “When done right, zero trust can drive meaningful efficiency and innovation across the entire IT ecosystem for both the security and business sides of an organization,” Sivasankaran said, “rather than just being an add-on security tool.” 

                Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, agreed and described organizations as being at a crossroads: They understand that legacy security solutions “aren’t cutting it in the cloud,” but they also have growing needs when it comes to mitigating risk.

                “Zero trust can help address such challenges,” he said, “while also offering benefits beyond cloud security, particularly around increased productivity and efficiency for IT teams and end users alike.”