Many businesses understand the concept and the benefits, of zero-trust network access (ZTNA (opens in new tab)), and also say they have implemented, or believe to be in the process of implementing, a zero-trust security model.
This is the conclusion of a new report from enterprise security provider Fortinet, which added many of these organizations are probably failing to implement ZTNA properly.
Fortinet’s report, “The state of zero trust” surveyed 472 IT and security leaders from 24 countries, representing nearly all industries and the public sector, finding that for almost a quarter (22%) of respondents, security across the entire digital attack surface, and better user experience for remote work (opens in new tab) (VPN (opens in new tab)), were the two biggest and most significant benefits.
Incomplete zero-trust deployments
Furthermore, a “vast majority” of respondents said to already have a zero-trust strategy in place or in development. For 40%, the strategy is “fully implemented”.
The flipside is that more than half of the respondents said they weren’t able to authenticate users and devices on an ongoing basis. The survey also uncovered that many are struggling to monitor users post-authentication.
With these two functions being the “critical tenets” of the zero-trust philosophy, it makes the researchers wonder: “What type of zero-trust implementation do these organizations really have?”.
“It's possible that although the survey respondents feel they have implemented zero trust, they may not truly have done so. Or perhaps, that they have incomplete deployments,” they concluded.
Picking the respondents’ brains on ZTNA further, the researchers found that 80% felt how implementing a zero-trust strategy across an extended network was never going to be easy. For more than a fifth (21%), it would be extremely difficult.
It is, however, almost universally acknowledged that having zero-trust security solutions fully integrated with the infrastructure, was vital to its success. So is making it work across cloud (opens in new tab)and on-premise, and making it secure at the application level.
- You might also want to check out our list of the best proxies today