Most companies are failing to implement their zero trust strategies effectively

Hands typing on a keyboard surrounded by security icons
(Image credit: Shutterstock)

Many businesses understand the concept and the benefits, of zero-trust network access (ZTNA), and also say they have implemented, or believe to be in the process of implementing, a zero-trust security model.

This is the conclusion of a new report from enterprise security provider Fortinet, which added many of these organizations are probably failing to implement ZTNA properly. 

Fortinet’s report, “The state of zero trust” surveyed 472 IT and security leaders from 24 countries, representing nearly all industries and the public sector, finding that for almost a quarter (22%) of respondents, security across the entire digital attack surface, and better user experience for remote work (VPN), were the two biggest and most significant benefits.

Incomplete zero-trust deployments

Furthermore, a “vast majority” of respondents said to already have a zero-trust strategy in place or in development. For 40%, the strategy is “fully implemented”. 

The flipside is that more than half of the respondents said they weren’t able to authenticate users and devices on an ongoing basis. The survey also uncovered that many are struggling to monitor users post-authentication.

With these two functions being the “critical tenets” of the zero-trust philosophy, it makes the researchers wonder: “What type of zero-trust implementation do these organizations really have?”.

“It's possible that although the survey respondents feel they have implemented zero trust, they may not truly have done so. Or perhaps, that they have incomplete deployments,” they concluded.

Picking the respondents’ brains on ZTNA further, the researchers found that 80% felt how implementing a zero-trust strategy across an extended network was never going to be easy. For more than a fifth (21%), it would be extremely difficult.

It is, however, almost universally acknowledged that having zero-trust security solutions fully integrated with the infrastructure, was vital to its success. So is making it work across cloud and on-premise, and making it secure at the application level. 

  • You might also want to check out our list of the best proxies today

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.