A survey of 1,000 IT, security and engineering professionals based in North America finds that most organizations are still struggling to manage and secure access to corporate networks.

Conducted by partnership with the research firms Kelsey White and PureSpectrum on behalf of Tailscale, a provider of a virtual private network (VPN) service, the survey finds nearly all (99%) want to redesign their company’s access and networking setup from the ground up, with 90% report limitations such as security risks, latency, or operational overhead. More than a quarter (26%) want more automation to reduce manual approvals and delays.

Nearly half of respondents (49%) say their access infrastructure is not scalable, and 41% believe it will fail to meet their needs within just two years. More troubling still, 83% of respondents admit they actively bypass security controls to get their work done.

Specifically, nearly half want better security (49%), followed closely by increased speed and performance (45%) and scalability (38%). However, 42% said they have delayed security upgrades due to “risk of disruption to workflows or integrations,” followed closely by conflicting leadership priorities as a reason for delay (39%).

Only 29% use identity-based access as their primary model, with more than two-thirds (68%) still managing access controls manually.

A full 92% use multiple tools for network security, with more than a quarter (28%) using four or more tools. A total of 29% cite integrating new tools as a major issue, with more than two-thirds (68%) hearing or having complaints about network access on a weekly or monthly basis.

Tailscale CEO Avery Pennarun said the survey makes it clear that from both from cybersecurity and a usability perspective, the state of network access is still widely broken.

On the plus side, the survey does find nearly half of companies (48%) are actively trying to consolidate tools, with just over a quarter noting a full IT stack refresh would trigger reconsideration of their access tools. Nearly half 47% have implemented at least some type of Just-In-Time access or time-limited permissions, with 34% using cloud-based zero-trust network access (ZTNA) platforms, with 27% using peer-to-peer mesh VPNs.

That suggests some level of progress is being made in adopting zero-trust IT policies, but despite the hype, this transition is clearly occurring slowly over an extended period of time, noted Pennarun.

It’s not clear what events motivate organizations to transition to some type of zero-trust approach to network access, but as the volume and sophistication of cyberattacks continue to increase, it is more a question of when rather than if. The issues, as always, are competing budget priorities and resistance to any approach that adds additional complexity to workflows that make it challenging to modernize networks and the tools and platforms required to effectively secure them.

Ultimately, breaches will force the networking issue. Most of the networks still being relied on were designed for a different cybersecurity era. It may not be possible to replace them all overnight, but the pace at which organizations are making that transition clearly needs to be faster than it is at the moment. After all, the longer this transition takes, the more organizations are simply playing into the hands of their cybersecurity adversaries.