The State of Zero-Trust Security Strategies

This will bring further improvements in business productivity (did you ever notice that getting the “zoomies” means the opposite in people vs pets?). But it will make it even harder to gauge whether somebody on a device connecting to business resources really is who they say they are.

As a result, many organizations are shifting how they do cybersecurity, moving away from simply trusting that if people can login they must be ok. Instead, they’re taking a more skeptical approach that goes beyond just checking credentials up front to always verifying that people anywhere really are who they claim to be and that they have explicit permission every time they access enterprise resources and use data from them—continuously. Put the two together and you get the modern definition of Zero Trust.

To help people see how Zero Trust might fit into their own plans and learn some of the emerging best practices, Forcepoint sponsored a study by the analyst firm ESG that surveyed more than 400 IT and cybersecurity professionals across a range of industries and sizes. Within their respective organizations, these were the people personally responsible for driving zero trust security strategies including the evaluation, purchase decision, and the management of security products and services in support of these initiatives.

Here's an example of of an insight from the survey:

Several additional key trends continue to emerge. Most organizations see Zero Trust as a journey, adopting it for a single use, such as providing Zero Trust Network Access (ZTNA) access to internal private apps without VPNs, and then adding more over time. In fact, the most common emerging model for cybersecurity platforms, SASE, is now seen as an ideal way for delivering Zero Trust-as-a-service (ZTaaS). And Zero Trust is helping reduce security costs.

It’s a quick read that I think you’ll find worthwhile. Download the ESG whitepaper here.