Overcoming Obstacles To Zero Trust Adoption

Uploaded on 2024-07-30 in TECHNOLOGY--Resilience, FREE TO VIEW

In a world where cyberattacks cost the global economy $8 trillion in 2023, the urgency for organisations to adopt Zero Trust has never been greater. While Zero Trust has been a hot topic for over a decade, research reveals a number of obstacles and roadblocks stopping organisations from fully implementing it. 

Entrust's 2024 State of Zero Trust & Encryption Study, conducted by the Ponemon Institute, surveyed 4,052 IT and IT security practitioners globally and revealed that while over two-thirds of organisations are implementing Zero Trust, many struggle to overcome barriers to adoption, leaving them vulnerable to devastating breaches.

The Adoption Gap

The intensifying threat landscape is a key driver behind the push for Zero Trust. Costs of  cyber breaches are projected to surpass $10.5 trillion by 2025, fuelled by the alarming rise of AI-powered attacks, which saw a 31x increase between 2022 and 2023. Facing this reality, 62% of organisations have begun their Zero Trust journey. 

However, despite widespread acceptance of Zero Trust, adoption is lagging in many regions, particularly the West. The study found only 48% of U.S. organisations and 44% of U.K. organisations are implementing Zero Trust, compared to 73% in Japan and 72% in Singapore. This leaves many organisations exposed to escalating threats. So, what's holding organisations back from fully embracing Zero Trust?

Skills Shortage Stifling Progress

The Ponemon study identifies a lack of in-house expertise as the top challenge, cited by 47% of respondents globally and 60% in the U.S. The cybersecurity skills shortage has been a persistent issue for years, with organisations struggling to find and retain the talent needed to manage a robust digital security practice - including Zero Trust. This gap is a major barrier to progress, leaving security teams overwhelmed and under-resourced.

Budget Woes & Leadership Disconnect

Inadequate budget and resources are major roadblocks, with 46% of respondents citing insufficient personnel as a key challenge in implementing Zero Trust. This is despite 60% of organisations reporting senior leadership support for Zero Trust initiatives. The disconnect is further highlighted by the fact that lack of adequate budget was consistently reported as a top obstacle across the U.S., UK, Canada, and Germany. This suggests that while CISOs have buy-in from the top, it hasn't translated financial commitments to drive successful implementations. Without sufficient resources, Zero Trust projects can stall, leaving organisations vulnerable.

Charting A Path 

While these barriers present significant challenges, they are not insurmountable. By understanding key obstacles to adoption, organisations can develop targeted strategies to overcome them. Let's explore some practical approaches to bridge the gap between Zero Trust aspirations and successful implementation.
Invest in People

Organisations must prioritise investing in their people. This means allocating resources for hiring talent with Zero Trust expertise, as well as providing comprehensive training and upskilling opportunities for existing staff. By developing a robust internal pipeline, organisations can build the expertise needed to drive successful implementations. 

Establish Ownership

Implementing a Zero Trust strategy requires coordinated effort across the entire organisation. Without clear lines of ownership and responsibility, initiatives can lose momentum or create unidentified gaps which put organisations at risk.

To ensure accountability, organisations must establish a dedicated Zero Trust leadership team, with representation from key stakeholders such as IT, security, operations, and business units.

This team should be responsible for defining the Zero Trust vision, setting goals and milestones, and overseeing implementation. 

Leverage AI & Automation

By deploying technologies like machine learning, behavioural analytics, and automated response, organisations can enhance the effectiveness of their Zero Trust controls. For example, AI-powered identity verification can help detect and prevent fraudulent access attempts in real-time, while automated policy enforcement can ensure consistent application of Zero Trust principles across the enterprise. 

Optimise Vendor Ecosystems

Zero Trust cannot be achieved through a single product or solution. It is a holistic approach that requires diverse technologies and tools. While best-of-breed solutions offer specialised capabilities, they can introduce complexity and integration challenges. To strike a balance, organisations must carefully evaluate vendor ecosystems and seek out solutions that seamlessly integrate with existing infrastructure. This may involve consolidating vendors to reduce management overhead and costs. At the same time, organisations should prioritise vendors that offer comprehensive Zero Trust capabilities, such as secure access, multi-factor authentication, and continuous monitoring. 

The Risks Of Inaction

In today’s cyber landscape, risks of inaction are too high to ignore. With hackers, system malfunctions, and unmanaged certificates topping the list of breach concerns for CISOs, delaying Zero Trust adoption could have catastrophic consequences.  

Breaking down the barriers to adoption is not just a security imperative – it's a business necessity. By prioritising Zero Trust, investing in people and tools, and committing to continuous improvement, organisations can build the resilience needed to thrive in an era of relentless threats.

Samantha Mabey is Director of Digital Security Solutions at Entrust 

Image: Ideogram

You Might Also Read: 

Identities Are The Highest Priority Risk Area:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« Olympic Sponsors Are Prime Targets For Hackers
The UK Needs To Move Faster On Nuclear Energy Cybersecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation is Europe's leading centre for research & education in cybersecurity, cybercrime and digital forensics.

Cyber Security Experts Association of Nigeria (CSEAN)

Cyber Security Experts Association of Nigeria (CSEAN)

Cyber Security Experts Association of Nigeria (CSEAN) is a not for profit group of professionals in the field of Information Security in Nigeria and Diaspora.

UK Cyber Security Forum

UK Cyber Security Forum

UK Cyber Security Forum is a community interest group for cyber security companies in the UK.

Adlink Technology

Adlink Technology

ADLINK is a leading provider of embedded computing products and services for applications including IoT and industrial automation.

Dispersive Networks

Dispersive Networks

Dispersive Virtual Network is a carrier-grade software-defined programmable network that is inspired by battlefield-proven wireless radio techniques.

Mexis

Mexis

Irdeto

Irdeto

Irdeto is the world leader in digital platform security, protecting platforms and applications for media & entertainment, gaming, connected transport and IoT connected industries.

CICRA

CICRA

CICRA is Sri Lanka's pioneering cyber security training and consultancy provider.

LaoCERT

LaoCERT

LaoCERT is the national Computer Incident Response Team for Laos.

Stage2Data

Stage2Data

Stage2Data is one of Canada’s most trusted cloud solution providers offering hosted Backup and Disaster Recovery Services.

Cybersec Infohub

Cybersec Infohub

Cybersec Infohub is a Hong Kong government programme to enhance the exchange of cyber security information with industry and enterprises to jointly defend against cyber attacks.

Qrypt

Qrypt

Qrypt has developed the only cryptographic solution capable of securing information indefinitely with mathematical proof as evidence.

Oxford Internet Institute - University of Oxford

Oxford Internet Institute - University of Oxford

The Oxford Internet Institute is a multidisciplinary research and teaching department of the University of Oxford, dedicated to the social science of the Internet.

Luta Security

Luta Security

Luta Security implements a holistic approach to advance the security maturity of governments and organizations around the world.

BAE Systems

BAE Systems

BAE Systems develop, engineer, manufacture, and support products and systems to deliver military capability, protect national security, and keep critical information and infrastructure secure.

endpointX

endpointX

endpointX is a preventative cyber security company. We help companies minimize their risk of breach by improving cyber hygiene.