More than 80% of cybersecurity decision-makers see Zero Trust as the future of IT security but that confidence is not filtering through to their stakeholders.
Only 52% of security teams were seen as supporters of Zero Trust at the outset of implementation. And just 40% of operational business or technology teams could be counted as supporters of Zero Trust despite having responsibility for maintaining the processes and technologies to enable its adoption.
Those statistics come from a Datacom-commissioned study conducted by Forrester Consulting and they should be a cause of concern for any Australian organisation looking to adopt a Zero Trust cybersecurity strategy.
Senior leaders who have rolled out a new company-wide strategy or major technology know that getting buy-in across the organisation is the difference between success and failure.
But the fix for Zero Trust buy-in could be relatively simple. The results of the study — which included a survey of more than 200 cyber decision-makers — showed that 52% of cyber leaders rated their technical abilities as key to driving Zero Trust programs, while only 13% rated communication as important.
Overlooking the importance of communication is one of the quickest ways to lose buy-in. On the flipside, if people understand the value of Zero Trust they can be champions for its adoption.
The simplest description of Zero Trust is that it is an approach that keeps your people, information and organisation safe by giving the right people access to the right data and applications and removing unnecessary risks.
Benefits of its approach include having more visibility into an organisation’s security status, and improving simplified, secure access to technology and information for employees who are working remotely or in a hybrid working model.
Results from the survey show those benefits are well-recognised by cybersecurity leaders with 83% considering Zero Trust essential to the future of their organisation’s security — but their enthusiasm is not filtering through to all their stakeholders.
Almost half (48%) of the decision-makers surveyed acknowledged their “stakeholders struggled to understand the business value of adopting a Zero Trust approach”.
Other roadblocks identified included the misconception that Zero Trust is costly and requires a total IT overhaul (74%), difficulty knowing where to start (42%) and a lack of understanding of the definition of Zero Trust (36%).
Businesses and their cyber leaders should be highly motivated to address the roadblocks and adopt Zero Trust given the security challenges they are grappling with.
Three of the biggest IT security challenges for cyber decision-makers in Australian organisations were identified as: keeping up with privacy requirements (61%), the changing/evolving nature of IT threats (60%) and building a culture of data stewardship (39%). A Zero Trust approach addresses each of these challenges.
The other major challenge is the unavailability of security employees with the right skills (54%) but arguably that should be another driver for a shift to Zero Trust and the implementation of processes and technologies that introduce inbuilt protection for an organisation’s data and applications.
One other potential issue highlighted by the study results is how organisations are choosing to implement Zero Trust. When survey respondents were asked to describe how their company was adopting Zero Trust, 69% said their organisation was “adopting Zero Trust piecemeal rather than taking a big bang structured approach”.
While a more gradual delivery of a Zero Trust strategy can seem appealing from a resourcing standpoint, it is an approach that can cause inefficiencies and ultimately lead to integration and operational costs further down the track.
With signs of a global shift towards Zero Trust adoption as best practice — including the Biden Administration directing all US government departments to adopt a the approach as part of its national cybersecurity policy — most organisations see the decision to shift as a case of “when” not “if”.
For Australian leaders embarking on Zero Trust adoption, one of the critical steps has to be to fully communicate the value of it with stakeholders at every level of your business, and take a holistic approach to implementation.
The full Datacom-commissioned study conducted by Forrester Consulting can be found here.
*A commissioned study conducted by Forrester Consulting on behalf of Datacom over the period March-May 2022. Survey included 204 decision-makers responsible for cybersecurity in Australia (60%) and New Zealand (40%). Company size ranged from 200-499 employees to 20,000 or more employees.