Cybersecurity In-Depth

The Edge

Security Teams Struggle to Get Started With Zero Trust

Nearly a third of respondents in a Dark Reading survey on endpoint security strategy say zero trust is too confusing to implement.

Ask about corporate endpoint security strategy and zero trust inevitably comes up in the conversation. Even U.S. President Biden is talking about zero trust. While the growing number of threats to end-user devices and the increasingly distributed computing environment is fueling interest in zero trust, it is also a source of confusion for IT and security decision-makers, according to Dark Reading’s "2022 Endpoint Security Survey."

Vetting and authenticating every access request to enterprise systems, applications, and data – regardless of whether the request originated within or outside the network – is a key part of the zero-trust model, but organizations are facing multiple challenges on their zero-trust journey. Just over a fifth – or 21% of respondents – say they have no idea which product to buy or which vendor to work with. Another 11% say they feel overwhelmed and don't know where to start.

That level of confusion is concerning, considering that interest in zero-trust network access is growing. While 22% identified zero trust as a major area for change in 2021, that figure doubled to 44% in 2022. A little over half of the respondents in the survey (52%) say they have not yet implemented a zero-trust initiative internally but are working on doing so this year.

But if a third of the respondents in the survey are struggling to get started, or even figuring out what they need to do, that means a lot of zero-trust initiatives are going to potentially flounder.

Some of the challenges are expected: Sixty-eight percent say they had to develop new security controls or practices to support zero trust, while 52% say users need training on new policies.

Multiple surveys – not just this one – show that security decision-makers consider zero trust as a top priority, or one of the top priorities, for their organizations. But for many respondents, zero trust is still an uphill climb.

Read more about how enterprises are addressing endpoint security threats in a post-pandemic world.