Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Network Security

11/5/2019
04:50 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

75% of Enterprises Will Adopt a Zero Trust Solution Within a Year – Zscaler

Zero Trust Network Access (ZTNA) services are built to ensure that only authorized users can access specific applications on a network based on business policies.

Zscaler commissioned a report by Cybersecurity Insiders named 2019 Zero Trust Adoption Report. It is the first report to look at enterprise adoption of Zero Trust Network Access (ZTNA). ZTNA services are built to ensure that only authorized users can access specific applications on a network based on business policies.

The report surveyed 315 "IT and cybersecurity" professionals in the US in July and August of 2019. It says that "The respondents range from technical executives to IT security practitioners, representing a balanced cross-section of organizations of varying sizes across multiple industries."

The respondents share a number of worries. A hefty 61% of the respondents said that they are concerned about partners with weak security practices accessing internal applications. The threat of third-party attacks seems to be very much on their minds. This goes along with the 62% of organizations which say their biggest application security challenge is securing access to private apps that are distributed across datacenter and cloud environments.

The report also says that 78% of IT security teams are looking to "embrace" zero trust network access at some point in the future. Nineteen percent are actively implementing zero trust, and 15% already have zero trust in place.

When they were asked about the benefits of zero trust, two thirds of IT security professionals (66%) say they are most excited about zero trust's ability to deliver least privilege access to protect private apps. This is followed by apps no longer being exposed to unauthorized users or the Internet (55%), and access to private apps no longer requiring network access (44%).

BYOD shows itself to still be an IT security reality in 2019 as 57% of organizations were found to be prioritizing secure access from personal, unmanaged devices. The enterprise needs to know what devices it can trust for access routinely, and ZTNA is one path to get to that goal.

The report found that ZT adoption is going rather quickly. Seventy-five percent of enterprises say that they will adopt a zero trust solution for a specific use case within the next 12 months. Thirty-seven percent will adopt in less than nine months. The other 38% will follow suit within 12 months.

The use cases cited by the report for enterprises adopting a zero trust strategy included secure access to private apps running in hybrid and public cloud environments (37%), closely followed by using modern remote access services to replace VPN (33%) and controlling third-party access to private applications (18%).

The majority of IT security teams (59%) plan to embrace a zero trust network access service within the next 12 months. One in ten were said to adopt ZTNA within the next three months.

ZT as a security paradigm is growing, and quickly. While specifics of implementation will keep changing, ZTNA may prove to be a worthy technique in that effort.

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11583
PUBLISHED: 2020-08-03
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
CVE-2020-11584
PUBLISHED: 2020-08-03
A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
CVE-2020-5770
PUBLISHED: 2020-08-03
Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2020-5771
PUBLISHED: 2020-08-03
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive.
CVE-2020-5772
PUBLISHED: 2020-08-03
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file.