Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Network Security

// // //
11/5/2019
04:50 AM
Larry Loeb
Larry Loeb
Larry Loeb

75% of Enterprises Will Adopt a Zero Trust Solution Within a Year – Zscaler

Zero Trust Network Access (ZTNA) services are built to ensure that only authorized users can access specific applications on a network based on business policies.

Zscaler commissioned a report by Cybersecurity Insiders named 2019 Zero Trust Adoption Report. It is the first report to look at enterprise adoption of Zero Trust Network Access (ZTNA). ZTNA services are built to ensure that only authorized users can access specific applications on a network based on business policies.

The report surveyed 315 "IT and cybersecurity" professionals in the US in July and August of 2019. It says that "The respondents range from technical executives to IT security practitioners, representing a balanced cross-section of organizations of varying sizes across multiple industries."

The respondents share a number of worries. A hefty 61% of the respondents said that they are concerned about partners with weak security practices accessing internal applications. The threat of third-party attacks seems to be very much on their minds. This goes along with the 62% of organizations which say their biggest application security challenge is securing access to private apps that are distributed across datacenter and cloud environments.

The report also says that 78% of IT security teams are looking to "embrace" zero trust network access at some point in the future. Nineteen percent are actively implementing zero trust, and 15% already have zero trust in place.

When they were asked about the benefits of zero trust, two thirds of IT security professionals (66%) say they are most excited about zero trust's ability to deliver least privilege access to protect private apps. This is followed by apps no longer being exposed to unauthorized users or the Internet (55%), and access to private apps no longer requiring network access (44%).

BYOD shows itself to still be an IT security reality in 2019 as 57% of organizations were found to be prioritizing secure access from personal, unmanaged devices. The enterprise needs to know what devices it can trust for access routinely, and ZTNA is one path to get to that goal.

The report found that ZT adoption is going rather quickly. Seventy-five percent of enterprises say that they will adopt a zero trust solution for a specific use case within the next 12 months. Thirty-seven percent will adopt in less than nine months. The other 38% will follow suit within 12 months.

The use cases cited by the report for enterprises adopting a zero trust strategy included secure access to private apps running in hybrid and public cloud environments (37%), closely followed by using modern remote access services to replace VPN (33%) and controlling third-party access to private applications (18%).

The majority of IT security teams (59%) plan to embrace a zero trust network access service within the next 12 months. One in ten were said to adopt ZTNA within the next three months.

ZT as a security paradigm is growing, and quickly. While specifics of implementation will keep changing, ZTNA may prove to be a worthy technique in that effort.

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Black Hat USA 2022 Attendee Report
Black Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-35942
PUBLISHED: 2022-08-12
Improper input validation on the `contains` LoopBack filter may allow for arbitrary SQL injection. When the extended filter property `contains` is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data ...
CVE-2022-35949
PUBLISHED: 2022-08-12
undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or `//127.0.0.1` ```js con...
CVE-2022-35953
PUBLISHED: 2022-08-12
BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was patche...
CVE-2022-35956
PUBLISHED: 2022-08-12
This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 `update_by_case` gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgra...
CVE-2022-35943
PUBLISHED: 2022-08-12
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechanism with CodeIgniter ...