Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Network Security

11/5/2019
04:50 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

75% of Enterprises Will Adopt a Zero Trust Solution Within a Year – Zscaler

Zero Trust Network Access (ZTNA) services are built to ensure that only authorized users can access specific applications on a network based on business policies.

Zscaler commissioned a report by Cybersecurity Insiders named 2019 Zero Trust Adoption Report. It is the first report to look at enterprise adoption of Zero Trust Network Access (ZTNA). ZTNA services are built to ensure that only authorized users can access specific applications on a network based on business policies.

The report surveyed 315 "IT and cybersecurity" professionals in the US in July and August of 2019. It says that "The respondents range from technical executives to IT security practitioners, representing a balanced cross-section of organizations of varying sizes across multiple industries."

The respondents share a number of worries. A hefty 61% of the respondents said that they are concerned about partners with weak security practices accessing internal applications. The threat of third-party attacks seems to be very much on their minds. This goes along with the 62% of organizations which say their biggest application security challenge is securing access to private apps that are distributed across datacenter and cloud environments.

The report also says that 78% of IT security teams are looking to "embrace" zero trust network access at some point in the future. Nineteen percent are actively implementing zero trust, and 15% already have zero trust in place.

When they were asked about the benefits of zero trust, two thirds of IT security professionals (66%) say they are most excited about zero trust's ability to deliver least privilege access to protect private apps. This is followed by apps no longer being exposed to unauthorized users or the Internet (55%), and access to private apps no longer requiring network access (44%).

BYOD shows itself to still be an IT security reality in 2019 as 57% of organizations were found to be prioritizing secure access from personal, unmanaged devices. The enterprise needs to know what devices it can trust for access routinely, and ZTNA is one path to get to that goal.

The report found that ZT adoption is going rather quickly. Seventy-five percent of enterprises say that they will adopt a zero trust solution for a specific use case within the next 12 months. Thirty-seven percent will adopt in less than nine months. The other 38% will follow suit within 12 months.

The use cases cited by the report for enterprises adopting a zero trust strategy included secure access to private apps running in hybrid and public cloud environments (37%), closely followed by using modern remote access services to replace VPN (33%) and controlling third-party access to private applications (18%).

The majority of IT security teams (59%) plan to embrace a zero trust network access service within the next 12 months. One in ten were said to adopt ZTNA within the next three months.

ZT as a security paradigm is growing, and quickly. While specifics of implementation will keep changing, ZTNA may prove to be a worthy technique in that effort.

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-36343
PUBLISHED: 2022-01-24
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
CVE-2021-36349
PUBLISHED: 2022-01-24
Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts.
CVE-2021-43588
PUBLISHED: 2022-01-24
Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.
CVE-2021-43589
PUBLISHED: 2022-01-24
Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on...
CVE-2021-45222
PUBLISHED: 2022-01-24
An issue was discovered in COINS Construction Cloud 11.12. Due to logical flaws in the human ressources interface, it is vulnerable to privilege escalation by HR personnel.