Zscaler commissioned a report by Cybersecurity Insiders named 2019 Zero Trust Adoption Report. It is the first report to look at enterprise adoption of Zero Trust Network Access (ZTNA). ZTNA services are built to ensure that only authorized users can access specific applications on a network based on business policies.
The report surveyed 315 "IT and cybersecurity" professionals in the US in July and August of 2019. It says that "The respondents range from technical executives to IT security practitioners, representing a balanced cross-section of organizations of varying sizes across multiple industries."
The respondents share a number of worries. A hefty 61% of the respondents said that they are concerned about partners with weak security practices accessing internal applications. The threat of third-party attacks seems to be very much on their minds. This goes along with the 62% of organizations which say their biggest application security challenge is securing access to private apps that are distributed across datacenter and cloud environments.
The report also says that 78% of IT security teams are looking to "embrace" zero trust network access at some point in the future. Nineteen percent are actively implementing zero trust, and 15% already have zero trust in place.
When they were asked about the benefits of zero trust, two thirds of IT security professionals (66%) say they are most excited about zero trust's ability to deliver least privilege access to protect private apps. This is followed by apps no longer being exposed to unauthorized users or the Internet (55%), and access to private apps no longer requiring network access (44%).
BYOD shows itself to still be an IT security reality in 2019 as 57% of organizations were found to be prioritizing secure access from personal, unmanaged devices. The enterprise needs to know what devices it can trust for access routinely, and ZTNA is one path to get to that goal.
The report found that ZT adoption is going rather quickly. Seventy-five percent of enterprises say that they will adopt a zero trust solution for a specific use case within the next 12 months. Thirty-seven percent will adopt in less than nine months. The other 38% will follow suit within 12 months.
The use cases cited by the report for enterprises adopting a zero trust strategy included secure access to private apps running in hybrid and public cloud environments (37%), closely followed by using modern remote access services to replace VPN (33%) and controlling third-party access to private applications (18%).
The majority of IT security teams (59%) plan to embrace a zero trust network access service within the next 12 months. One in ten were said to adopt ZTNA within the next three months.
ZT as a security paradigm is growing, and quickly. While specifics of implementation will keep changing, ZTNA may prove to be a worthy technique in that effort.
— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.