Fortinet study - Companies struggle with ZTNA
Fortinet
More than half of organisations have gaps in their zero-trust implementations, according to a Fortinet survey. Companies struggle with consistent authentication of users and devices
"With the evolving threat landscape, the move to location agnostic working and the need to securely manage applications in the cloud, the shift from implicit trust to zero trust is of paramount importance to enterprises. Our survey shows that while most organisations have some form of zero trust strategy in place, they do not have a holistic strategy and struggle to implement some basic zero trust security measures. An effective solution requires a cybersecurity mesh platform approach to address all zero trust fundamentals across the infrastructure, including endpoint, cloud and on-premise."
John Maddison, EVP of Products and CMO at Fortinet
Fortinet, a global leader in comprehensive, integrated and automated cybersecurity solutions, has released the Global State of Zero Trust Report. The survey shows that while most organisations have a vision of Zero Trust or are in the process of implementing Zero Trust initiatives, more than half fail to translate that vision into the solutions they implement because they lack some of the fundamental principles of Zero Trust. Highlights of the report follow:
A FortiGuard Labs Threat Landscape Report shows that attacks on individuals, organisations and, increasingly, critical infrastructure are becoming more extensive and sophisticated. Organisations are looking for solutions to protect themselves from these new threats, and Zero Trust is at the top of the list, but for a number of reasons. In addition, the shift to location-independent working has brought Zero Trust Network Access (ZTNA) into particular focus, as organisations need to protect critical assets from employees connecting from poorly protected home networks.
Confusion over the definition of zero trust strategies
The report shows some confusion about what constitutes a full zero-trust strategy. Respondents indicated that they understand the concepts of zero trust (77%) and ZTNA (75%), and over 80% indicated that they already have or are developing a zero trust and/or ZTNA strategy. Yet, over 50% reported that they are not able to implement core zero trust capabilities. Almost 60% said they are unable to authenticate users and devices continuously, and 54% have difficulty monitoring users after authentication.
This discrepancy is worrying as these features are critical tenets of the zero-trust concept and it raises questions about the actual reality of these implementations in different organisations. Adding to the confusion are the terms "zero trust access" and "zero trust network access", which are sometimes used interchangeably.
Zero Trust is high on the agenda and the priorities are diverse
The priorities for Zero Trust are "minimising the impact of breaches and intrusions", closely followed by "securing remote access" and "ensuring business or mission continuity". "Improving user experience" and "flexibility to provide security anywhere" are other top priorities.
"Security across the digital attack surface" was the top benefit cited by respondents, followed by "better user experience when working remotely (VPN)".
The vast majority of survey participants believe that zero-trust security solutions absolutely must integrate with existing infrastructure, work in cloud and on-premises environments, and be secure at the application layer. However, more than 80% of respondents said it is challenging to implement a zero-trust strategy across a sprawling network. Among the barriers for companies that do not yet have or are developing a strategy is a lack of skilled resources. 35 % of companies use other IT strategies to achieve zero trust.
About the Zero Trust Report
The report is based on a global survey of IT decision-makers aimed at better understanding where organisations are on their journey to zero trust. The survey is intended to lead to a better understanding of the following:
- How well zero trust and ZTNA are understood
- The perceived benefits and challenges of implementing a zero trust strategy
- Acceptance and elements of a Zero Trust strategy
The survey was conducted in September 2021 among 472 IT and security managers from 24 different countries representing almost all industries, including the public sector.
If you are interested in a Fortinet ZTNA solution, or any other product from our portfolio, please feel free to contact us via phone, email or our contact form.