Monday, May 27, 2024
spot_img
spot_img

Gartner Survey Reveals 63% of Organizations Worldwide Have Implemented a Zero-Trust Strategy

spot_img
spot_img
spot_img
- Advertisement -

Sixty-three percent of organizations worldwide have fully or partially implemented a zero-trust strategy, according to Gartner, Inc. For 78% of organizations implementing a zero-trust strategy, this investment represents less than 25% of the overall cybersecurity budget.

A fourth quarter 2023 Gartner survey of 303 security leaders whose organizations had already implemented (fully or partially) or are planning to implement a zero-trust strategy found that 56% of organizations are primarily pursuing a zero-trust strategy because it’s cited as an industry best practice.

 Mr. John Watts, VP Analyst, KI Leader at Gartner.
Mr. John Watts, VP Analyst, KI Leader at Gartner.

“Despite this belief, enterprises are not sure what top practices are for zero-trust implementations,” said Mr. John Watts, VP Analyst, KI Leader at Gartner. “For most organizations, a zero-trust strategy typically addresses half or less of an organization’s environment and mitigates one-quarter or less of overall enterprise risk.”

Gartner outlined three primary top-practice recommendations for security leaders implementing a zero-trust strategy.

Practice 1: Establish Scope for a Zero-Trust Strategy Early

To successfully implement zero-trust, organizations need to understand how much of the environment they cover, which domains are in scope and how much risk they can mitigate.

The scope of a zero-trust strategy does not typically include all of an organization’s environment. However, 16% of survey respondents said it will cover 75% or more while only 11% believe it will cover less than 10% of the organization’s environment (see Figure 1).

Figure 1: Percentage of Environment to Cover With Zero-Trust

Source: Gartner (April 2024)

“Scope is the most critical decision for a zero-trust strategy,” said Watts. “Enterprise risk is much broader than the scope of zero-trust controls, and only so much enterprise risk can be mitigated. However, measuring risk reduction and improving security posture is a key indicator of success for zero-trust controls.”

Practice 2: Communicate Success Through Zero-Trust Strategic and Operational Metrics

Seventy-nine percent of organizations that have fully or partially implemented zero-trust, have strategic metrics to measure progress, and of that 79%, 89% have metrics to measure risk.

Security leaders must also keep their audience in mind when communicating these metrics. Fifty-nine percent of zero-trust initiatives are sponsored by either the CIO or CEO/president/board of directors.

“Zero-trust metrics must be tailored for the zero-trust deliverables as opposed to rehashing metrics used for other areas, such as the effectiveness of endpoint detection and response,” said Watts. “Zero-trust efforts deliver on specific outcomes – such as reduction of malware’s lateral movement on a network – often not captured by existing cybersecurity metrics.”

Practice 3: Anticipate Increases in Staffing and Costs but Not Delays

Sixty-two percent of organizations anticipate their cost will increase and 41% of organizations expect their staffing requirements will also increase as a result of a zero-trust implementation.

“The budget impacts of organizations who adopt a zero-trust strategy will vary based on the scope of the deployment as well as how robust the zero-trust strategy is early in the planning process,” said Watts. “Zero-trust initiatives inherently affect the budget as organizations take a systemic and iterative approach to mature their policies toward risk-based and adaptive controls, adding overhead to the organization’s ongoing operational burden.”

While only 35% of organizations said they encountered a failure that disrupted their zero-trust strategy implementation, organizations should have a zero-trust strategic plan outlining operational metrics and measure the effectiveness of zero-trust policies in order to minimize delays.

Covered By: NCN MAGAZINE / Gartner

If you have an interesting Article / Report/case study to share, please get in touch with us at editors@roymediative.com , roy@roymediative.com9811346846/9625243429

- Advertisement -
spot_img
spot_img
spot_img
spot_img