According to cyber security solutions firm Fortinet in its Global State of Zero Trust Report there has been an increase in the volume and sophistication of attacks targeting individuals, organisations, and increasingly critical infrastructure.
Fortinet says organisations are looking for solutions to protect against these evolving threats and zero trust is top of mind, but for multiple reasons.
According to Fortinet, additionally, the shift to work-from-anywhere has put a spotlight on zero-trust network access (ZTNA) in particular, as organisations need to protect important assets from workers connecting from poorly protected home networks.
Fotinet cautions that its report illustrates some confusion about what comprises a complete zero-trust strategy.
“Respondents indicated they understand zero trust (77 per cent) and ZTNA (75 per cent) concepts and over 80 per cent reported already having a zero-trust and/or ZTNA strategy in place or development,” notes Fortinet.
“Yet, over 50 per cent indicated being unable to implement core zero-trust capabilities. Nearly 60 per cent indicated they do not have the ability to authenticate users and devices on an ongoing basis and 54 per cent struggle to monitor users post-authentication.”
Fortinet warns that this gap is concerning because these functions are critical tenets of zero-trust and it brings into question what the actual reality of these implementations is across organisations.
“Adding to the confusion are the terms 'Zero Trust Access' and 'Zero Trust Network Access,' which are used sometimes interchangeably,” says Fortinet.
John Maddison, EVP of products and CMO, Fortinet, said, “With the evolving threat landscape, transition to work-from-anywhere, and the need to securely manage applications in the cloud, the shift from implicit trust to zero trust is top of mind for organisations.
“Our survey shows while most organisations have some form of a zero-trust strategy in place, they fall short of a holistic strategy and struggle to implement some core zero-trust security basics.
“An effective solution requires a cybersecurity mesh platform approach to address all zero-trust fundamentals across the infrastructure, including endpoint, cloud, and on-premises, otherwise the result is a partial, non-integrated solution that lacks broad visibility.”