According to a recently released Tripwire survey, most security professionals in the private and public sector described their zero trust security adoption as either progressing, or even well-developed, but also in need of more work.
The survey evaluated the opinions of 306 security professionals, including 103 currently working for a Federal agency, with direct responsibility for security within their organization.
Overall, the survey found that Federal government officials reported slightly better progress toward adopting zero trust security architectures. Specifically, 25 percent of the Federal officials surveyed believed their zero trust adoption was fully implemented and mature, compared to the 10 percent outside of the Federal space.
Eighty-eight percent of security professionals outside the Federal space said their organization’s zero trust adoption was in process, and 61 percent believed it was well developed, but still needed work. By contrast, 31 percent of Federal officials said their zero trust architecture was well developed, but also still needed work.
Overall, both Federal and non-governmental personnel agreed that the switch to zero trust security could materially improve cybersecurity outcomes. However, only 22 percent predicted that the chance of that happening was highly likely, while 53 percent believed it was somewhat likely.
Additionally, the survey found that most security officials look to Federal guidelines as the top source for obtaining zero trust strategies and best practices, followed by information from security solutions vendors, consultants, and analysts.
“It’s clear that organizations – both public and private sector – are seeking further guidance from the federal government,” Tim Erlin, vice president of strategy at Tripwire, said in a press release. “Generally, long-term enforcement and implementation of cybersecurity policy will take time, but it’s important that agencies lay out a plan and measure execution against that plan to protect our critical infrastructure and beyond.”
Additionally, security officials agreed that integrity monitoring is foundational to a successful zero trust strategy, or at least somewhat important. Still, only 22 percent considered measuring integrity and security posture as a core tenet of a zero trust architecture.
“It’s promising to see progress toward Zero Trust implementation, but lack of focus on integrity is where we fall short,” said Erlin. “Maintaining and understanding the integrity of an organization’s people, processes and technology is the foundation of strong Zero Trust architecture and should be prioritized as such. Simply put, you can’t have Zero Trust without integrity.”