Why do organizations need Zero Trust and identity security solutions?
As I always say, Zero Trust security is a “team sport.” There is no such thing as an off-the-shelf Zero Trust security solution. It takes a village, or rather an ecosystem of technologies, all working integrated and together to achieve this goal.
This is partly due to the growing complexity of company operating models. Today, organizations are significantly more complex than they were just a couple of years ago. Remote employees are accessing key systems and data, there are more applications, and information is now stored and flowing through the cloud. All of these factors are helping to drive this organizational complexity. Companies are also increasingly reliant on their supply chain, which means partners, suppliers, and shippers are now typically directly connected to a company’s systems—and third-party access has proven to be a significant attack vector for threat actors.
As the complexities in the company operating model continue to increase and expand both the risk and impact of a cyberattack, the need for a Zero Trust approach and identity solutions becomes even more critical. However, one very important observation revealed by our study, “Identity Issues Impact Zero Trust Effectiveness,” is that addressing these challenges and achieving this type of integration is not always easy. In fact, it may be a roadblock to timely implementation.
In this blog, I will discuss the significance of integration complexity when it comes to the deployment of Zero Trust and identity security solutions, and the five insights from our report that organizations need to know about the most.
How did we determine the impact of identity issues on Zero Trust?
We know that integration complexity is a key issue for Zero Trust deployments, but how much of an issue is this for organizations today? To zero in on this (no pun intended), we started on this research journey to better understand current identity and zero-trust trends, adoption rates, incidents, solutions used, challenges encountered, new areas of focus, etc. The research also investigated the integration requirements and techniques for zero-trust solutions and how they interact with other key business applications and systems.
The report reviewed key findings from a research survey interviewing more than 300 participants across five continents. This survey group included security teams, IT professionals, and executives.
What was the key finding from the report?
The research paper ultimately revealed a real-world view where zero-trust adoption is pervasive, but implementation is not complete, creating risk as companies try to manage the demands of remote workforces, increased cloud utilization, and interconnected supply chain systems with partners and suppliers.
5 key takeaways about identity issues and Zero Trust effectiveness
There is a lot of great information in the BeyondTrust “Identity Issues Impact Zero Trust Effectiveness” report, but here are the five key takeaways:
1. The research found that almost all respondents had an identity-related incident in the last eighteen months, with 81% indicating two or more incidents.
A significant number of these incidents were related to privileged accounts. Over 70% of companies are still in the process of implementing a Zero Trust approach, which is needed to secure an expanding security perimeter due to increased cloud utilization and remote workers.
2. Nearly all companies indicated they were using multiple vendors and solutions for their Zero Trust strategy, with most using four or more solutions.
Of the companies interviewed, 70% rely on custom coding for integration, often provided by costly third-party services. Eighty-four percent needed several different integration approaches for their Zero Trust defense, complicating the deployment process.
3. Native integration is critical for Zero Trust operations, making it a key selection criterion.
93% of respondents had an identity-related incident in the last eighteen months, with 81% indicating 2 or more incidents. Integration has become a critical issue for many companies, as over 70% of those surveyed removed a security solution simply because it didn’t integrate effectively. Those surveyed reported that gaps in their Zero Trust approach resulted in slower issue resolution, poorer user experiences, incorrect access privileges, manual intervention, compliance issues, and more.
Essentially every company indicated a Zero Trust approach needs to integrate with numerous other business and collaboration applications to ease the burden of integration processes. Integration challenges have led the majority to make native integration a key selection criterion for Zero Trust solutions.
4. Even though we have been talking about Zero Trust for a while now, a large majority of organizations are still in the process of implementing Zero-Trust.
It certainly is more of a journey than a destination. Identity-based access and control is fundamentally intertwined with the effectiveness of a zero-trust security model.
The research investigated the current adoption level of zero-trust in the market, determining that only 24% of companies by their own account have their zero-trust solution fully deployed. Thus, more than three quarters (76%) of companies remain in the process of implementing their zero-trust security defenses. 26% are still at the beginning of the process and are selecting tools and security solutions and establishing processes. Half (50%) are further long, with some tools and processes in place that are still being refined and optimized.
5. Better integration not only saves resources, but time as well, with more than 9 out of 10 companies indicating an integrated ecosystem creates a faster response to security issues and improved compliance.
There is certainly light at the end of the tunnel. Much of this report has focused on the detriments of integration issues and the problems they cause. However, to validate that removing integration issues doesn’t just remove pain and inconvenience, participants were asked about the value of integrated technology ecosystem. 91% stated that integrated zero-trust ecosystems would enable them to respond more quickly to security incidents. And 90% reported that it would increase their company’s ability to achieve compliance requirements.
Integration challenges create risk and inefficiency for organizations
This research concludes that integration requirements can be a roadblock to timely implementation. The integration challenges extend to systems and applications beyond Zero Trust security and identity solutions to a wide variety of business-critical applications. Further, the three-quarters of companies who have yet to fully implement an integrated Zero Trust approach are now vulnerable.
The risk of incomplete Zero Trust solutions can comprise a variety of headline issues, such as breaches and failing to meet compliance requirements. However, this report also finds that an incomplete, non-integrated Zero Trust implementation can drain resources daily. The result can include jobs, technology, and personal tasks becoming harder to do; the security and defense of the enterprise becoming more challenging; and workers and end-users becoming more frustrated.
How can organizations mitigate Zero Trust implementation challenges?
The focus forward for most companies is to make the Zero trust implementation road shorter and less challenging. The mindset needs to move towards a technology ecosystem that integrates well together and out of the box natively. It needs to be a priority and a critical selection criterion.
Access the full “Identity Issues Impact Zero Trust Effectiveness Survey” report here. To learn more about the BeyondTrust integrated ecosystem approach, and how it can help ease the challenges of deploying an effective Zero Trust approach, visit our Technology Alliance site.
David Manks, Vice President, Strategic Alliances
As Vice President of Strategic Alliances, David Manks is responsible for BeyondTrust’s strategic technology alliance partnerships and overall ecosystem of 60+ integration partners.
Manks has over 25 years’ experience as a partner, product, and marketing leader in the software and security space. He brings extensive background and experience to BeyondTrust having led product, marketing, and partner teams for such industry leaders as SailPoint, SonicWall, Dell, BMC, and Citrix.
Manks joined BeyondTrust in 2021 and is passionate about furthering our customer experience and success by enhancing their security and IT infrastructure through our trusted partnerships. He holds a Bachelor's degree in Marketing and Communications from University of South Florida.