Firms continue to face challenges in implementing their zero-trust strategies

While high-profile data breaches are driving enterprises to move to zero-trust security approach over the last few years, a new research report published on Monday by cybersecurity solutions company Fortinet said that nearly half of the technology leaders (48%) indicated a lack of integration between the zero-trust solutions deployed on-premises and in the cloud is creating significant challenges.

The zero-trust framework operates on the assumption that all devices and users, even those within the network perimeter, are already compromised. The 2023 State of Zero Trust report by Fortinet said that the process of implementation is 66%, up from 54% in 2021 as companies are leveraging the approach to minimise the impacts of a breach. Further, research firm Gartner has also predicted that by 2025, over 60% of organisations will embrace a zero-trust security strategy.

As the legacy approach or perimeter-based cybersecurity is becoming less effective, zero trust lets enterprises securely and selectively connect users to applications, data, services and systems on a one-to-one basis, whether the resources live on premises or in the cloud and regardless of where users are working.

In reality, however, integration continues to be a key challenge for the enterprise. As Tarun Kaura, partner in the risk advisory practice at IT consulting firm Deloitte noted that despite the several benefits of implementing zero trust in improving the security posture, it often becomes difficult to force fit zero trust in your existing legacy systems and applications that are built with perimeters in mind. And this can pose different security challenges, increasing risks and can be costly and time-consuming.

Security researchers also point out application latency, and a lack of reliable information to help select and design a zero-trust solution are other challenges organisation are facing when it comes to adopting zero-trust approach.

“What’s compounding this problem is that the cyber security industry is grappling with an ongoing skill shortage, resulting in numerous unfilled vacancies. They struggle with new frameworks and models, such as zero trust,” Sunil Chemmankotil, chief executive of staffing firm TeamLease Digital said. 

For example, according to a report published by staffing firm TeamLease Digital on 21 June, the industry saw more than 40,000 job postings in the first five months of 2023. However, nearly 30% of them remained vacant despite strong demand due to lack of adequate skills, it said.

Survey respondents of the Fortinet study also acknowledge that it is vital for zero-trust security solutions to be integrated with their infrastructure, work across cloud and on-premises environments, and be secure at the application layer — something it sees lacking in most zero trust solutions resulting to increased complication in deploying this security practice. The consolidation of vendors and solution interoperability is also crucial, as deploying solutions from multiple vendors has led to challenges such as the introduction of new security gaps and high operations costs, the same study pointed out.

Kaura believes despite challenges, concepts such as zero trust will continue to gain momentum as it is a more robust and resilient security posture.

Cyber security players such as Fortinet, Palo Alto Networks, CrowdStrike, Okta and Microsoft, among others are leading the space, bringing new innovative solutions around zero trust to bring additional security across cloud, on-premise and super cloud architecture, irrespective of physical location. However, he also pointed out, “The success and effectiveness of any cyber security strategy rests on the ‘human factor’ where the cyber quotient of every employee, from the management to the fresher who just onboarded, is improved through better trainings, enforcements, and involvement.”