Fortinet Survey Indicates Gaps in Zero Trust Implementation

In cybersecurity, zero-trust has been a hot topic for years, and most experts support the concepts behind the zero-trust security model. Instead of assuming anyone or anything that has gained access to the network can be trusted, zero-trust assumes the opposite. Nothing can be trusted anywhere, whether outside or inside the network perimeter.

According to a new survey from Fortinet, although many organizations have a vision for zero-trust, that vision isn’t necessarily being translated into the solutions they’re able to put in place. And granting too much trust can have dire consequences. According to IBM, the global average cost of a data breach is now at a whopping $4.24M. That said, it’s no surprise that more organizations are looking to shift from implicit trust to zero trust.

The Gap Between Ideas and Reality

The survey showed that organizations see the benefits of the zero-trust security model. When organizations were asked what they perceived as the most significant benefit of a zero-trust solution, 22% said, “security across the entire digital attack surface,” followed closely by “better user experience for remote work (VPN)”.

Not only do organizations believe in zero-trust, a vast majority of the survey respondents reported that they already have a zero trust and/or ZTNA strategy in place or development. And 40% report that their strategy is fully implemented.

But here’s where zero-trust ideas crash into reality. More than half of the respondents don’t have the ability to authenticate users and devices on an ongoing basis and are struggling to monitor users post-authentication.

These functions are critical tenets of the zero-trust philosophy, which makes you wonder what type of zero-trust implementation these organizations actually have. It’s possible that although the survey respondents feel they have implemented zero trust, they may not truly have done so. Or perhaps, that they have incomplete deployments.

Either way, the resulting lack of security is concerning.

Maybe Zero Trust Is Harder Than We Thought

Interestingly, although respondents reported that they understand zero-trust concepts, more than 80% felt that implementing a zero-trust strategy across an extended network wasn’t going to be easy. Most of them (60%) report it would be moderately or very difficult, and another 21% said it would be extremely difficult.

Survey respondents almost universally acknowledge that it is vital for zero-trust security solutions to be integrated with their infrastructure, work across cloud and on-premises environments, and be secure at the application layer.

However, even realizing the importance of integration, the most prominent challenge organizations report facing in building a zero-trust strategy is the lack of qualified vendors with a complete solution.

Zero Trust Needs to Happen

With more organizations supporting remote work and work-from-anywhere initiatives, zero-trust is not likely to go away. The more people work from anywhere, the less secure a traditional perimeter-based approach becomes. Because the zero-trust philosophy is about “securing work and learning everywhere,” it is a good way to secure hybrid working models and should be included as part of any comprehensive cybersecurity strategy.

An effective zero trust solution requires elements designed to work together as an integrated system to prevent the types of security and management gaps that have challenged survey respondents. For example, the Fortinet Security Fabric unifies the broad portfolio of Fortinet zero trust, endpoint, and network security solutions to deliver security, services, and threat intelligence that can automatically follow users across distributed networks. This unified approach enables proactive, integrated, and context-aware security that automatically adapts to where users are, what device they are using, and what resources they are accessing.