New research finds that more organisations are turning to zero trust for device access, but adoption rates are being held back by implementation challenges.
The findings arrive out of “Zero Trust and the Challenge of Device Security”, a study conducted by Infinipoint which explores the difficulties inherent in device security in the digital era, along with the potential for zero trust security models as the basis of long-term business strategy.
Taking in the views of 388 IT and security professionals, experts found that 68% of respondents want zero trust for device security, but more than half (56%) have said they are not yet implementing the model. As such, analysts are observing a notable split between intention and action.
Of all those polled, around 30% said they have either completed a zero trust implementation or are making progress in the journey. Among respondents who said they have an active zero trust model in their organisation today, just 42% have enabled it for devices, the 4th lowest category behind zero trust for networks, user access and applications.
Other obstacles impeding implementing zero trust for device access include concerns around IT support issues, administrative burden, disruption to end user access and lack of remediation options.
Respondents stated that updating software patch levels for critical vulnerabilities was one of the biggest security challenges they face (33%). Further, 31% identified gaining visibility into which devices are accessing which services as a significant challenge.
Trends such as remote work are exacerbating devices’ tendency to expose organisations to cyber risk, experts concluded. Unsurprisingly, more than 82% of IT and security professionals agreed that the increase in remote workers has increased overall organisational risk.
Surprisingly, only 27% of respondents shared that they were “very confident” that end-user devices connecting to company applications were secure. However, 63% claimed that they were “somewhat confident.”
To help mitigate risk, 69% of respondents reported that it is very important that only devices that have been validated to be compliant with their organisation’s security policy are allowed to access corporate services and applications. In addition, over half considered security posture checks continuously upon user access to be “very important.” On the other hand, only 28% of respondents said they are conducting security posture checks. Even fewer are doing it continuously, with only 35% of those doing security posture checks continuously upon access.
To stop device-related threats, most of the respondents said they rely on firewalls, with 70% using malware or antivirus protection, 68% implementing endpoint protection platforms (EPP), and 51% using extended detection and response (XDR) solutions. However, even with a combination of these tools in place, confidence in current device security is low.
Ran Lampert, co-founder and CEO, Infinipoint, said:
“Zero trust offers a way to bolster device security posture for end user devices and access control but legacy tools have not fully addressed the implementation obstacles to apply zero trust to device access.”
PrivSec World Forum
Part of the Digital Trust Europe Series - will take place through May, June & July 2022, visiting five major cities;
PrivSec World Forum is a two-day, in-person event taking place as part of the Digital Trust Europe series. Data protection, privacy and security are essential elements of any successful organisation’s operational make-up. Getting these things right can improve stakeholder trust and take any company to the next level.
PrivSec World Forum will bring together a range of speakers from world-renowned companies and industries—plus thought leaders and experts sharing case studies and their experiences—so that professionals from across all fields can listen, learn and debate.