More Than Half of Organizations Face Gaps in Their Zero-Trust Implementations According to a Fortinet Survey
Organizations Struggle to Consistently Authenticate Users and Devices
John Maddison, EVP of Products and CMO at Fortinet
“With the evolving threat landscape, transition to work-from-anywhere, and the need to securely manage applications in the cloud, the shift from implicit trust to zero trust is top of mind for organizations. Our survey shows while most organizations have some form of a zero-trust strategy in place, they fall short of a holistic strategy and struggle to implement some core zero-trust security basics. An effective solution requires a cybersecurity mesh platform approach to address all zero-trust fundamentals across the infrastructure, including endpoint, cloud, and on-premises, otherwise the result is a partial, non-integrated solution that lacks broad visibility.”
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated, and automated cybersecurity solutions, today unveiled the Global State of Zero Trust Report. The survey reveals that while most organizations have a vision of zero trust or are in the process of implementing zero-trust initiatives, more than half of organizations cannot translate this vision into the solutions they are implementing because they lack some basic core fundamentals of zero trust. For a detailed view of the findings and some important takeaways read the blog. Highlights of the report follow:
A FortiGuard Labs Threat Landscape Report demonstrated an increase in the volume and sophistication of attacks targeting individuals, organizations, and increasingly critical infrastructure. Organizations are looking for solutions to protect against these evolving threats and zero trust is top of mind, but for multiple reasons. Additionally, the shift to work-from-anywhere has put a spotlight on zero-trust network access (ZTNA) in particular, as organizations need to protect important assets from workers connecting from poorly protected home networks.
Confusion Over Defining Zero-Trust Strategies
The report illustrates some confusion about what comprises a complete zero-trust strategy. Respondents indicated they understand zero trust (77%) and ZTNA (75%) concepts and over 80% reported already having a zero-trust and/or ZTNA strategy in place or development. Yet, over 50% indicated being unable to implement core zero-trust capabilities. Nearly 60% indicated they do not have the ability to authenticate users and devices on an ongoing basis and 54% struggle to monitor users post-authentication.
This gap is concerning because these functions are critical tenets of zero-trust and it brings into question what the actual reality of these implementations is across organizations. Adding to the confusion are the terms “Zero Trust Access” and “Zero Trust Network Access,” which are used sometimes interchangeably.
Zero Trust Is Top of Mind and Priorities Are Varied
Priorities for zero trust are “minimizing the impact of breaches and intrusions" followed closely by "securing remote access" and "ensuring business or mission continuity." "Improving user experiences" and "gaining flexibility to provide security anywhere" were also top priorities.
“Security across the entire digital attack surface” was the single most important benefit cited by respondents, followed by a "better user experience for remote work (VPN)."
A vast majority of the survey respondents believe that it is vital for zero-trust security solutions to be integrated with their existing infrastructure, work across cloud and on-premises environments, and be secure at the application layer. However, more than 80% of respondents indicated that it is challenging to implement a zero-trust strategy across an extended network. For organizations without a strategy in place or development, obstacles included a lack of skilled resources with 35% of organizations using other IT strategies to address zero trust.
About the Zero-Trust Report:
The report is based on a global survey of IT decision-makers aimed at better understanding how far along organizations are in their zero-trust journey. The survey is intended to better understand the following:
- How well zero trust and ZTNA are understood
- The perceived benefits and challenges in implementing a zero-trust strategy
- Adoption of and the elements included in a zero-trust strategy
The survey was conducted in September 2021 with 472 IT and security leaders from 24 different countries, representing nearly all industries, including the public sector.
- Read the blog for valuable takeaways from this survey or access the full report.
- Learn about how to better secure access for remote users to applications anywhere with Fortinet Zero Trust Network Access.
- Learn more about how the Zero Trust Education Pathway including certifications from the Fortinet NSE Institute can help you navigate the knowledge, skills and abilities needed to grow your career in Zero Trust Access.
- Watch how Fortinet makes possible a digital world you can always trust, and view how the Fortinet Security Fabric platform delivers broad, integrated, and automated protection across an organization’s entire digital infrastructure.
- Read more about how Fortinet customers are securing their organizations.
- Engage in the Fortinet User Community (Fuse). Share ideas and feedback, learn more about our products and technology, and connect with peers.
- Follow Fortinet on Twitter, LinkedIn, Facebook, and Instagram. Subscribe to Fortinet on YouTube.
Fortinet (NASDAQ: FTNT) makes possible a digital world that we can always trust through its mission to protect people, devices, and data everywhere. This is why the world’s largest enterprises, service providers, and government organizations choose Fortinet to securely accelerate their digital journey. The Fortinet Security Fabric platform delivers broad, integrated, and automated protections across the entire digital attack surface, securing critical devices, data, applications, and connections from the data center to the cloud to the home office. Ranking #1 in the most security appliances shipped worldwide, more than 550,000 customers trust Fortinet to protect their businesses. And the Fortinet NSE Training Institute, an initiative of Fortinet’s Training Advancement Agenda (TAA), provides one of the largest and broadest training programs in the industry to make cyber training and new career opportunities available to everyone. Learn more at https://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.
Copyright © 2022 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiCare, FortiManager, FortiAnalyzer, FortiOS, FortiADC, FortiAP, FortiAppMonitor, FortiASIC, FortiAuthenticator, FortiBridge, FortiCache, FortiCamera, FortiCASB, FortiClient, FortiCloud, FortiConnect, FortiController, FortiConverter, FortiDB, FortiDDoS, FortiExplorer, FortiExtender, FortiFone, FortiCarrier, FortiHypervisor, FortiIsolator, FortiMail, FortiMonitor, FortiNAC, FortiPlanner, FortiPortal, FortiPresence , FortiProxy, FortiRecorder, FortiSandbox, FortiSIEM, FortiSwitch, FortiTester, FortiToken, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLCOS and FortiWLM.
Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments. This news release may contain forward-looking statements that involve uncertainties and assumptions, such as statements regarding technology releases among others. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange Commission, located at www.sec.gov, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialize or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements, and expressly disclaims any obligation to update these forward-looking statements.