This article is part of our Essential Guide: Information security in 2022 – managing constant change

Zero-trust to soar in 2022, but dogged by implementation challenges

IT leaders are keen to invest in zero-trust, but face issues around a lack of expertise, and selling the concept into the C-suite

Globally, organisations are increasingly turning to zero-trust strategies amid intense cloud and network security exposure, and this trend is set to continue in 2022, with about 66% of organisations planning to increase their zero-trust spending, particularly around micro-segmentation initiatives. However, a lack of relevant expertise and stakeholder buy-in still poses challenges.

This is the verdict of a report compiled by Forrester analysts on behalf of zero-trust segmentation specialist Illumio, which surveyed buyers across Asia-Pacific (APAC), Europe, the Middle East and Africa (EMEA) and North America in September 2021. For the bank accounts of zero-trust evangelists, the report contains good news, with 75% of leaders questioned saying zero-trust was important to combat mounting security threats, and 60% saying they had been unprepared for the rapid pace of cloud migration and so were increasingly turning to zero-trust to adapt better to the reality of hybrid IT.

Security leaders are also clear on the organisational benefits of zero-trust, such as increased organisational agility (52%), safer cloud migration (50%) and support for wider digital transformation (48%). The majority of respondents, 78%, said they planned to bolster their zero-trust ops this year, but only 36% have already started this process – and just 6% have achieved what could be termed full implementation.

It may be the challenges around expertise and buy-in that are holding things up for many. Nearly two-thirds of respondents believed their IT and security teams lacked the time, subject expertise and skills to implement best practice for micro-segmentation, and 44% admitted they needed help in identifying and designing an appropriate proof-of-concept pilot – so could not effectively demonstrate the benefits of the technology to the C-suite.

Those that were up and running tended to experience knowledge gaps around the efficient implementation of micro-segmentation, with 62% attempting to use a datacentre firewall and software-defined networking approach but finding this took too long, while more than half of respondents also agreed that such approaches were too expensive and hard to scale.

“As we watch threats evolve and breaches become more devastating, the need to implement zero-trust strategies has never been more urgent,” said PJ Kirner, CTO and co-founder of Illumio.

“Micro-segmentation isn’t an all-or-nothing strategy – the path to a zero-trust posture can be broken into bite-sized phases. Start by gaining visibility to see the risk created by open lateral pathways across your interconnected infrastructure and to the internet. Then, assume breach and secure your data by building security controls that close these risky pathways.

“This incremental approach is a journey that bolsters your security posture to reduce risk and increase cyber resiliency.”

The full report can be downloaded from Illumio’s website.

Read more about zero-trust

  • Two-thirds of APAC organisations have a zero-trust strategy even as they grapple with the lack of skills and other organisational challenges, study finds.
  • Security firm Forcepoint’s Northern EMEA vice-president says that while the term zero-trust is overused, the need for the technology remains high.
  • Zero-trust models are a start, but to improve resilience, they should be augmented and extended to include verification procedures, supply chain security and open source software.

Read more on Network security management