Enterprises digitally transforming their operations while building a flexible and globally distributed workforce need a security approach which reflects these major changes.
Zero Trust focuses on securing applications and data with an emphasis on continuous verification and automated enforcement. This is vital in an era of rising threats, where cyber attackers can access networks and bring entire business operations to a halt.
According to the 2023 Cyber Security Breaches Survey1, 59% of medium-sized businesses and 69% of large businesses had experienced a breach or attack in the last twelve months.
Foundry’s 2022 Security Priorities Study2 found that Zero Trust was in the top three technologies security leaders were looking to spend their budgets on, and that 80% of IT decision makers had made some kind of movement toward Zero Trust.
Yet adopting Zero Trust isn’t straightforward. Gartner3 has predicted that 60% of organisations will embrace Zero Trust as a starting point for security by 2025, but that more than half will fail to realise the benefits.
Why? We can break it down into five core challenges.
1. There is no one-stop solution
Firstly, Zero Trust is a framework rather than a solution. It’s not something that enterprises can just purchase and deploy. As Gartner4 puts it, they have to see it as ‘both a security principle and an organisational vision’ that ‘requires a cultural shift and clear communication that ties it into business outcomes.’ Businesses need to understand the Zero Trust mindset, then plan and execute the shift meticulously. Many find it difficult to find the right starting point, or even know if they’re doing the right thing.
2. Lack of integration
As a corollary, the lack of a single solution means that businesses need to forge their own, integrating multiple products, services and tools from different vendors. In the words of Herb Kelsey5, Industry CTO for Government at Dell Technologies: “Zero Trust implementation is often a hodgepodge process, with dozens of solutions that solve singular problems but few integration options available.
“Often the onus falls on the customer to fuse these disparate solutions together.”
This is risky, as applying Zero Trust in a piecemeal fashion can leave key parts of the network open to attack.
3. Securing legacy technology
To add to the complexity, many businesses have to work with existing technology that might not fit comfortably within a Zero Trust framework. Legacy infrastructure and applications poses challenges, but shadow IT programs and departmental data siloes can also complicate the work. Identifying resources and managing user privileges is at the heart of Zero Trust, and many firms don’t have the visibility required.
4. The work is never done
This is just one reason why Zero Trust is so labour intensive, not just in terms of integrating solutions, securing network resources and setting up access controls, but in the continuous appraisal and maintenance of the system. Businesses need rigorous processes in place to build and manage identities, or risk leaving gaps that future threats will be able to exploit.
5. Disruption is inevitable
Finally, moving to Zero Trust invariably involves disruption. It may initially make it harder for users to access resources, and there are numerous things that can go wrong with access rights and conflicts with existing systems. This can hinder productivity, and if users don’t understand the mindset and the business value, there may be pushback.
There’s no easy answer to these challenges, but enterprises can maximise their chances of success by starting small, scaling slowly, planning carefully and watching for gaps along the way.
They can also partner with technology providers like Dell Technologies and VMware that have established expertise in Zero Trust, and the products and solutions that can establish a secure foundation.
Dell has launched Project Fort Zero, an industry initiative bringing more than 30 leading technology vendors together to accelerate the path to Zero Trust. Meanwhile, VMware has integrated Zero Trust principles within its technology stack, and through its digital workspace platform, Workspace ONE.
Find out more about the Dell and VMware partnership now.
1 UK Government, Cyber security breaches survey 2023, March 2023
2 Foundry Security Priorities Study 2022, September 2022
3 Gartner, Gartner Unveils the Top Eight Cybersecurity Predictions for 2022-23, June 2022
5 Dell Technologies, How can a Zero Trust security model help my business? May 2023