Recently, Fortinet® (NASDAQ: FTNT), a global network security leader focusing on the integration of network and security, announced the release of the "2023 Global Zero Trust Status Report" and its findings. The report reveals the current status of zero trust security deployment and implementation, as well as the new progress IT teams have made in responding to the security protection of the hybrid office model in the post-epidemic era, and provides an in-depth analysis of the ongoing challenges many organizations face in securing hybrid office network environments .
Zero trust becomes the best practice in the hybrid office era
With the rise of hybrid office models including remote office and mobile office, the demand for network protection has surged. Enterprises quickly discovered that the limitations of traditional VPN technology became increasingly prominent, and a zero trust strategy was the best practice for managing and protecting office users anytime, anywhere. In a zero trust architecture, anyone or anything attempting to connect to the network is considered a potential threat. All users must be authenticated before they are granted minimum access to the corresponding resource.
In April this year, Fortinet commissioned an authoritative organization to launch a special questionnaire survey on 570 IT and security managers in 31 countries and regions. The respondents came from various industries such as the public sector. The resulting "Global Zero Trust Status Report 2023" reveals new progress that IT teams around the world have made in implementing zero trust strategies. Additionally, the report provides insight into a range of challenges IT teams face as they grapple with securing a rapidly changing and expanding network environment.
Here are the key findings from the 2023 State of Zero Trust Report:
Key finding 1: The proportion of zero trust-related deployments has steadily increased
The good news is that since the 2021 survey, the number of respondents who have deployed Zero Trust solutions has increased significantly. The deployed solutions and their proportions are: Secure Web Gateway (SWG) - 75%, Cloud Access Security Broker (CASB) - 72%, Network Access Control (NAC) - 70%, Zero Trust Network Access (ZTNA) - 67%, Next Generation Firewall (NGFW) - 63% and Endpoint Detection and Response (EDR) - 62%.
Although the deployment of multi-factor authentication (MFA) solutions accounted for only 52% of the survey, this is a significant increase from 23% in 2021. As an integral and important part of any zero trust strategy, MFA can effectively prevent unauthorized access to applications and other resources.
Key finding 2: Implementation is often easier said than done
The survey reveals that organizations still face serious challenges in implementing zero trust strategies. Even though organizations are currently deploying more Zero Trust-related products, this year's statistics show that the percentage of actual implementations has decreased. In 2021, 40% of respondents say they have a fully deployed Zero Trust strategy. But in 2023, this proportion will be only 28%. In addition, the number of respondents who are currently advancing their Zero Trust strategy has risen to 66%, up from 54% in 2021.
These data suggest that the actual deployment journey of a Zero Trust strategy may be far more challenging than anticipated. Compared to the previous survey, many organizations that thought they had fully deployed Zero Trust solutions are now revisiting that conclusion. Some problems only manifest after some solutions are in place. As we all know, it is very difficult to achieve coordinated operation of single-point solutions that operate in isolation. Complex operations and fragmented management also lead to daily operations and troubleshooting activities that will consume a lot of IT resources.
In terms of the specific challenges they are currently facing, nearly one-third (31%) of organizations say that access latency is a major challenge that needs to be solved immediately, and nearly one-quarter (22%) of organizations say they still rely too much on traditional VPNs. Clearly, implementing a low-latency solution is critical to a successful ZTNA deployment.
Another interesting finding is that 16 percent of organizations surveyed (compared to 24 percent for small businesses) complained of not having enough product information to select a Zero Trust solution that fits their enterprise needs. 24% of the respondents said that there is a lack of qualified suppliers who can provide comprehensive solutions, and they can only cobble together or deploy single-point solutions by themselves as a stopgap solution.
Key finding 3: Fully integrated and interoperable operations are critical
Many organizations find that layering point solutions from multiple vendors creates new challenges. The overlay and sprawl of suppliers and solutions can lead to unexpected security vulnerabilities and high operating costs. According to surveys, 90% of organizations currently rank supplier and solution integration as very or extremely important. 88% of respondents felt that it was also very or extremely important that products work together. Clearly, full integration and interoperability of suppliers and products is critical to a successful Zero Trust strategy.
For nearly half of respondents (46%), effective collaboration cannot be achieved, resulting in gaps in defenses. 40% of respondents also reported an inability to apply and enforce consistent security policies. Linked to these findings is the high cost of trying to keep point solutions operating in security silos, a difficulty that 43 percent of respondents cite as their greatest current challenge. Other related challenges include poor user experience (39%), performance bottlenecks (36%) and increased management complexity (28%).
Key finding 4: Zero trust should be everywhere
The survey shows that even in the post-epidemic era, many users continue to use the telecommuting model, and 63% of the organizations surveyed said they will continue to adopt a hybrid office model to support users switching between home and corporate offices.
These findings also corroborate findings from Fortinet’s 2023 Global Work Anywhere Report, which showed that 60 percent of companies surveyed continue to work from home and 55 percent are actively supporting hybrid office strategies.
Work users need secure access to distributed applications deployed on-premises or in the cloud, no matter where they are located. 89% of respondents indicated that seamless integration of SASE with other solutions is very or extremely important, reflecting a single vendor that provides converged network and security capabilities for all users and devices in a distributed environment ( SASE) solution value.
Currently, most organizations continue to adopt a hybrid deployment strategy of applications and data. Respondents agree that ZTNA should be able to cover any location to provide comprehensive protection, regardless of where applications and users are located. The main protection area of a hybrid ZTNA strategy should cover the Web Applications (81%), local users (76%), remote users (72%), local applications (64%) and software-as-a-service (SaaS) applications (51%).
Notably, 72% of respondents also indicated challenges in deploying a cloud-only ZTNA. Zero Trust should be everywhere. Organizations urgently need to deploy a common ZTNA solution that provides consistent capabilities and policies to comprehensively protect applications deployed across clouds and on-premises. At the same time, the solution should support a per-user licensing model so that security (and licenses) can be seamlessly covered when anytime, anywhere (WFA) users switch between home and local offices.
Today, organizations need to deploy a fully integrated solution across multiple environments that fully integrates network, security, and efficient access into a single integrated architecture that adapts to where users are, what devices they are using, and the resources they access , for proactive, integrated, and context-aware security.
Integration challenges also require Universal ZTNA
John Maddison, executive vice president of products and chief marketing officer at Fortinet, concluded that the report shows that "although more and more organizations are actively implementing zero trust strategies, they still face challenges related to integration. To successfully implement zero trust strategies, Organizations urgently need to deploy integrated solutions such as Fortinet Universal ZTNA and Universal SASE that support multiple environments and fully converge network and security."