According to Gartner, 63% of organizations globally have either completely or partly adopted a zero-trust policy

As to a Gartner study report, 63% of global organizations have either completely or partly adopted a zero-trust policy. According to the survey, 78% of organizations that have adopted a zero-trust approach allocate less than 25% of their total cybersecurity budget towards this expenditure.

 

In a survey conducted by Gartner for the fourth quarter of 2023, 303 security leaders whose companies had either fully or partially implemented or planned to implement a zero-trust strategy reported that 56% of them are doing so primarily because they view it as an industry best practice.

Despite this notion, businesses are unsure about the best procedures for implementing zero-trust systems. According to John Watts, VP Analyst, KI Leader at Gartner, “for the majority of organizations, a zero-trust strategy typically addresses half or less of an organization’s environment and mitigates one-quarter or less of overall enterprise risk.”

For security executives putting into effect a zero-trust approach, Gartner provided three main top-practice suggestions.

Practice 1: Define the Early Scope of a Zero-Trust Strategy

Organizations must comprehend how much of the environment they cover, which domains are in scope, and how much risk they can manage in order to effectively execute zero-trust, according to Gartner. The whole of an organization’s environment is usually not included in the scope of a zero-trust approach. Only 11% of poll participants thought it will cover less than 10% of the organization’s environment, while 16% claimed it would cover 75% or more.

According to John Watts, “the most important choice for a zero-trust strategy is scope.” There is a limit to how much corporate risk can be reduced, and enterprise risk is much more than what zero-trust controls can handle. But assessing risk mitigation and strengthening security posture is a crucial sign that zero-trust policies are working, he said.

Practice 2: Use Zero-Trust Strategic and Operational Metrics to Communicate Success

According to the survey, 79 percent of organizations that have adopted zero-trust completely or partly have strategic measures to track their progress; of those 79 percent, 89 percent have risk metrics. The CIO or the CEO, president, or board of directors fund 59% of zero-trust efforts. According to John Watts, “zero-trust metrics should be customized for the zero-trust deliverables rather than rehashing metrics used for other areas, like the efficacy of endpoint detection and response.” “Zero-trust initiatives yield certain results, like a decrease in the lateral movement of malware within a network, which are frequently overlooked by current cybersecurity metrics.”

Practice 3: Expect Staffing and Cost Increases, But Not Delays

A zero-trust deployment is expected to result in higher costs, according to 62% of organizations, and more manpower needs, according to 41% of organizations. John Watts said that the effects of a zero-trust strategy on an organization’s budget would differ depending on the extent of the deployment and the strategy’s sturdiness at the outset of planning.

While only 35% of organizations reported experiencing a failure that interfered with the execution of their zero-trust strategy, in order to reduce delays, organizations should establish a zero-trust strategic plan that outlines operational KPIs and measures the efficacy of zero-trust policies.