Zero trust security models are gaining traction globally, with a recent Gartner survey revealing that 63% of organizations have begun implementing such strategies. However, a considerable number of these organizations are still in the early stages, with 58% reporting that less than half of their environments are covered by zero trust measures.
John Watts, a vice president analyst at Gartner, emphasizes that while most organizations have a strategy in place, many security leaders are still working through necessary technological and architectural changes. The journey toward a zero trust model involves not just technological upgrades but cultural shifts within organizations as well.
Mary Carmichael, a director at Momentum Technology, underscores the importance of fostering a security-focused culture within organizations. She emphasizes that for zero trust to be successfully adopted, all stakeholders must understand its principles and agree on the necessary changes. Her experience reflects the broader challenge of managing organizational change while implementing complex security architectures.
Similarly, Niel Harper, formerly CISO at the United Nations Office for Project Services, highlights the importance of balancing security with usability. By instituting a phased approach and engaging users in focus groups, he aimed to implement zero trust controls without detracting from the user experience. This reflects a common concern among organizations: how to enhance security without complicating access for legitimate users.
Srivatsan Raghavan’s story from OHLA USA is another example of an organization re-evaluating its security measures post-breach. His approach combines elements from established frameworks like those from NIST and Microsoft, showcasing a trend where organizations look to unify people, processes, and technologies in their pursuit of robust security frameworks.