2023 Zero Trust Security Report

How 400 cybersecurity professionals think about, prioritize, and implement a zero trust security approach

The 2023 Zero Trust Security Report reveals how enterprises are implementing zero trust security in their organizations, including key drivers, adoption trends, technologies, investments, and benefits. Cybersecurity Insiders and Fortra worked together on this important research project. Our hope is that readers find the report informative and helpful in the continuation of efforts to protect IT environments.

Key Findings 

Despite zero trust’s importance, knowledge and readiness gaps persist.

Many cybersecurity teams buckle at the overhead that a zero trust framework implies. Some companies aren’t ready to spend what it takes to do it properly. This may be reflected in the survey, in which only 15% of respondents indicated Zero Trust Network Access (ZTNA) was “already implemented” while another 9% said they had “no plans” to implement. Despite its fad-like identity, zero trust is an important security trend and ongoing philosophy that should take a key role in improving an organization’s security maturity. And zero trust is not something organizations can ever mark “complete.” Rather, zero trust is a journey, and continuous steps in the right direction will contribute to success and support incremental improvement. 

Are over-privileged users the problem?

Respondents were divided. In one question, it was surprising to see that less than 25% of organizations’ security incidents were believed to have been as a result of over-privileged users. This could indicate that respondents either misrepresented the root cause of events, or perhaps there’s been a shift in strategy and compromise methods away from the user space and into other domains like SaaS and identity. However, in another question, over-privileged users were listed as a top challenge, indicating this is a moving target for organizations.

Device security needs more attention.

Many respondents identified the importance of protecting data but had mobile device management (MDM) and bring your own device (BYOD) low on their priority lists. Addressing BYOD can be complex, as privacy is the key to BYOD but it must be balanced with control. However, securing these devices should be a primary focus area as they are a major pain point today for corporate security.

Check out the full report and findings from the survey below.