The shift to home working has left enterprises more vulnerable, Cloud security becomes top priority and Zero Trust gains acceptance
Reading, UK – September 29th, 2020 – Insecure devices, phishing schemes and data breaches are on the rise, according to a survey from Gigamon, the global leader in visibility and analytics for the hybrid cloud. The findings, set against the current digital and economic climate, reveal the coming challenges IT and security decision makers face, their top priorities for the next 12 months and specifically, their attitudes towards the adoption of Zero Trust.
When it came to assessing current issues IT and security decision makers are facing, the survey revealed that the security landscape has become more menacing with about 84% of respondents having seen a rise in threats since the start of 2020. The main issues were:
- The work from home model has made us more vulnerable due to insecure devices – 51%
- We have mainly been subject to an increase in phishing schemes – 41%
- We have mainly been subject to an increase in data breaches – 33%
- The insider threat has increased due to disengaged employees – 33%
In addition to facing external threats, respondents also cited supporting digital transformation and challenges from within the organisation as their biggest IT and security challenges expected over the next 12 months to three years:
- Digital transformation – 50%
- Shadow IT – 45%
- Employee education – 37%
Following closely in terms of concerns were the increase in data and applications to monitor and protect (36%) and managing a complex working landscape (35%). This highlights a myriad of operational issues IT teams are dealing with on a daily basis.
What’s more, with the network constantly evolving and infrastructure under increasing strain, IT teams are looking to make new investments to future-proof their organisation despite lower budgets and uncertainty (36%). This is reflected by respondents citing that keeping developments safe and secure in the Cloud was their top priority for the rest of this year (44%).
Zero Trust Adopted as Strategy to Secure the Network
When asked about their knowledge of the Zero Trust security framework, most survey respondents (89%) had a high overall awareness of Zero Trust, with 67% adopting or planning to adopt the framework. The top reasons for implementing Zero Trust were to:
- Make our network more secure and mitigate risk – 54%
- Make our data more protected and easier to manage – 51%
- Reduce the risk of employees compromising the system – 49%
Over three in five (61%) believed Zero Trust would enhance their IT strategy, while a further 30% believed it would underpin their strategy.
Interestingly, the survey found that company culture and employee behaviour were both a motivator behind starting on a Zero Trust journey and a barrier. As seen, Shadow IT and employee education were cited as top challenges facing respondents, signalling that businesses may look to adopt a Zero Trust architecture to minimise the risk of the insider threat. Conversely, 65% of respondents who decided not to adopt the framework cited wrong company culture as the top reason behind this decision and getting employees on board (28%) was named the most important thing to have in place before starting the journey towards Zero Trust.
Bassam Khan, VP Product & Technical Marketing Engineering at Gigamon, commented on the findings:
“This research dives into issues that IT and security professionals face, the causes of these issues and frameworks IT is adopting, following a major global shift in how work gets done. With rapid changes and an ever-growing attack surface, IT and security teams are beginning to rely on a solid framework to better manage risks.”
“The fact Zero Trust had both high awareness and high adoption as an initiative demonstrates its increasing prominence in the industry. We can see that perceptions of Zero Trust have considerably changed, as 86% of those surveyed said that Zero Trust had/could have helped their business as it deals with the impacts of the current global situation. What’s more, 78% of the companies surveyed agreed it would have a positive effect on security without compromising productivity, showing its viability in today’s digital infrastructure.”
The report also looked at whether Zero Trust was a board level issue, with almost a third of respondents (30%) agreeing that Zero Trust should ‘absolutely be discussed at board level’ for 24% it should ‘be a priority at any boardroom table given the current climate’.
Khan concluded:
“With digital strategies pivoting to accommodate the economic uncertainty and unprecedented change caused by the new normal, security is only going to become a more prominent topic at the C-level. It’s interesting to see that elements of the Zero Trust journey are already being discussed, and hopefully this will continue, as board support is vital for the implementation and success of any Zero Trust initiative.”
To find out more or download the report, please visit our website.
Notes to editors
Methodology:
- 500 respondents across Germany (150), France (200) and the UK (150)
- All working for companies with more than 1,000 employees
- Job titles included: Chief Information Officer (18%), Chief Information Security Officer (18%), Chief Technology Officer (16%), Network Manager (15%), Director of Network Operations (9%), and Network Architect (8%)
- When asked about their involvement in the decision-making process within their organisation 66% help reach the final decision as part of a group or committee, 23% make the final decision with input from staff or management, and 11% stated that they are the sole decision maker (significantly more likely in the UK – 26%)
- Fieldwork was carried out between the 15th July and the 24th July 2020 via an online survey
Interestingly, the survey found that company culture and employee behaviour were both a motivator behind starting on a Zero Trust journey and a barrier. As seen, Shadow IT and employee education were cited as top challenges facing respondents, signalling that businesses may look to adopt a Zero Trust architecture to minimise the risk of the insider threat. Conversely, 65% of respondents who decided not to adopt the framework cited wrong company culture as the top reason behind this decision and getting employees on board (28%) was named the most important thing to have in place before starting the journey towards Zero Trust.