How do security leaders keep pace with the future of digital transformation in a post-pandemic world? Gartner recently laid out its cybersecurity predictions through 2027, forecasting how organizations can capitalize on the future of cybersecurity while keeping track of current trends.
Hint: We hope you are ready for a world itching to zero-trust. As Gartner puts it, zero-trust is “paramount to understand” but still “not bulletproof.” However, “your trust posture also is not achieved with a single technology.”
Translation? Buckle down, because zero-trust has a long way to go in order to turn its “technical reality into business benefits,” and become a key player in mitigating an ever-expanding attack surface.
Zero-trust is on the move
Zero-trust capabilities are in demand today — although not many organizations recognize its benefits.
Gartner defines zero trust as a security paradigm that explicitly identifies users and devices and grants them “just the right access” so that the business can operate with minimal friction, while risks are reduced.
Last year the analyst firm predicted that 60% of organizations will embrace zero trust as a starting point for security by 2025. Now, it predicts 10% of large enterprises will have a comprehensive, mature and measurable zero trust program by 2026.
“It’s important to realize that zero trust is a mindset… it’s a strategy that utilizes specific architectures and technologies to achieve its goal,” said Craig Porter, Gartner’s lead analyst, during a webinar on July 11, 2023. “As organizations improve their capabilities, explaining cybersecurity as a business investment, zero trust will also follow as an organizational vision that will end up being measured alongside other security initiatives.”
However, benchmarking zero-trust will be a challenge for organizations, since there are only a few standards and operational tools that scan for zero trust effectiveness, according to Porter.
To manage complexity to kick start operational success, organizations looking to zero-trust will need a mature, widely deployed implementation, which is “deeply dependent” on integration and configuration of multiple components. Plus, combining a zero-trust initiative with other strategies is not bulletproof from attacks.
A zero-trust starting point
Where to start? Gartner suggests prioritizing an organization’s highest risks and combining zero-trust initiatives with other preventive security strategies.
“The bottom line here is starting small. An ever-evolving zero-trust mindset allows us to better grasp the benefits of the program and to manage some of the complexity one step at a time,” said Porter. “A mature, widely deployed implementation demands integration and configuration of multiple components, which can be quite technical and complex, and its success becomes highly dependent on the translation to business value.”
Zero-trust should not be a “one time investment,” the analyst added.