If you’ve seen the news lately, it’s pretty clear that cybercriminals are stepping up attacks. The increase in volume and variety was evident in our 2H 2022 FortiGuard Labs Threat Landscape report. Today, every organization regardless of size or industry is a target as bad actors devise more sophisticated ways to infiltrate networks.
Clearly, the need for cybersecurity isn’t going away, so more organizations have been adopting a zero-trust security model to reduce risk and support remote and hybrid work. Zero trust assumes that anything or anyone trying to connect to your network is a potential threat, and every user must be verified before permission is granted to access critical resources. This verification applies regardless of whether the user is trying to access those resources remotely or is already within the network perimeter.
Zero-trust network access (ZTNA) takes the principles of zero trust and applies them to application access. Its per-session controls mean that users and devices are authenticated and monitored every time they seek to access an application, closing security gaps that can arise from things like unattended devices.
Although most people agree zero trust is important, implementation isn’t always as simple as some vendors might have you believe. In the Fortinet 2023 State of Zero Trust Report, the status of zero-trust implementation changed surprisingly between 2021 and 2023. In 2021, 40% of respondents indicated that their zero-trust strategy was fully implemented. But in 2023, only 28% reported having a complete zero-trust solution in place. And only 36% of manufacturers claim to be fully implemented, perhaps due to also having to deal with the integration of IT and operational technology (OT) networks. The number of respondents now reporting being in the process of implementation is 66%, up from 54% in the previous survey.
A shift in the status of zero-trust implementation
Several reasons are behind this shift in how organizations view their zero-trust implementation status. The first is that the scope of zero-trust adoption has evolved. Initially, the goal was to connect remote workers quickly and securely to applications. But the more recent transition to a hybrid model where users move between on-premises and remote work with data and applications within both the cloud and data centers has expanded the scope. Now, data must be equally available regardless of the location of users and devices, so more technologies are required.
Data flows that initially went from the user to the application and back also changed. Now workflows often span multiple environments in a single transaction, which has significantly complicated and enlarged implementation. Cloud solutions must seamlessly integrate with the on-premises network to detect and prevent the lateral movement of threats and consistent end-to-end policy enforcement.
Another reason for the change in implementation status is that some issues didn’t become apparent until several solutions were already in place. The need for interoperability between isolated point solutions has become essential, and building and troubleshooting workarounds for tools that don’t natively work together can quickly consume a significant portion of IT resources. Two of the biggest barriers are insufficient information to select a zero-trust solution and a lack of qualified vendors. When vendors can’t provide a complete solution, organizations often have to cobble something together on their own. Once it became clear that hybrid work wasn’t temporary, a more consistent and reliable solution was needed, and resources were made available.
Zero-trust implementation challenges
Another key takeaway from the report is that deploying solutions from multiple vendors has created new challenges for organizations, including the inadvertent introduction of security gaps and high operating costs due to vendor and solution sprawl. According to the survey, 90% of organizations now rank vendor and solution consolidation as extremely or very important, and 88% feel the same way about the importance of solution interoperability. One outcome is that many organizations that believed they had fully implemented a zero-trust solution are now rethinking that conclusion. It’s clear that vendor and product consolidation and interoperability are crucially important to implementation.
For nearly half of respondents, the top concerns are that new exploitable security gaps and vulnerabilities have been created because solutions do not interoperate and cannot communicate. And 40% also report an inability to consistently apply and enforce policies. Related to these findings is the high cost of trying to keep a disjointed solution up and running, with 43% citing this problem as a top challenge. Other related challenges include poor user experience (39%), performance bottlenecks (36%), and increased management complexity (28%).
Consolidation and interoperability matter
Despite claims that everything is moving to the cloud, most organizations still have a hybrid application and data strategy in place. In fact, 38% of organizations still have more than half of their applications on-premises and another 49% have between 26% and 50% deployed there.
Not surprisingly, 85% of survey respondents identified the need for ZTNA solutions that cover both on-premises and remote users as very or extremely important. ZTNA needs to work no matter where applications and users are located. Notably, three-fourths of the survey respondents also reported encountering issues with their hybrid workforce because they were relying on cloud-based ZTNA. However, a hybrid cloud and on-prem ZTNA solution called Universal ZTNA can cover all locations with support for applications in the cloud and on-premises. It can be delivered with consistent features and policies across deployments and a per-user licensing model. With Universal ZTNA, protections and licenses can move seamlessly as work-from-anywhere (WFA) users move between their homes and on-premises offices.
Fortinet Universal ZTNA
As the threat landscape continues to expand and attackers find clever new ways to infiltrate networks, zero-trust strategies, ZTNA, and multifactor authentication play an increasingly important role in any modern security strategy. Fortinet Universal ZTNA delivers the most complete support providing secure access for remote and office users by delivering a universal approach to ZTNA that is consistent on-premises, in the cloud, or as a service using SASE. Organizations that want to reduce risk by building a zero-trust architecture can rely on Fortinet Universal ZTNA to provide a consistent user experience in every work location and a unified agent that provides an easy transition from a VPN.
Download the full Fortinet 2023 State of Zero Trust Report and learn more about how Fortinet ZTNA improves secure access to applications anywhere, for remote users.