Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Network Security

11/5/2019
04:50 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

75% of Enterprises Will Adopt a Zero Trust Solution Within a Year – Zscaler

Zero Trust Network Access (ZTNA) services are built to ensure that only authorized users can access specific applications on a network based on business policies.

Zscaler commissioned a report by Cybersecurity Insiders named 2019 Zero Trust Adoption Report. It is the first report to look at enterprise adoption of Zero Trust Network Access (ZTNA). ZTNA services are built to ensure that only authorized users can access specific applications on a network based on business policies.

The report surveyed 315 "IT and cybersecurity" professionals in the US in July and August of 2019. It says that "The respondents range from technical executives to IT security practitioners, representing a balanced cross-section of organizations of varying sizes across multiple industries."

The respondents share a number of worries. A hefty 61% of the respondents said that they are concerned about partners with weak security practices accessing internal applications. The threat of third-party attacks seems to be very much on their minds. This goes along with the 62% of organizations which say their biggest application security challenge is securing access to private apps that are distributed across datacenter and cloud environments.

The report also says that 78% of IT security teams are looking to "embrace" zero trust network access at some point in the future. Nineteen percent are actively implementing zero trust, and 15% already have zero trust in place.

When they were asked about the benefits of zero trust, two thirds of IT security professionals (66%) say they are most excited about zero trust's ability to deliver least privilege access to protect private apps. This is followed by apps no longer being exposed to unauthorized users or the Internet (55%), and access to private apps no longer requiring network access (44%).

BYOD shows itself to still be an IT security reality in 2019 as 57% of organizations were found to be prioritizing secure access from personal, unmanaged devices. The enterprise needs to know what devices it can trust for access routinely, and ZTNA is one path to get to that goal.

The report found that ZT adoption is going rather quickly. Seventy-five percent of enterprises say that they will adopt a zero trust solution for a specific use case within the next 12 months. Thirty-seven percent will adopt in less than nine months. The other 38% will follow suit within 12 months.

The use cases cited by the report for enterprises adopting a zero trust strategy included secure access to private apps running in hybrid and public cloud environments (37%), closely followed by using modern remote access services to replace VPN (33%) and controlling third-party access to private applications (18%).

The majority of IT security teams (59%) plan to embrace a zero trust network access service within the next 12 months. One in ten were said to adopt ZTNA within the next three months.

ZT as a security paradigm is growing, and quickly. While specifics of implementation will keep changing, ZTNA may prove to be a worthy technique in that effort.

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5421
PUBLISHED: 2020-09-19
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
CVE-2020-8225
PUBLISHED: 2020-09-18
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
CVE-2020-8237
PUBLISHED: 2020-09-18
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.
CVE-2020-8245
PUBLISHED: 2020-09-18
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11....
CVE-2020-8246
PUBLISHED: 2020-09-18
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-W...