Editorial

Organisations plan to implement zero trust architecture

But a top barrier to implementing zero trust strategies is concern over employees feeling trusted by their employer

Posted 27 August 2021 by Christine Horton


Nearly all (98 percent) of UK business leaders and IT decision makers either plan to or have already started implementing zero trust strategies at their organisations.

That’s according to new research by zero trust vendor, Illumio. The report also revealed the challenges organisations face when implementing zero trust architecture. Respondents cited employee perception and resistance to change as the primary barriers to activating their zero trust plans. Notably, nearly a third (32 percent) of respondents expressed concern about employees thinking the company doesn’t trust them.  

“This research makes one thing clear – UK business leaders and IT professionals know how important zero trust strategies are in making their organisations resilient, particularly as ransomware wreaks havoc across every industry,” said Raghu Nandakumara, EMEA field CTO, Illumio.

“It’s especially encouraging to see over 90 percent of organisations prioritising segmentation, since this is an essential control in keeping critical assets safe from attacks. Despite some technological and organisational barriers, we all need to start, or continue, making incremental progress on our zero trust plans. It’s better to be slightly more secure tomorrow than to have the perfect plan on paper in two years.”

Why are UK organisations adopting zero trust strategies?

For organisations that have already adopted a zero trust approach, the top two reasons cited for implementation were either because it was a part of a strategy refresh on security infrastructure (48 percent), or to enable the business to improve its agility through digital transformation (47 percent). Furthermore, 60 percent stated the greatest benefit from their zero trust approach was feeling more confident they had secured their critical data and reduced their organisation’s risk exposure (54 percent).

Barriers to implementing zero trust architecture

The research revealed the technological, operational, and cultural barriers that prevent organisations from adopting zero trust. The main technological barriers included legacy systems that couldn’t be upgraded (29 percent) and cost constraints (22 percent). Culturally within organisations, 33 percent of respondents said their business was resistant to change unless mandated by compliance regulations. As mentioned, 32 percent feared that their employees would think that they don’t trust them – though it’s important to note that zero trust grants trust to users, devices, and applications once they are verified.  

How organisations approach zero trust

Zero trust is a strategy and philosophy, and no one technology can make an organisation achieve zero trust overnight. An essential pillar to any zero trust strategy is segmentation, and most organisations (92 percent) are segmenting their networks in some way. While a lot of respondents are using legacy approaches like virtual firewalls (52 percent) and network-based segmentation (49 percent), many said that they’re also taking a more modern, scalable approach and segmenting by application characteristics (32 percent), or implementing workload based micro-segmentation (32 percent).