Respondents in a late-2023 survey across nine countries cited scaled-up cyber breaches, expanding attack surfaces and tightened regulatory compliance as catalysts
In a Nov–Dec 2023 survey of 4,052 individuals with bona fide IT or other credentials^ in nine countries* on zero trust (ZT) strategy matters, several key trends were gathered from the data.
First, 57% of all respondents that had or will implement Zero Trust indicated that their organizations plan to include it in their encryption plans or strategies. Some 18% had implemented all ZT principles; 14% claimed they had laid the foundation for a ZT strategy, and 17% had started exploring various solutions.
Second, 59% of all respondents indicated that their leadership had significant or very significant support for ZT, with 37% citing lack of leadership buy-in as a challenge. The biggest challenges when implementing ZT were lack of in-house expertise (47%) or lack of budget (40%). Third, the risks cited by respondents as the highest priority for their ZT strategy were, in order of priority: securing identities (40%), devices (24%), networks (14%), applications (13%), and data (9%).
Other key findings
The fourth trend discerned from the global respondents was that 44% of them indicated believing a best-of-breed solution was the most important for a successful ZT implementation (multiple vendors), versus 22% choosing integrated solutions from one to three vendors, and 13% preferring a lowest-cost option. Some 10% cited wanting ZT solutions from a managed security provider, followed by 8% wanting a single vendor. Also:
- 46% of respondents (up from 29% in a previous year’s survey on the same topic) cited hackers as the biggest impediment to their ability to protect sensitive and confidential information.
- Respondents ranked the importance of certain features in encryption solutions in descending order: management of keys, enforcement of policy, and system performance and latency.
- 52% were transferring sensitive and confidential data to public clouds regardless of whether the data was encrypted in any way. Some 28% indicated planning to do so.
- 39% of respondents protected data at rest in the cloud using keys generated/managed by the cloud provider, or encryption performed in the cloud using keys generated by their organizations and managed on-premises. Some 23% indicated that encryption was performed on-premises. Also, 22% used keys controlled by their organization (down from 42% in a similar survey in 2022). For this group, the primary strategy for encrypting data at rest in the cloud was the use of a combination of keys controlled by their organization and by the cloud provider, with a preference for keys controlled by their organization, an increase from 19% to 32% in the latest survey. This is followed by only using keys controlled by the cloud provider (24% of respondents).
- When asked to rate the importance of cloud encryption features on a scale of 1 (not important) to 5 (most important), the rating for “privileged user access controls” had increased from 3.23 in a 2022 survey to 4.38 in the latest survey. The importance of granular access controls and the ability to encrypt and rekey data while in use without downtime had increased from 3.665 in 2022 to 4.1889 in the latest survey cohort.
According to Samantha Mabey, Director, Solutions Marketing, Entrust, the firm that commissioned the survey: “With the rise of costly breaches and AI-generated deepfakes, synthetic identity fraud, ransomware gangs, and cyber warfare, the threat landscape is intensifying at an alarming rate. This means that implementing a zero trust security practice is an urgent business imperative”
^IT operations 40%, security 16%, lines of business 16%, compliance 15%, finance 7%, other functions 7%
*Australia/New Zealand (5,600), Canada (10,010), Germany (12,849), Japan (11,030), Saudi Arabia (301), Singapore (367), the United Arab Emirates (355), the United Kingdom (10,585), and the United States of America (80,307)