A new survey released by MeriTalk and Splunk finds that public sector IT decision makers are increasingly planning around zero trust security concepts, with that thinking driven by current and future requirements for telework capabilities, among other security management needs. However, agencies face challenges in migrating to zero trust, including the need to invest in foundational technologies, according to findings from the survey of 150 Federal IT decision makers and 150 state, local, and higher education (SLED) IT decisionmakers on their agencies’ efforts around zero trust.
The survey found that 86 percent of decision makers believe a zero trust approach will make their organizations more resilient, and 81 percent have made changes to include or define a zero trust approach in their agency’s cybersecurity strategy. Adoption of zero trust has only accelerated during the COVID-19 pandemic – 54 percent of those that include zero trust in their strategies have made the change in strategic thinking since the move to mass telework. The move to zero trust also lines up with the shift to a hybrid cloud environment that over 70 percent of agencies are planning to make in the next two years.
“The vast majority of public sector IT decision makers are turning to zero trust to fortify their security posture in this changing landscape,” the report notes.
However, many recognize that they still need to get the foundations for zero trust in place, and not all are confident that their agencies can successfully execute a zero trust approach. Only a minority of agencies have invested in technologies like data/log aggregation and visibility (41 percent), security analytics (39 percent), continuous diagnostics and mitigation (35 percent), user behavioral analytics (34 percent), or security automation and orchestration (33 percent).
Most of those surveyed flagged challenges that stand in the way of zero trust adoption, with 75 percent citing technical challenges, and 78 percent recognizing mission challenges to adoption. Most common among those mission challenges is the workforce, with many fearing their agencies they don’t have the skilled professionals needed for implementation. Other challenges include limited budgets, organizational silos, and lacking a clear strategy for adoption.
Given these issues, only about 55 percent of those surveyed are very confident in their agency’s ability to execute on a zero trust framework. However, about 80 percent of those with agencies that are further down the road in their zero trust journey are very confident, showing how proper execution can improve the outlook.
Those who are advanced in zero trust capabilities are more likely to have defined zero trust in their cybersecurity strategy before the shift to telework, and are more likely to be increasing their investments in zero trust technologies in 2021, the survey found.