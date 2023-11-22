Nearly 90% organizations have begun embracing zero-trust security, but many still have a long way to go, according to a report by multinational technology company Cisco. The report, based on a survey of 4,700 global information security professionals, found that 86.5% have started implementing some aspect of the zero-trust security model, but only 2% have mature deployments in place.

Cisco measures maturity based on four “pillars”:

Identity, which includes multi-factor authentication (MFA)

Device, which includes continuous validation of users’ devices

Network and workload, which includes network detection and response, as well as micro-segmentation

Automation and orchestration, which includes security orchestration and automated response (SOAR)

The report noted that an organization doesn’t need to implement all four pillars before it starts reaping the benefits of zero trust. For example, organizations completing the identity pillar are nearly 11% less likely to have a ransomware event. Completion of the network and workload pillar can reduce the likelihood of malicious insider abuse by 9%.

The big payoff is for organizations that have implemented all four pillars (only 2% of the survey sample). They’re two times less likely to report security incidents than those just starting out on their zero-trust journey.

Big jump toward zero trust

This year's survey results reflect a growing awareness and maturity in organizations about what zero trust is all about, notes Cisco Advisory CISO J. Wolfgang Goerlich. “In past studies, a significant part of the sample said they had zero trust in place and were good to go."

"This year we dug into the technology stack and asked them what technologies they were using, what zero trust aspects have they deployed," Goerlich continues. "In doing that, our findings went from a large percentage of people saying they deployed zero trust to 2% saying they made progress across all the pillars. That reflects a maturation in security and IT leaders' understanding of zero trust. Two years ago, people would say, ‘I did identity. I’m good.’ Now that they're into a real strong push behind zero trust, they’re realizing they need device controls, network coverage, and automation and orchestration.”