CxoToday
CxoToday
HomePress ReleaseGartner Survey Reveals 63% of Organizations Worldwide Have Implemented a Zero-Trust Strategy
Press Release

Gartner Survey Reveals 63% of Organizations Worldwide Have Implemented a Zero-Trust Strategy

CXOtoday News DeskCXOtoday News Desk
Gartner

For Most Organizations, a Zero-Trust Strategy Typically Addresses Half or Less of an Organization’s Environment

 

Sixty-three percent of organizations worldwide have fully or partially implemented a zero-trust strategy, according to Gartner, Inc. For 78% of organizations implementing a zero-trust strategy, this investment represents less than 25% of the overall cybersecurity budget.

A fourth quarter 2023 Gartner survey of 303 security leaders whose organizations had already implemented (fully or partially) or are planning to implement a zero-trust strategy found that 56% of organizations are primarily pursuing a zero-trust strategy because it’s cited as an industry best practice.

“Despite this belief, enterprises are not sure what top practices are for zero-trust implementations,” said John Watts, VP Analyst, KI Leader at Gartner. “For most organizations, a zero-trust strategy typically addresses half or less of an organization’s environment and mitigates one-quarter or less of overall enterprise risk.”

Gartner outlined three primary top-practice recommendations for security leaders implementing a zero-trust strategy.

Practice 1: Establish Scope for a Zero-Trust Strategy Early

To successfully implement zero-trust, organizations need to understand how much of the environment they cover, which domains are in scope and how much risk they can mitigate.

The scope of a zero-trust strategy does not typically include all of an organization’s environment. However, 16% of survey respondents said it will cover 75% or more while only 11% believe it will cover less than 10% of the organization’s environment (see Figure 1).

Figure 1: Percentage of Environment to Cover With Zero-Trust

Source: Gartner (April 2024)

“Scope is the most critical decision for a zero-trust strategy,” said Watts. “Enterprise risk is much broader than the scope of zero-trust controls, and only so much enterprise risk can be mitigated. However, measuring risk reduction and improving security posture is a key indicator of success for zero-trust controls.”

 

Practice 2: Communicate Success Through Zero-Trust Strategic and Operational Metrics

Seventy-nine percent of organizations that have fully or partially implemented zero-trust, have strategic metrics to measure progress, and of that 79%, 89% have metrics to measure risk.

Security leaders must also keep their audience in mind when communicating these metrics. Fifty-nine percent of zero-trust initiatives are sponsored by either the CIO or CEO/president/board of directors.

“Zero-trust metrics must be tailored for the zero-trust deliverables as opposed to rehashing metrics used for other areas, such as the effectiveness of endpoint detection and response,” said Watts. “Zero-trust efforts deliver on specific outcomes – such as reduction of malware’s lateral movement on a network – often not captured by existing cybersecurity metrics.”

Practice 3: Anticipate Increases in Staffing and Costs but Not Delays

Sixty-two percent of organizations anticipate their cost will increase and 41% of organizations expect their staffing requirements will also increase as a result of a zero-trust implementation.

“The budget impacts of organizations who adopt a zero-trust strategy will vary based on the scope of the deployment as well as how robust the zero-trust strategy is early in the planning process,” said Watts. “Zero-trust initiatives inherently affect the budget as organizations take a systemic and iterative approach to mature their policies toward risk-based and adaptive controls, adding overhead to the organization’s ongoing operational burden.”

While only 35% of organizations said they encountered a failure that disrupted their zero-trust strategy implementation, organizations should have a zero-trust strategic plan outlining operational metrics and measure the effectiveness of zero-trust policies in order to minimize delays.

Gartner clients can read more in “Top 3 Recommendations From the 2024 State of Zero-Trust Adoption Survey.” Learn how to adopt a zero trust mindset in the complimentary Gartner webinar Cut Through Zero Trust Hype and Get Real Security Strategy Advice.

About Gartner IT Symposium/Xpo

CIOs and IT executives will learn how to meet the moment and provide the vision and results needed to lift their organizations to the next level at Gartner IT Symposium/Xpo. Follow news and updates from the conferences on Twitter using #GartnerSYM.

About Gartner for Information Technology Executives
Gartner for Information Technology Executives provides actionable, objective insight to CIOs and IT leaders to help them drive their organizations through digital transformation and lead business growth. Additional information is available at www.gartner.com/en/information-technology.

Follow news and updates from Gartner for IT Executives on X and LinkedIn using #GartnerIT. Visit the IT Newsroom for more information and insights.

About Gartner

Gartner, Inc. (NYSE: IT) delivers actionable, objective insight that drives smarter decisions and stronger performance on an organization’s mission-critical priorities. To learn more, visit gartner.com.

Tags :Gartner
add a comment

You Might Also Like

CxoToday
CXOtoday is a premier resource on the world of IT, relevant to key business decision makers. We offer IT perspective & news to the C-suite audience. We also provide business and technology news to those who evaluate, invest, and manage the IT infrastructure of organizations. CXOtoday has a well-networked and strong community that encourages discussions on what’s happening in the world of IT and its impact on businesses.

Useful Links

Information

Connect

Facebook Twitter Linkedin

Copyright © 2024 Trivone. All Rights Reserved.

channeltimes
Techtree
SupportBiz
khelnama