The State of Zero Trust: Survey Results
Posted: Monday July 10, 2023
Author: Jason Garbis
It’s July, and therefore a great time for a mid-year assessment of the state of Zero Trust. To that end, the Numberline Security team recently conducted an enterprise survey on Zero Trust awareness and adoption, and the results are insightful and worth discussing.
We’ve created a brief, human-generated writeup here in this blog posting, so let’s dive in.
This survey had approximately 100 enterprise respondents, and asked four questions:
Where is your enterprise in its Zero Trust journey?
This question was designed to get a big picture of the level of maturity and adoption of a Zero Trust strategy.
What these results tell us is that we’re still in the early days of enterprise adoption of Zero Trust, with 63% of enterprises in planning or POC phases, and only 37% with any workloads in production using architectures based on this strategy.
Our second question was How high priority is your Zero Trust initiative for 2023?
The results here were very clear, with 67% of respondents indicating that their Zero Trust strategy was Very High or High priority, and only 11% responding that it was Low or Lower priority.
This aligns with what we’re seeing from our anecdotal conversations with enterprise security practitioners. Zero Trust is recognized as a best practice approach to information security, and there is a clear need and desire to move forward with this strategy.
This naturally leads us to our next question – are enterprises ready to embark on this journey? We asked that question as follows:
How confident are you that your team and organization has the knowledge and skills to execute on a successful Zero Trust initiative?
Most of the respondents indicated that they don’t have a sufficiently high degree of confidence in their current knowledge and skills, with 63% replying Somewhat, Not Very, or that they Need Additional Knowledge. However, 32% indicated that their team’s capabilities are Reasonably Strong, with a small minority (5%) indicating that they are very confident.
This isn’t surprising–Zero Trust is new, and many security teams simply don’t have the staff or bandwidth to proactively learn and prepare.
So what do enterprises need to be successful?
This was the focus of our final question, asking What do you view as your primary needs for a successful Zero Trust initiative? (multiple selections allowed).
Responses are shown in the following table:
| 44% | Technical or architectural education on Zero Trust |
| 43% | Zero Trust readiness or maturity assessment |
| 39% | Design patterns or architectural templates |
| 35% | A concrete plan for execution of the strategy |
| 34% | Creation of a business justification to show financial or other business benefits of Zero Trust |
| 30% | Executive support and buy-in for the Zero Trust initiative |
| 26% | Addressing current IT or security problems or technical debt |
| 25% | Vendor or platform selection guidance |
| 21% | Success stories or case studies from enterprises similar to mine |
| 21% | Additional Budget |
| 18% | Creation and operation of a Zero Trust dashboard |
| 18% | Establishment and operation of a Zero Trust steering committee |
Clearly, there is a need for additional guidance and education on Zero Trust, a desire for an assessment of enterprise readiness, and a need to create a concrete plan which includes business justification (and as a deliberate byproduct, garners executive support)
One additional interesting point – only 21% of enterprises indicated that they need additional budget. I think this reflects a reassuring level of maturity (and realism) about Zero Trust being more about people and process, and less about technology, and is a positive sign.
So, how can enterprises address their top needs? We have several assets and supporting services which will directly help:
- Readiness and Maturity Assessment: Take our free, 10-minute Zero Trust Readiness Survey, and receive a customized report with concrete recommendations for your enterprise
- Technical and architectural guidance: Read the comprehensive book: Zero Trust Security: An Enterprise Guide, available from the publisher as well as from online bookstores
- Design Patterns or Architectural Templates: Get our new, compact book, Getting Started with Zero Trust: Five Ways to Begin a Successful Initiative. This book is available digitally directly from our media site, and print versions are available from Amazon
Want more news like this? Subscribe to stay informed and up-to-date