What Does Business Community Think about Zero Trust? 5 Simple Facts

In 2019, in collaboration with Boris Taratine, we have designed and conducted a survey for business practitioners. We asked them to define the Zero Trust concept as well as to elaborate on the usefulness of Zero Trust for their business. The survey was open to all employee levels, but the survey primarily attracted managerial-level employees. As a result, 149 managers from 16 different sectors of the economy worldwide took part in the survey. We have summarised results in our #zerotrustinfographic shown below. Our findings were the following.

1. Executives mostly have negative sentiment about Zero Trust

We used advanced text analytics techniques to process the definitions of #zerotrust provided by our participants and, based on this analysis, we were able to segment them into 5 sentiment profiles:

  • Groupies (4% of our sample) - executives who are very fond of the concept of Zero Trust and strongly advocate it.

  • Believers (8% of our sample) - find the concept of Zero Trust confusing, yet believe that it is useful in practice.

  • Floaters (40%) - have neutral attitude towards Zero Trust.

  • Doubters (31%) - are confused about the definition of Zero Trust and do not see much practical value in it.

  • Deniers (17%) - are completely against Zero Trust

Notice that 12% of our respondents (Groupies and Believers) have positive sentiment about Zero Trust, 40% (Floaters) are neutral, and 48% (Doubters and Deniers) are negative about Zero Trust.

Source: Zero Trust Infographic, Pogrebna and Taratine (2019)

2. Sentiment profiles defined managerial perceptions of security achieved by Zero Trust systems

Our segmentation, which was based on verbal definitions only, allowed us to predict quantified managerial sense of #safety, #security, #trustworthiness, #verifiability and threat-prevention in relation to #zerotrust systems. The central figure in our infographic above illustrates managerial believes about the verifiability and trustworthiness of Zero Trust systems measured numerically. We asked all participants in our sample to provide estimates of trustworthiness and verifiability for Zero Trust on a scale from 0% (low) to 100% (high). As a result, Groupies provided the highest estimates, while Deniers revealed low levels of trustworthiness and verifiability.

3. Most practitioners did not see many advantages in Zero Trust systems

The bottom right figure in the infographic shows that over 60% of managers in our sample at least somewhat disagreed that Zero Trust provided better prevention, better trustworthiness, better verifiability and better security than its alternatives. This disagreement was particularly strongly expressed by practitioners working in large companies (over 250 people). Some of our respondents also mentioned the inflated cost of Zero Trust solutions compared to other alternatives. Also, only 6% of respondents viewed Zero Trust systems as truly perimeterless security systems.

4. Practitioners, whose companies outsourced #cybersecurity were more positive about Zero Trust

Managers in our sample generally felt more positive about Zero Trust and its benefits if they came from organisations, which were not handling their own security. Representatives of companies, where cybersecurity was outsourced to the third party (usually a cybersecurity consultancy company) tended to have a much more positive opinion and optimistic sentiment about Zero Trust.

5. Zero Trust is a dominant concept

Despite the managerial scepticism, the majority of companies represented in our survey use Zero Trust systems for at least some of their day-to-day #cybersecurity tasks. This suggests that Zero Trust is here to stay.

Take Aways

Last year we conducted a study of managerial perceptions towards Zero Trust. The study revealed, that despite the popularity of Zero Trust systems, managers generally have negative sentiment towards the concept. We will see whether Zero Trust will survive the test of time...

#zerotrust #cybersecurity #cyberrisks #cyberthreats #datasecurity #cyberattack #hacking #risk #infosec #security #ransomware #phishing #dataprotection #informationsecurity