By Ashley Leonard, Syxsense CEO and Founder
Zero trust adoption has taken center stage in recent years because it can help better secure remote workers and hybrid cloud environments and protect against ransomware threats. But as organizations continue to press forward with digital transformation and look to protect stakeholders from rising cyberattacks, not all are reaping the benefits of a fully implemented zero trust strategy. In fact, a recent survey revealed that more than one-third of organizations are not pursuing zero trust strategies, and of those that are, more than half are still in preliminary exploratory stages of adoption.
But according to Gartner, cybersecurity spending on things like zero trust will double by 2026 to $267.3 billion. Why the disconnect? According to EMA research, 41% lack the budget and funding, 32% lack the technical capabilities, 29% have no clear direction on how to begin, and 24% are concerned that it could negatively impact business operations. It’s clear that organizations need more support to overcome the struggles associated with zero trust adoption. To better understand this, let’s look at three prominent challenges organizations are facing today and how they can best overcome them to accelerate – and feel more comfortable with – their zero trust journey.
Challenge #1 – Poor Visibility Across Environments
To understand the requirements that make sense for a zero trust framework, full visibility across the environment is crucial. That means being able to see all devices, data stores, and users. This also includes an assessment of where technical capabilities are lacking. Zero trust is not just another tool for IT managers. It’s a completely different method of understanding device and network access.
To support a zero trust project, organization’s need to first understand where their limitations lie (for example, do they know which databases have high-value data, or “crown jewels”), how existing tools and infrastructure have been implemented (such as who can access critical data or high-value assets, like servers), and have a documented process in place for managing the existing tools and infrastructure. Unfortunately, asset discovery can be challenging for many organizations, which is one reason zero trust projects can appear so daunting. It’s like moving into a new house where none of the boxes are labeled. Identifying the difference between kitchen or laundry supplies is required before you can really get organized.
Challenge #2 – Zero Trust is Complex
Zero trust can be hard to implement. Consider it a mesh solution – where the point is to create a reality where users and devices gain access to information through an authentication ‘conversation’ rather than just punching in their credentials. All sorts of data points are collected and collated to build the proof of authenticity required for access to be granted. Most zero trust frameworks, for that reason, are a combination of multiple solutions brought together under a unifying toolset.
Creating the logic needed to bring each tool together in concert can be complex. For example, part of your zero trust attestation process might be to validate that a device doesn’t have any active anti-virus alerts. That is one data point to manage. You might also need to validate that the device’s connection is coming from a whitelisted geography. On top of that, you might also want to validate that the device’s patch compliance is current. Maintaining a unified zero trust solution for parsing this data can be very helpful, but it requires you to mesh multiple disparate solutions together under the roof of a single solution.
Challenge #3 – Zero Trust is Resource-Intensive
Buying a suite of zero trust solution can be resource-intensive for many organizations. Why? Because it’s often a mandate above and beyond the foundational IT and cybersecurity stack (on top of the normal day-to-day). Today, many companies are rolling out zero trust solutions. Some of them are built to be incorporated into a larger zero trust ecosystem, while others are intended to become self-sufficient ecosystems.
Depending on the scope of the advertised functionality, zero trust can either demand extensive resources or require a reasonable amount of investment. But if the initial investment is reasonable, systems administrators can anticipate doing more work throughout their adoption journey. Alternately, full suite zero trust products tend to pull a lot of resources upfront and provide a much lower burden of effort on security and operations teams to implement functionality.
Zero trust adoption continues to be a complex and challenging initiative for many organizations, especially those using legacy systems. But vendors and the larger security community are getting better at delivering new solutions, approaches, and educational information that can help streamline the process (and better show the value). The first step is for organizations to understand the complexity of a zero trust project, gain full visibility into their security environment, and commit the necessary resources and expertise to implement it (or explore it) successfully. To reach its full potential, IT and security teams will need to make the fundamental shift from a perimeter-based security approach to granular and continuous authentication processes. That’s zero trust.
##
ABOUT THE AUTHOR
Ashley Leonard is the president and CEO of Syxsense-a global leader in Unified Security and Endpoint Management (USEM). Ashley is a technology entrepreneur with over 25 years of experience in enterprise software, sales, marketing, and operations, providing critical leadership during the high-growth stages of well-known technology organizations.
Ashley manages U.S., European, and Australian operations in his current role, defines corporate strategies, oversees sales and marketing, and guides product development. Ashley has worked tirelessly to build a robust, innovation-driven culture within the Syxsense team while delivering returns to investors.
Ashley has founded several successful technology companies, including NetworkD Inc., with operations in 7 countries. NetworkD made several strategic international acquisitions and then completed a successful exit to Sparxent in 2008. In 2012 he founded Verismic Software and launched Syxsense in 2019.
Ashley serves on several boards and acts as a mentor to up-and-coming technology CEOs through his membership in the Young Presidents Organizations (YPO). He served as Orange County chair for two years. Ashley also served as Area Chair for YPO Pacific Region and was host city partnership chair for the 2020 YPO Global EDGE conference in San Diego, CA, welcoming over 3,000 of the world’s top CEOs.
Ashley was a finalist for Ernst & Young’s “Entrepreneur of The Year” and AeA’s “Outstanding Private Company CEO” Award and won the AGC Innovation CEO Award.
