New EMA Research Report Explores how IT Organizations are Using Network Technologies to Support a Zero Trust Security Model
EMA surveyed 252 technology professionals who are directly engaged with applying network segmentation and secure remote network access solutions to a Zero Trust strategy. Sixty percent identified themselves as IT professionals and 40% identified themselves as information security or cybersecurity professionals.
Boulder, Colo., October 28, 2020 – Enterprise Management Associates (EMA™), a leading IT and data management research and consulting firm, released a new research report titled “Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network Segmentation” based on criteria defined by Shamus McGillicuddy, vice president of research, covering network management at EMA.
The report is based on a survey of 252 enterprise technology professionals with direct and relevant experience with these efforts. EMA focused its investigation primarily on secure remote access, network segmentation, and microsegmentation technologies. The research explores technology requirements, organizational strategies, and best practices. It also examines how the COVID-19 pandemic has impacted these Zero Trust initiatives.
Zero Trust is a network security model that minimizes risk by applying granular policies and controls to network access and network communications. Rather than establishing trust, the Zero Trust model is constantly verifying the legitimacy of network communications even inside the network perimeter. Changes in location, device state, security state, behavior, and more can initiate a reauthentication process.
“Our research found that IT organizations must formalize their approach to Zero Trust networking,” McGillicuddy said. “It’s best to create a Zero Trust task force that draws on expertise from network engineering and architecture and information security. Also, IT organizations must dedicate budget to these initiatives. Don’t look for unspent money in other line items. Enterprises that adopted these principles were most likely to succeed and least likely to have been derailed by the COVID-19 pandemic.”
EMA found that the majority of enterprises accelerated their Zero Trust networking initiatives in response to the pandemic. However, enterprises that lacked a formal Zero Trust initiative or took an ad hoc approach to implementation tended to slow down their projects, which presents a lost opportunity. Without a formal initiative, these organizations were sidetracked by other issues during the pandemic crisis. EMA believes that the best response to this pandemic is to be more aggressive with Zero Trust networking. Successful organizations were the most likely (69%) to have accelerated their projects.
The technologies that enable a Zero Trust model are often network-based. They include network segmentation and microsegmentation architecture and secure remote access solutions. These technologies need centralized policy management and control to coordinate authentication, authorization, and change management in a Zero Trust environment. These solutions may also integrate with parts of the security stack, like identity and access management and threat analysis, to enhance Zero Trust policy engines.
EMA found that Zero Trust networking is a partnership between networking and security. Both groups contribute budget to the endeavor, and the most successful projects are led by Zero Trust taskforces that pull experts from both groups to devote to the initiative. Successful enterprises indicated that one of the most important areas of Zero Trust collaboration is the coordination of access security controls across different systems, since security and networking teams often own complementary security technologies. EMA also found that the IT service management group contributes to Zero Trust budgets, and these budgets are expected to grow in 2021.
Remote access solutions and network segmentation solutions are both foundational to a Zero Trust network, and the majority of enterprises are investing in new technology to support this effort, while many will also retain their legacy solutions for a multi-layered approach to Zero Trust. EMA found considerable interest in secure access service edge (SASE) and microsegmentation as enablers of Zero Trust networks. Adoption of software-defined perimeter (SDP) solutions will also tick upward in the coming years.
A detailed analysis of the research findings is available in the report, “Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network Segmentation.”
Highlights from the report will be revealed during the free November 3 webinar, “Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network Segmentation.”
Founded in 1996, EMA is a leading industry analyst firm that provides deep insight across the full spectrum of IT and data management technologies. EMA analysts leverage a unique combination of practical experience, insight into industry best practices, and in-depth knowledge of current and planned vendor solutions to help their clients achieve their goals. Learn more about EMA research, analysis, and consulting services for enterprise line of business users, IT professionals, and IT vendors at www.enterprisemanagement.com.