Survey: Zero Trust benefits remote work during pandemic

(Editor’s note: An August 2020 Enterprise Management Associates survey of 252 North American and European IT professionals found that most had accelerated their adoption of Zero Trust networking framework. This article by EMA Vice President of Research Networking Shamus McGillicuddy further details the results of the “Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network Segmentation” report.)

The COVID-19 pandemic has prompted 60% of enterprises to accelerate their Zero Trust networking strategies. Just 15% of organizations slowed down in response to the public-health crisis, and 25% reported no effect, according to Enterprise Management Associates research.

Every vendor has its own definition of Zero Trust, but in this context EMA defines it as a network-security model that minimizes risk by applying granular policies and controls to network access and network communications.

Zero Trust usually has a dynamic policy engine that evaluates the legitimacy of network communications even inside the network perimeter. Changes in location, device state, security state, behavior, as well as other factors can initiate a reauthentication process.

The Work-From Home-Effect

This security model is particularly useful today during the pandemic. Zero Trust network-access solutions can scale and secure network connections for people who are working from home. Zero Trust segmentation can also granularly control what information assets remote users can access when they connect to the network.

Thus, the cause of this acceleration of Zero Trust adoption is somewhat obvious. EMA research found that the number of employees who are primarily accessing the corporate network via a secure remote access solution such as an SSL VPN or a software-defined perimeter has doubled since the pandemic began. This doesn’t even include employees who are working from home without a secure connection. Moreover, 53% of enterprises expect these remote workforces to remain elevated after pandemic restrictions are eased.

At the same time, 76% of these enterprises have seen an increase in the number of personally owned devices connecting to their networks during the pandemic, with 33% characterizing this increase as significant. Organizations that are more successful with their Zero Trust strategies reported more growth in use of personally owned devices, suggesting that successful Zero Trust initiatives are giving IT organizations the flexibility to better support them on the network.

Interestingly, enterprises have been able to tighten their security policies even while they allow more personal devices. 71% of those with Zero Trust initiatives reported that they had increased the security requirements of their network-access policies during the pandemic. This suggests that Zero Trust allows IT organizations to be more flexible and more secure at the same time.

Don’t let the pandemic derail Zero Trust

Given that Zero Trust networking enhances secure remote access, many enterprises will want to keep their Zero Trust initiatives on track during the pandemic. EMA took a close look at organizations that reported that the pandemic had slowed down their Zero Trust strategies.  

We found that enterprises that had allocated new budget specifically to support Zero Trust were the most likely to accelerate their Zero Trust projects during the pandemic. Ad hoc Zero Trust strategies, where IT leadership declined to formalize an initiative and dedicate budget, are the most likely to be slowed by the pandemic.

In other words, ad hoc Zero Trust strategies are vulnerable to derailment during the pandemic. These organizations find themselves easily sidetracked by more pressing issues. Without a budget and without support from IT management, network and security struggle to stick to Zero Trust principles. Our research also found that these ad hoc strategies are also the least likely to report success applying Zero Trust concepts to their networks.

Tighten security when risk is elevated

61% of enterprises in EMA’s research reported that pandemic-related changes to their businesses have directly led to an increase in security issues. Remote workers are just one of the changes wrought by current events. Grocery stores and other retailers have scaled up their online sales and delivery businesses. Healthcare and public health organizations have added temporary hospitals and clinics. State and local governments set up new infrastructure for virus testing. All of these changes present new network security risks.

Given that Zero Trust network access and segmentation solutions can mitigate those risks, EMA recommends that IT organizations be aggressive with these technologies during the pandemic.  

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.