Zero Trust Adoption Not Slowed by Pandemic Disruption

NEW YORK, Sept. 9, 2020 — Professionals at organizations adopting Zero Trust say COVID-19 has accelerated (37.4%) or not slowed (35.2%) their organizations’ adoption efforts, according to a new Deloitte poll.

“Interest in Zero Trust adoption predates the pandemic, as the model and framework applies a ‘never trust, always verify’ policy with regards to users, workloads, networks and devices before granting access to an organization’s IT ecosystem and underlying data,” said Andrew Rafla, a Deloitte Risk & Financial Advisory principal in cyber and strategic risk, Deloitte & Touche LLP. “But, pandemic-driven disruption resulted in many organizations digitally transforming, accelerating cloud migration and realigning workforce connectivity and management. These fundamental shifts can also increase an organization’s attack surface, driving the need to take a more modernized and agile approach to managing cyber risk.”

Respondents said that their adoption efforts are driven by Zero Trust’s ability to help manage evolving cyber risks including workforce risks like remote work and insider threats (35.7%); third-party risk (24.8%); and cloud risk management (20.9%).

“Zero Trust adoption can help organizations deal with cybersecurity challenges like changing workforce dynamics and increased device complexity. But there are some myths about Zero Trust,” Rafla continued. “Getting started doesn’t mean a wholesale rip-and-replace effort is needed on the technology side, as existing and planned investments likely align at some level to the Zero Trust concept of least privilege. Rather, organizations should get a clear understanding of what needs to be protected, taking a use-case-driven and iterative approach to adoption that aligns with business objectives. Further, organizations should understand that Zero Trust is not dependent upon or solely focused on cloud environments — the concept can be applied to on-premise environments as well.”

Challenges respondents reported in their organizations’ Zero Trust adoption efforts included a lack of appropriately skilled professionals (28.3%), lack of needed budget (28.1%) and inability to discern how to get started (12.8%).

Rafla added, “Development of new talent skillsets and organizational change management efforts can be needed for Zero Trust adoption. But it’s worth repeating that not everything needs to be done wholesale when adopting this framework — a phased approach should be considered.”

Respondents indicated that CIOs (28.3%), CISOs (28%) and CTOs (19.9%) are most often tapped to lead Zero Trust adoption efforts.

“Zero Trust isn’t just a technology issue that you can buy a quick solution for, it’s an organizational change management issue that requires top leadership — led by CISOs, CIOs and CTOs — to be involved in the proactive, holistic effort so that true success can be realized,” concluded Rafla.

About the online poll

More than 595 respondents from organizations that have already or plan to adopt Zero Trust were polled online during a Deloitte webcast titled, “Zero Trust cybersecurity: Never trust, always verify” on July 30, 2020. Answer rates differed by question.

About Deloitte

Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world’s most admired brands, including nearly 90% of the Fortune 500® and more than 7,000 private companies. Our people work across the industry sectors that drive and shape today’s marketplace — delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthy society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. Now celebrating 175 years of service, our network of member firms spans more than 150 countries and territories. Learn how Deloitte’s more than 312,000 people worldwide make an impact that matters at www.deloitte.com.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.