The COVID-19 pandemic motivated many small and large organizations to adopt the Zero Trust security model, according to a Forrester report commissioned by Cloudflare. The report found that many firms were looking into Zero Trust to solve their legacy security practices which hindered the support of remote workers during the work from home period. The report also found that many organizations were unprepared for the cloud transformation during the pandemic. Consequently, their IT security teams scrambled to configure their network perimeters to allow remote access, sometimes with security tradeoffs.
How does the Zero Trust network access security model work?
The Zero Trust security model allows remote workers to access applications through a secure web-based gateway. The solution implements least-privilege principles and supports multi-factor authentication (MFA) and device security checks. Unlike a VPN infrastructure, Zero Trust is highly scalable, more affordable, and easily integrates with various single sign-on (SSO) platforms already in the market. It also allows the configuration of access control policies to manage permissions based on users’ privileges and devices. Consequently, the Zero Trust model offers a more scalable privileged access management infrastructure for managing network resources.
Key findings of the report
The report found that most companies were unprepared to face the disruptions caused by COVID-19. However, companies accelerated their cloud transformations with security in mind, including adoption of Zero Trust security model. Firms invested more into SaaS tooling and the purchase of new devices to guarantee the safety of remote work. However, small companies were thriftier compared to larger organizations.
The report found that the COVID-19 disruption affected companies in several ways. 64% of the organization decision-makers polled said that their “company’s revenue and planning” were the most affected areas of their business. More than half (53%) of the respondents said that the crisis affected how customers did business with their organizations, while 52% indicated that COVID-19 caused a shift into the distributed working model.
COVID-19 also opened a new attack surface for various threat actors. More than half of all business experienced data breachers (58%) or increased phishing attempts (55%). And ransomware attacks affected 29% of the respondents.
Workers also faced various technical challenges. Infrastructure outages and VPN connection latency issues disconnected 33% and 46% of the respondents, respectively.
COVID-19 accelerated the adoption of Zero Trust security models
The remote working arrangement forced firms to undergo cloud transformation. However, 80% of the IT decision-makers interviewed said their companies were unprepared to make the transformation. Their existing IT practices had made it challenging to support employee productivity without compromising on security.
To overcome this challenge, 76% of the decision-makers said their firms intended to accelerate their shift to the Zero Trust security framework. More than three-quarters (76%) of decision-makers polled said their companies’ security practices were “antiquated” and needed to shift towards the Zero Trust security model.
The report also found that 82% of the firms said they were “committed” to migrating to a Zero Trust security architecture. To achieve this goal, close to half (49%) of the firms elevated the role of CISO to board visibility while 39% had a Zero Trust-oriented pilot for 2020.
However, the migration towards Zero Trust faced various challenges, with 76% of the firms identifying Identity and Access Management (IAM) as the major challenge.
Vendors seize the opportunity by offering free or trial ZTNA solutions
Several vendors offered their services freely or on extended trial periods to allow customers to test their Zero Trust security solutions during the COVID-19 pandemic.
Akamai offered its Enterprise Application Access (EAA) solution as part of its Business Continuity Assistance Program for an extended trial of 60 days. Similarly, Cloudflare offered the Cloudflare for Teams gratis until September 1. Cisco also provided its Duo Security Zero Trust and MFA platform freely to new customers. We can certainly expect the list of companies offering Zero Trust solutions will continue to grow as the solution gains popularity.
The free COVID-19 trial period allowed companies to migrate to zero trust security model and test advanced security solutions from reputable vendors free of charge. Moving forward, they could select the products that meet their security needs and sign up permanently. With so many tools at their disposal, companies that shied away from adopting remote work because of security concerns have no excuse. Similarly, cybercriminals must overcome another hurdle to compromise corporate networks.