Gartner Survey Reveals 63% of Organizations Worldwide Have Implemented a Zero-Trust Strategy

For Most Organizations, a Zero-Trust Strategy Typically Addresses Half or Less of an Organization’s Environment

Sixty-three percent of organizations worldwide have fully or partially implemented a zero-truststrategy, according to Gartner, Inc. For 78% of organizations implementing a zero-trust strategy, this investment represents less than 25% of the overall cybersecurity budget.A fourth quarter 2023 Gartner survey of 303 security leaders whose organizations had already implemented (fully or partially) or are planning to implement a zero-trust strategy found that 56% of organizations are primarily pursuing a zero-trust strategy because it’s cited as an industry best practice.“Despite this belief, enterprises are not sure what top practices are for zero-trust implementations,” said John Watts, VP Analyst, KI Leader at Gartner. “For most organizations, a zero-trust strategy typically addresses half or less of an organization’s environment and mitigates one-quarter or less of overall enterprise risk.”

Gartner outlined three primary top-practice recommendations for security leaders implementing a zero-trust strategy.

Practice 1: Establish Scope for a Zero-Trust Strategy Early
To successfully implement zero-trust, organizations need to understand how much of the environment they cover, which domains are in scope and how much risk they can mitigate.

The scope of a zero-trust strategy does not typically include all of an organization’s environment. However, 16% of survey respondents said it will cover 75% or more while only 11% believe it will cover less than 10% of the organization’s environment (see Figure 1).

Figure 1: Percentage of Environment to Cover With Zero-Trust
[Image Alt Text for SEO]

Source: Gartner (April 2024)

“Scope is the most critical decision for a zero-trust strategy,” said Watts. “Enterprise risk is much broader than the scope of zero-trust controls, and only so much enterprise risk can be mitigated. However, measuring risk reduction and improving security posture is a key indicator of success for zero-trust controls.”Practice 2: Communicate Success Through Zero-Trust Strategic and Operational Metrics
Seventy-nine percent of organizations that have fully or partially implemented zero-trust, have strategic metrics to measure progress, and of that 79%, 89% have metrics to measure risk.Security leaders must also keep their audience in mind when communicating these metrics. Fifty-nine percent of zero-trust initiatives are sponsored by either the CIO or CEO/president/board of directors.

“Zero-trust metrics must be tailored for the zero-trust deliverables as opposed to rehashing metrics used for other areas, such as the effectiveness of endpoint detection and response,” said Watts. “Zero-trust efforts deliver on specific outcomes – such as reduction of malware’s lateral movement on a network – often not captured by existing cybersecurity metrics.”

Practice 3: Anticipate Increases in Staffing and Costs but Not Delays
Sixty-two percent of organizations anticipate their cost will increase and 41% of organizations expect their staffing requirements will also increase as a result of a zero-trust implementation.

“The budget impacts of organizations who adopt a zero-trust strategy will vary based on the scope of the deployment as well as how robust the zero-trust strategy is early in the planning process,” said Watts. “Zero-trust initiatives inherently affect the budget as organizations take a systemic and iterative approach to mature their policies toward risk-based and adaptive controls, adding overhead to the organization’s ongoing operational burden.”

While only 35% of organizations said they encountered a failure that disrupted their zero-trust strategy implementation, organizations should have a zero-trust strategic plan outlining operational metrics and measure the effectiveness of zero-trust policies in order to minimize delays.

The Gartner research for clients “Top 3 Recommendations From the 2024 State of Zero-Trust Adoption Survey.” will bring you more details related this topic.

About Gartner for Information Technology Executives

Gartner for Information Technology Executives provides actionable, objective insight to CIOs and IT leaders to help them drive their organizations through digital transformation and lead business growth. Additional information is available at www.gartner.com/en/information-technology.
2024-04-26T11:58:31+00:00

Share This Story, Choose Your Platform!

FacebookXLinkedInWhatsAppEmail

Related Posts

SGS expands its sustainability expertise with the acquisition of Aster Global
SGS expands its sustainability expertise with the acquisition of Aster Global
Gallery

SGS expands its sustainability expertise with the acquisition of Aster Global

January 9, 2025 | 0 Comments
GEWISS announces acquisition of 75% of TVILIGHT, strengthening market leadership in smart lighting solutions
GEWISS announces acquisition of 75% of TVILIGHT, strengthening market leadership in smart lighting solutions
Gallery

GEWISS announces acquisition of 75% of TVILIGHT, strengthening market leadership in smart lighting solutions

December 19, 2024 | 0 Comments
Adams Vision Showcases the Brand Portfolio Available in 70 Vitamix Stores Nationwide
Adams Vision Showcases the Brand Portfolio Available in 70 Vitamix Stores Nationwide
Gallery

Adams Vision Showcases the Brand Portfolio Available in 70 Vitamix Stores Nationwide

November 26, 2024 | 0 Comments
Efficient Monitoring of Power Distribution through the Unified ATEN Solution
Efficient Monitoring of Power Distribution through the Unified ATEN Solution
Gallery

Efficient Monitoring of Power Distribution through the Unified ATEN Solution

October 30, 2024 | 0 Comments

©2025First Connect

©2025First Connect

©2025First Connect

©2025First Connect

Go to Top