Download the report

The State of Zero-trust Security Strategies

The State of Zero-trust Security Strategies

The State of Zero-trust Security Strategies

Research Objectives

Zero-trust approaches are arguably more relevant than ever due to the increasingly distributed nature of the modern enterprise. Whether implementing least-privilege tenets for user access or securing the connections to and between the disparate aspects of today’s hybrid multi-cloud deployments, zero trust can provide a framework to secure even the most complex environments. The sudden shift to work-from-home models has only highlighted the importance of a zero-trust approach. Yet for many organizations, confusion remains as to exactly what a zero-trust initiative should entail, where to begin, and how best to overcome the organizational obstacles that result from such a cross-functional undertaking. 


In order to gain insight into these trends, ESG surveyed 421 IT and cybersecurity professionals at organizations in North America (US and Canada) personally responsible for driving zero-trust security strategies and evaluating, purchasing, and managing security technology products and services in support of these initiatives.


Understand the trigger points that are influencing zero-trust initiatives and how decision makers are prioritizing and timing purchasing decisions.
Gain insights into the planning, purchasing, and implementation dynamics across different stakeholders within IT and the lines of business.
Examine the results zero-trust strategies have delivered with regards to anticipated outcomes such as improving security, simplifying compliance, and reducing costs.
Determine the extent to which specific technologies and products are being deployed to support zero-trust strategies.

Research Highlights

The definitions and drivers of zero trust vary, but many organizations claim multiple security and business benefits.
Nearly half of organizations rate their zero-trust initiatives as very successful and claim benefits such as reduced security incidents, better SOC efficiency, fewer data breaches, and higher user satisfaction. 
The pandemic validates the importance of zero trust.
Most organizations carried on with zero-trust plans even as the pandemic put other initiatives on hold. But further, those with zero-trust projects in place were less likely to see increased security team workloads as a result of the shifting focus to securing remote workers.
Formalized strategies for zero trust are common. However, most organizations begin with a specific use case and "back into" a broader zero-trust Initiative.
Nearly nine out of ten organizations have formalized zero-trust strategies. While it is common for these early movers to begin with a use-case-specific approach or inventory the tools they have in place, many plan to build a broader strategy from those starting points.
The broad range of tools required for zero trust drives interest in a platform approach.
The vast majority of organizations are using or interested in zero-trust platforms. Not surprisingly, integrations are a top consideration when adopting tools in recognition of the fact that a single vendor approach is not feasible.
Cross-functional collaboration is critical to zero-trust success and is leading to interest in centers of excellence.
There are currently many individuals and groups involved with zero-trust strategies. And while only 12% of organizations have implemented a zero-trust center of excellence (CoE) to date, interest is very high in this approach to formalize the collaboration across the different groups involved in zero trust.
Budget for zero trust is often new, and organizations anticipate robust spending. 
More than three-quarters of organizations allocate at least some new budget to zero trust, and 34% expect spending to increase significantly over the next 12-18 months.