Zero trust has been bandied about by cyber security suppliers in recent years, but the concept is still confusing to many people, with just 10% of large enterprises expected to have a mature zero trust programme in place by 2026, according to Gartner.
Gartner defines zero trust as a security paradigm that explicitly identifies users and devices and grants them just the right amount of access so a business can operate with minimal friction and reduced risks.
“It’s as much a mindset, accompanied by an organisation-wide vision and a strategy that utilises specific architectures and technologies, to achieve its goal,” said Lisa Neubauer, Gartner’s advisor in security and risk management practice at the analyst firm’s recent Security and Risk Management Summit 2023 in Sydney.
Richard Addiscott, Gartner’s senior director analyst, noted that as more organisations improve their capabilities and treat cyber security as a business investment, zero trust will increasingly become embedded in an organisation’s vision. “Investment into zero trust will become less tactical and reactive, and become more structured, proactive and measured alongside other programme level…
