While Zero Trust is rapidly becoming best practice around the world – including in the US where the Biden Administration has directed all government departments to adopt a Zero Trust approach as part of its national cybersecurity policy – New Zealand organisations still have work to do.
Aside from the need to get internal stakeholders on side, the survey highlighted another potential obstacle for successful implementation of a Zero Trust programme in local organisations.
Decision-makers perceived their Zero Trust maturity highly in several key areas including analytics and automation (78%), device (78%) and network (70%) but identified workload (possessing technical capability to enforce compliance controls and industry best practices against cloud repositories) at just 49%.
Critically, when survey respondents were asked to describe how their company was adopting Zero Trust, 69% said “we are adopting Zero Trust piecemeal rather than taking a big bang structured approach”.
It is an approach that Wright cautions could ultimately create inefficiencies.
“A piecemeal approach might work well in the short term but could cost many organisations more in the long run as they face additional integration and operational costs further down the track.”
Wright says local organisations will also find there are growing expectations from customers, partners and authorities around cybersecurity policies that are in line with global best practice.
New Zealand’s National Cyber Security Centre earlier this year updated its Information Security Manual – the bible of cybersecurity for government IT managers – to “increase awareness of Zero Trust approaches and enable the NZISM to more directly reflect Zero Trust in future releases”.