Dive Brief:

• Almost two-thirds of organizations across the globe have either fully or partially implemented zero-trust strategies, according to a report released Monday by Gartner based on a survey of 303 security leaders. 
• Of organizations that have fully or partially implemented zero trust, 4 in 5 have strategic metrics to measure their success. Of those, the vast majority — 9 in 10 — have metrics available to measure risk. 
• Following a zero trust implementation, 3 in 5 organizations anticipate costs will rise and 2 in 5 expect staffing requirements will likely increase, Gartner found.

Dive Insight:

More companies are adopting zero trust security strategies following a rapid rise in malicious cyberattacks. The shift toward remote or hybrid work environments, where a larger percentage of employees are based out of the office throughout the week, has also advanced zero trust adoption. 

In about half the cases, the zero trust strategy involved a combination of older security technologies with new ones added, according to John Watts, VP analyst and key initiative leader at Gartner. About 30% use existing technologies, while the 20% of cases involve implementing new technologies. 

“For most organizations, a zero-trust strategy typically addresses half or less of an organization’s environment and mitigates one-quarter or less of overall enterprise risk,” Watts said in a statement.

The programs are typically implemented with a top-down approach, according to Watts. Zero trust programs are typically sponsored by CIOs, IT executives, the board, CEO or president, and CISOs are usually called upon to execute the program. 

The U.S. government took steps to roll out zero trust strategies in recent years, part of a larger effort to help counter an increase in malicious threat activity from nation state adversaries and criminal threat groups.