Despite a growing consensus that zero trust security policies can help keep organizations secure, companies are struggling with legacy technology and the associated complexities and compatibility issues as they also look to modernize their infrastructure.
According to new research from business management consulting firm Deloitte, legacy systems and environments are the greatest challenge to adopting zero trust, with 44.6% of executives agreeing to that sentiment.
However, these organizations plan to forge ahead with their zero trust plans due to increases in cyber threats (30.1%) and the need to better manage third party risks (25.1%), according to Deloitte’s research.
Further down that list of drivers of zero trust adoption include managing workforce-related risks such as remote work and insider threats (17.2%), managing risks due to cloud adoption (15.1%) and managing elevated cyber risks due to geopolitical conflict (4.8%).
However, organizations far and away cited complexity and compatibility issues with legacy systems and environments as the top challenge to successful implementation of zero trust, with nearly 45% of executives agreeing.
Within zero trust adoption programs, organizations are most likely to prioritize enhancements focused on data security and identity and access management, which came in at 26.1% and 21.5%, respectively. This isn’t surprising given the importance of responsibly handling data and protecting user identities.
Also cited as important in zero trust adoption efforts include SASE implementation (13.9%), network segmentation (13.3%) and endpoint controls improvements (9.3%).
While legacy IT infrastructure can be challenging when implementing zero trust, they are also a primary driver, says Andrew Rafla, Deloitte’s Risk and Financial Advisory’s Zero Trust offering leader.
“You cannot replace a mainframe over night, but you can rapidly change how that environment is accessed to significantly reduce risk,” Rafla says. “It is also possible to reduce friction for end users by limiting disruption to their native experiences and enhancing IT operational efforts associated with the adoption of modernized controls.”
