Today we are excited to announce the findings of a new report from Forrester Consulting that weighs the benefits and challenges of adopting a Zero Trust approach to endpoint security. As companies adapt to an increasingly remote workforce, security leaders are struggling with an explosion of devices requiring sensitive corporate data access outside of the traditional security perimeter. Meanwhile, attackers are exploiting gaps in protection measures exposed by this expanding attack surface to move laterally through corporate networks and compromise assets containing sensitive data.
To address these challenges, Zero Trust principles – such as eliminating the default assumptions of trust between endpoint hardware, apps, data, and network resources – have gained popularity among security leaders to reduce attack surface and speed up incident response when evicting attackers from their networks. To uncover the current state of endpoint security, Zero Trust adoption and recommendations, HP commissioned Forrester to conduct an online survey of 607 director-level and above IT security professionals with responsibility over network and hardware security.
The study found a strong case for Zero Trust to combat lateral movement of malicious actors and subsequent breaches of company or employee data. In the past year, more than one-third (34%) of respondents experienced a compromise of company data involving lateral movement, a homeworker device, or an overall increase in security incidents. A Zero Trust approach was identified as not only helping to prevent and detect compromises, but having business and employee experience benefits as well. Nearly a third of respondents indicated that without adopting a Zero Trust strategy, they would have a poor security culture in the workplace. Not only does adopting Zero Trust reduce overall risk, but it also increases employee productivity.
Companies are aware that it is critical to secure their data, devices, and networks wherever work gets done. Despite the recognition of the importance of protecting endpoints, only 66% of respondents said they are securing employee-owned devices, while only 64% are securing Internet of Things (IoT) devices like IoT printers. Reactive incident detection and response remains a high priority, with 79% of respondents indicating that threat detection is a critical or high priority. However, the study also found that more companies are taking a proactive approach to endpoint security by using threat prevention technologies and securing data on mobile devices.
Forrester’s report identified five key actions for IT decision makers to optimize their endpoint security strategies:
- Take a prevention-first approach to endpoint security by adopting threat prevention tools focused on reducing attack surface – not just detection.
- Identify and segment sensitive data and apps across all employee endpoints.
- Threat analysis should correlate event data gathered from multiple endpoint layers.
- Focus on delivering a strong employee experience through Zero Trust adoption.
- Build a strategic endpoint security roadmap looking out three to five years.
Read the Full Study and Recommendations
Download: Forrester Study – Balance Endpoint Protection And Productivity Through Zero Trust