Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network Segmentation

IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Shamus McGillicuddy
VP of Research, Network Management
shamus@emausa.com
Twitter: @ShamusEMA
Enterprise Zero Trust Networking Strategies:
Secure Remote Access and
Network Segmentation

Watch the On-Demand Webinar
Slide 2
 Enterprise Zero Trust Networking Strategies: Secure Remote
Access and Network Segmentation On-Demand webinar:
https://info.enterprisemanagement.com/zero-trust-networking-
strategies-webinar-ws
 Check out upcoming webinars from EMA here:
https://www.enterprisemanagement.com/freeResearch

Featured Speaker
Shamus McGillicuddy, VP of Research,
Network Management, EMA
Shamus is the vice president of research covering network
management at Enterprise Management Associates, where he
leads the network management practice. He has worked in the
IT industry since 2006 as an industry analyst and journalist.
Slide 3 © 2020 Enterprise Management Associates, Inc.

Sponsors

Agenda
1 Research Goals and Methodology
2
Perspectives on the
Zero Trust Organization
3 Zero Trust Policy
4 Remote Access Technology
5 Network Segmentation
6 Project Outcomes

Research Goals and Methodology

Research Goals and Methodology
Goals
Discover how network technology
supports Zero Trust
Establish technology requirements
Identify best practices
Reveal project challenges
Methodology
August 2020 online survey of 252
IT professionals directly engaged
with applying networking
solutions to Zero Trust models

Demography
IT group
• 43% Executive IT office
• 19% Security
architecture/engineering
• 14% Security operations
• 10% Network engineering
• 7% Data center operations
• 7% Network operations
Enterprise size (employees)
• 27% Midsized (250-999)
• 54% Large (1,000 to 9,999)
• 19% Very large (10,000+)
Geography
• 63% North America
• 37% Europe
Top industries
• 18% Professional services
• 16% Manufacturers
• 14% Software
• 13% Retail / Wholesale /
Distribution
• 13% Finance / Banking /
Insurance

Perspectives on the
Zero Trust Organization

42%
43%
7%
8%
Defined Zero Trust initiatives with
added budget allocation
Defined Zero Trust initiatives within
current budget
No defined initiative, but we do apply
some Zero Trust concepts
We are
researching/evaluating/planning the
application of Zero Trust concepts
Least
Successful
Formal Zero Trust Initiatives are the Norm
Sample Size = 252
Most
Successful

Formal Collaboration Between
Networking and Security is Universal
50%
45%
4%
2%
We created a Zero Trust
taskforce that includes
members of both teams
These teams have a Zero
Trust partnership with
formally established
processes and shared tools
These teams collaborate
on an ad hoc basis, with no
formal processes or shared
tools
These teams collaborate
very little or not at all
Sample Size = 252
Taskforces are a best practice
Key areas of NetSecOps collaboration
1. Coordinating access security
controls across different
systems
2. Assessing access security
control requirements
3. Defining user, role, application,
and data access requirements

Zero Trust Policy

Zero Trust Networks Require
Dynamic Policy Engines
After access authorization,
things change
Policy must be dynamic
User and device behavior
Threat intelligence
Device or network state
Adjust policy based on conditions
Challenge and reauthenticate
Revoke access

The State of Dynamic Zero Trust Policy
45% Native product feature in
Zero Trust network solution
34% Third-party automation tool
21% Combination of both
52% Broadly implemented
• 72% of successful initiatives
38% Partially implemented
8% Considering
2% No plans
Dynamic policy engine adoption
Applying dynamic policy to
Zero Trust networks

Policy for Unmanaged Devices
User ID is the core of
access policy
Unmanaged devices have no
associated users
• IoT
• Operational technology
Preferred policy strategy
• 36% Tailored based on function and
characteristics
• 28% Generic based on minimum level
of access
• 23% Untrusted, limited access
• 12% Untrusted, banned from network

Remote Access Technology

Secure Remote Access Requirements
27%
27%
33%
50%
50%
62%
Layer 3 corporate network access
Public cloud resources/application
access (IaaS)
Private cloud resources/application
access
Cloud application (SaaS) access
Sample Size = 252, Valid Cases = 252, Total Mentions = 626

Remote Access Platform Strategies
54% VPN
53% SASE
48% remote access protocols
48% SD-WAN
39% VDI
37% Software-defined perimeter
Remote access strategies
for hybrid networks
41% Single platform for all access
28% Dedicated platforms for
on-prem and external cloud
access, respectively
32% Combination of both
platforms
Solutions applied to Zero Trust remote
access within the next 18 months

Most Important Capabilities of
Zero Trust Remote Access Platforms
Performance and scalability
1
2
3
4
5
6
7
8
Access visibility and analytics
Hybrid IT support
User and endpoint compliance
Deployment flexibility
User experience
Breadth of interoperability
Granular policy management

Network Segmentation

Zero Trust Segmentation Strategies
68% Gateway appliances (firewalls)
52% Hypervisors (overlays)
47% Hosts (agents)
46% Layer 3 (routing zones, ACLs)
33% Layer 2 (VLANs, subnets)
Where is it applied?
69% Data center or private cloud
64% Public cloud
50% Corporate/Campus LANs
45% Branch offices
Segmentation enforcement points

Microsegmentation
53%
37%
11%
Yes, we have microsegmentation today
No, but we will have microsegmentation in the future
No
58%
34%
8%
Yes, this is critical Yes, this is helpful No
Do you consider any of your ZT segmentation
to be microsegmentation?
Do you require a microsegmentation solution that
spans public cloud and on-premises environments?

Managing Zero Trust Segmentation
34% High volume of change requests
31% Inconsistent capabilities
(cloud vs. data center)
29% Human error
26% Performance impacts
Criticality of the central management
and control capabilities
56% Design and implementation
55% Change control
54% Policy engine for allowing/disallowing traffic
49% Integration with Zero Trust
remote access platforms
Challenges

Pandemic Impacts

Pandemic Impacts on Zero Trust are Long-Term
60%
15%
25%
We have accelerated our Zero Trust strategy
We have slowed down our Zero Trust strategy
No effect
Percentage of workforce primarily using secure
remote access for network connections
31% pre-COVID
62% today
WFH population will remain elevated
42% much higher
27% slightly higher
Did the pandemic affect the timing of
your Zero Trust network plans?

Project Outcomes

50% of Zero Trust Networking Projects
are Successful
50%
44%
4%
1%
Successful
Somewhat successful
Neither successful nor
unsuccessful
Somewhat unsuccessful
Sample Size = 252
Barriers to success
1. Budget limitations (32%)
2. Project complexity (31%)
3. Skills gaps (31%)
4. Conflicts between network and
security teams (29%)
5. Fragmented Zero Trust
solutions (27%)

Your Zero Trust Mission
Formalize your Zero Trust
initiative, fight for a budget
Adopt segmentation strategy that
supports high volumes of change,
a path toward microsegmentation
Build a strong partnership
between networking and security
Establish a dynamic Zero Trust
policy solution
Focus secure remote access on
cloud and hybrid networking

Questions?
Get the report!
https://bit.ly/3kFNvrE

Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network Segmentation

More Related Content

What's hot

Similar to Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network Segmentation

More from Enterprise Management Associates

Recently uploaded

Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network Segmentation