The vast majority of organizations are still in the early stages of their zero trust journey, but more than two-thirds of them will increase their investment in related technology deployments this year, a recent Forrester study found.

The analyst firm surveyed 362 security strategy executives at large companies in North America, Europe, the Middle East, Africa, and the Asia-Pacific regions for the study, commissioned by Illumio, which provides microsegmentation and other zero-trust enabling technologies.

Over 60% of respondents reported they were struggling to deal with the rapid pace of cloud transformation and migration, and nearly 70% said their organizations were fighting to maximize the productivity of a remote workforce without exposing them to new security risks.

It also found that increasing numbers of companies now turn to zero trust and microsegmentation strategies for help. More than 75% of surveyed leaders cited the importance of a zero-trust strategy to fight mounting cyber threats. 

Forrester defines zero trust as an information security model that helps organizations to move beyond perimeter-based defense and curtail trust by constantly verifying that access is authenticated, authorized, and secure.  

“Zero trust is not a vendor and honestly, it’s not even a single security control, it's a strategy, it's an architecture, and it's a framework,” Illumio CEO and cofounder Andrew Rubin said in a recent zero-trust panel. “The words we hear from customers most often right now are ransomware and cyber resilience, zero trust comes into play when you start asking if I do assume breach, how do I avoid the breach becoming a catastrophe?”

However, zero-trust adoption remains uneven, the study found. Only 36% of organizations have begun the journey, and 6% have fully deployed their zero-trust strategy. 

Those surveyed listed increased organizational agility, safer cloud migrations, and support of digital transformation as benefits, and 73% of them consider micro-segmentation and zero-trust network architecture to be “critical technical foundations” for their zero-trust strategy.

“Microsegmentation isn’t an all-or-nothing strategy,” Illumio CTO and cofounder PJ Kirner said. “The path to a zero-trust posture can be broken into bite-sized phases.”

Organizations can start the journey by gaining risk visibility created by open lateral pathways across the infrastructure and to the internet. And then, assume breach and secure the data by creating security controls that close these risky pathways, he added. 

The survey results are in line with security professionals' expectations that the private sector will follow federal government agencies in embracing a zero-trust approach.

According to Forrester, 68% of organizations plan to increase their zero-trust investment this year, despite reporting difficulties in obtaining funding. 36% of their total spending will be allocated to micro-segmentation projects.

“​​As we watch threats evolve and breaches become more devastating, the need to implement zero-trust strategies has never been more urgent,” Kirner said.