As we reflect on the first half of 2024, it seems to me that two defining features so far have been a litany of significant cyber attacks on companies across every sector, and widespread adoption of AI tools as businesses seek to innovate. At the heart of this storm of cyber threats is the CISO, looking to guide their business safely through potential dangers.
Last month, Netskope undertook research examining how CISOs view their role and asking how they’re approaching these challenges.
Why CISOs like zero trust
As businesses are increasingly digitised, our research showed that modern CISOs want to become enablers and facilitators rather than just protectors; they want to give their businesses the agility to adapt and innovate while remaining secure.
Attitudes among CISOs toward zero trust principles are already very supportive. A majority agree that zero trust enables companies to move faster (59%), encourage innovation (58%), increase flexibility (58%), and improve decision-making (55%). Similarly, 55% of CISOs believe a zero trust approach enables them to balance conflicting priorities better.
Looking ahead, CISOs go so far as to point to the adoption of a zero trust approach as the single most significant factor in companies becoming more open and flexible over the next two years.
Explaining the paradox at the heart of zero trust
CISOs know well that no single security model is a silver bullet on its own, and zero trust is no different. But it’s clear that CISO expectations of zero trust are consistently positive—and this is spreading to their fellow C-suites who have high hopes for zero trust’s potential impact.
Alas, the zero trust philosophy does not appear to be well understood by the wider business leadership—despite their familiarity with the term. While 58% of CISOs report that their executive team is asking them to pursue a zero trust approach, almost as many (51%) state that their executive team or board doesn’t actually understand what this means. Zero trust is simple to visualise but is more nuanced in execution. Concepts of zero trust (and zero friction) are important only in terms of what they provide—risk mitigation and business enablement.
While a zero trust approach sounds rigid in theory, paradoxically, in practice it helps companies achieve greater agility—perhaps explaining its widespread appeal. Zero trust principles introduce more controls and reduce access to the corporate network and applications. Counterintuitively, rather than adding friction and slowing the enterprise, the principles actually increase flexibility and speed. Building policies around an extensive range of contextual signals offers granular control, which strikes the right balance between staying secure and getting work done and improves confidence in decision-making—key priorities for business leaders in today’s fast-moving world.
In other words, the paradox of zero trust is that the ultimate closed environment creates the most open, agile, and innovative business.
Implementing zero trust
Excitement for the zero trust model can sometimes get ahead of what most security professionals and their companies are doing in practice. Our research found that fewer than half of respondents globally (44%) operate with zero trust principles today—although a further 38% say they plan to adopt zero trust soon. A zero trust strategy requires tools that supply signals and context to achieve the granular visibility and control necessary for creating policies that provide the ri