What the zero-trust security market looks like beyond 2022
Gartner predicts that global end-user spending in the information security and risk management market will grow from $172.5 billion in 2022 to $267.3 billion in 2026, a growth rate 12.2% unchanged.
Additionally, end-user spending on Thrustless Network Access (ZTNA) systems and solutions worldwide is expected to grow from $819.1 million in 2022 to $2.01 billion in 2026, reaching a compound annual growth rate of 19.6%. On top of that, global spending on zero-trust software and security solutions is projected to grow from $27.4 billion in 2022 to $60.7 billion in 2027, achieving a CAGR of 17.3 %.
This is an area that continues to grow with no signs of slowing down. A recent report from ERM shows that the trustless security market is growing at a CAGR of 17.3%, from $22.9 billion in 2021 to $59.8 billion in 2027.
Zero trust is gaining market momentum
Companies and the CISOs that run them are dispelling the myth that trustless security frameworks are expensive and difficult to implement by putting them in place. Zero-Trust frameworks are rapidly becoming the cornerstone of hybrid cloud security, as CrowdStrike’s recent CNAPP announcement at their Fal. Con 2022 event is an example.
Eircom’s Zero-Trust Market Dynamics survey found that 80% of organizations plan to implement zero-Trust security and 83% agree that zero-trust is strategically necessary to continue their business. Additionally, 96% of security decision-makers say that distrust is a key factor in their organization’s success.
Key factors driving the market include President Biden’s executive order from May of this year, which mandated zero-trust architectures for all governmental entities and accelerated adoption across all organizations.
Last year, they started issuing funding to help the federal agencies execute (on order), then you saw the DoD coming out with prescribed standards even for suppliers and vendors. And so, for the public sector, that code is almost codified to support zero trust, Agencies tell us, ‘I have a budget here that here are the technical requirements for zero-trust compliance.” Kapil Raina, VP of zero trust, identity, and data security marketing at CrowdStrike.
Another set of factors driving the market growth is the need for organizations across all industries to have better security for their regular and remote workforces. As a result, Gartner saw a 60% year-over-year growth rate in ZTNA adoption. The 2022 Market Guide to Zero-Trust Network Access is notable for providing information on all CISOs need to know about Zero-Trust Security.
What follows is a curated list of the most recent cybersecurity forecasts and market estimates.
Start with multifactor authentication, network analytics, and workload governance
CISOs need to win the trustless project to keep their budgets and convince stakeholders to invest more. Micro-segmentation is often addressed later in a trustless route, due to how difficult it is to do it right. However, getting it right is the foundation of a successful zero trust framework. Privileged access at least in conjunction with Identity and Access Management (IAM) and Privileged Access Management (PAM) helps organizations prevent abuse of privileged credentials and identities.
Zero trust can reduce average breach losses by nearly $1M
Businesses without the trust implemented saw a $950,000 reduction in the average cost of a breach compared to those without. The average cost of a data breach for a company without a zero-trust framework is $5.1 million, compared with $4.15 million for companies that do. The 20.5% reduction in breach costs accelerates as a company gains more experience and matures with its no-trust initiatives.
The more mature the zero-trust framework becomes, the more it reduces the average cost of a breach by ensuring that potentially more damaging threat vectors are exploited by malicious actors. For example, companies that are early adopters of zero trust will see an average data breach cost of $4.96 million, which drops to $3.45 million when zero trust is enforced across all domains.
73% of organizations have plans to adopt cloud-based ZTNA over the next 18 months
Of these, 19% intend to standardize only software-as-a-service (SaaS)-based trustless access capabilities. Ivanti’s Untrusted Progress Report also reveals that 64% of CISOs and security managers consider verifying the identities of users, devices, and infrastructure components their most valuable benefit. of untrusted infrastructure deployments.
Data protection (63%) and continuous authentication/authorization (61%) are the second and third most valuable benefits.
Strong authentication, automated risk detection, remediation, and adaptive access are the zero-trust components organizations choose to implement first
Protecting identities and endpoints while improving automation and orchestration also dominates enterprise trustless routes. It should be noted that no single security risk domain stands out as a primary starting point for zero-trust policies, as less than 15% start with the same security risk domain.
Microsoft Security’s Zero Trust Adoption Report identifies the differences in identities, endpoints, apps, networks, infrastructure, data, automation, and orchestration implementation levels.
Integrating IAM, cloud access security brokers (CASB), and security information and event management (SIEM) is key
Seventy-seven percent of security managers have implemented integration with their endpoint protection and management (EMM) platform, followed by CASB integration (69%). Planned integration with SOAR and SIEM dominates the roadmap, with more than 40% of security leaders saying these technologies are the ones they most intend to integrate into their technology systems.
68% of organizations plan to increase their investments in zero trust
Security decision-makers believe excelling at zero trust can provide increased organizational agility (52%), safer cloud migrations (50%), and better support for their digital transformation strategies (48%).
Despite security leaders saying they are facing a challenging time obtaining funding, 67% of security leaders surveyed say their organizations will expand their zero-trust budgets in 2022, allocating a third (36%) to zero-trust initiatives.
77% of enterprises either have ZTNA frameworks in production or are implementing them today
Revamping security tech stacks to reduce as much implicit trust as possible between devices, identities and endpoints lead to more integration with password-less authentication and SASE systems. Enforcing the least privileged access is a core design goal of ZTNA frameworks, which is why having API-based integrations to various IT network technologies is essential. In addition, emerging IT security technologies’ platforms must be designed for secure API integration if they scale as a business grows.
Zero trust is defining CISOs’ futures
Zero trust needs to be treated as a business decision, with CISOs taking the lead in defining the value their teams deliver
I think the CISO will be a coveted role in the boardroom. You have a CFO and those folks, but I’m seeing more and more CISOs joining boards. And I think this is a great opportunity for everyone here to understand what impact they can have on a company.” George Kurtz, co-founder, and CEO of CrowdStrike.
Kurtz believes the future of the CISO role is one of delivering business value by reducing risk and threats. That’s core to getting zero-trust frameworks right while consolidating tech stacks and improving endpoint visibility and control.
As Gartner’s 2022 Market Guide for Zero Trust Network Access illustrates, the most successful implementations begin with a strategy supported by a roadmap.
This guide is outstanding in its insights into the areas that CISOs need to focus on to excel with their ZTNA strategies. Identity is the new security perimeter, and the Gartner guide provides the required guidance to meet this challenge.