2020 was the ultimate test for resilient organizations. Those reacting fast enough came out ahead and now with geopolitical, climate, and other disruptions looming, enterprise CIOs are being tested at a breakneck pace. Simultaneously, complexity along development environments is on the rise, with developers expected to push code faster, and most lines of business are heavily invested in cloud-based applications. These and other factors are driving IT leaders to implement Zero-Trust frameworks and other tools, talent, and strategies that embed cybersecurity across the entire technology estate to protect the future.
To better understand the impact of Zero-Trust on security and development, we partnered with Forrester Consulting to poll 1,475 dev, ops, and security leaders in roles with direct responsibility for strategy and decision-making. Here’s an overview of our discoveries.
The State of Zero-Trust adoption
In 2010, the foundational never trust, always verify Zero-Trust mindset was introduced to thwart organized crime groups and nation-states from leveraging insiders and spies to commandeer sensitive company-owned data1. The concept grew steadily until 2020 when adoption began to soar. Case in point, VMware alliance partner, Okta—reports an enormous (81%) leap in Zero-Trust adoption over the past three years,2 and confirming this growth, our survey shows 85% of organizations hovering between planning and expanding Zero-Trust strategies.
Factors driving the uptake include permanent shifts to highly distributed workforces and alignment with the “better safe than sorry” approach as complexity along app delivery elevates the need for next-gen security postures. As such, Zero-Trust has become a must-have across industries, and particularly critical for organizations with highly sensitive user data such as healthcare and financial entities. In fact, one might surmise that at this current juncture, Zero-Trust has become a competitive differentiator.
DevSecOps: Rise Above the Fray
A Zero-Trust framework ensures that anyone requiring access to company owned digital resources, including internal and external users, be authenticated and continuously validated. Over time, many organizations adopting Zero-Trust also implemented DevOps as a mechanism to safeguard access for people, not machines. As AI/ML tools advance, bad actors take advantage of automation which warrants an added layer of security. Thus, DevSecOps has become the next-level sophistication required to thwart AI-assist crimes. However, despite collaboration and transparency benefits of cross-functional teams, adding security to DevOps can be difficult to implement unless developer’s view that “security is a roadblock” is adequately addressed.
Closing Gaps Between Cross-Functional Teams
In a recent article, Karen Worsten, VMware Sr. Cybersecurity Strategists made a research-based case[MM2] for tackling the undeniable divide between developers, ops, and security—citing huge payoffs that include pushing code faster without increasing the attack surface. Both of which are critical for organizations to meet the innovation, availability, and security demands of internal and external app users. A fascinating read, it further underscores need for cross-functional teams to create holistic, collaborative views across security and development strategies that have traditionally been at odds.
Download the full report to discover key recommendations from Forrester Consulting, in partnership with VMware, that help address Zero-Trust implementation and execution challenges including education, expectations, and communications for dev, ops, and security teams.
- Forrester. “No More Chewy Centers: Introducing The Zero Trust Model of Information Security” September 2010
- Okta. “5 Important Insights From Our 2022 State of Zero Trust Report” August 16, 2022.
- Forrester Consulting. “Security At The Forefront: A Spotlight On Zero Trust” September 2021