Quocirca’s Zero Trust Security Trends 2022 study found that zero trust security strategies are rapidly gaining momentum among medium- and large-sized businesses
Just over three-quarters of the senior security professionals polled in the UK and US said they had suffered an external attack such as malware or ransomware in the past year. 48 per cent of respondents among the 202 organisations surveyed also said they had experienced insider threats from careless users. In addition, 43 per cent had suffered vulnerabilities through compromised user credentials, and 42 per cent reported supply chain attacks.
This high level of threats is shaping the way organisations view the future and where they are focusing security investment.
Key findings from the research include:
- 90 per cent of the firms polled expect to experience more security incidents in the coming year, 40 per cent expect a significant increase.
- Almost half (49 per cent) say a zero trust strategy is critically important to their business; 42 per cent say it is very important.
- Only 16 per cent of organisations perceive their print infrastructure as presenting a significant threat.
- Securing the print infrastructure is the least common motivation for zero trust implementation and only 50 per cent have already included print in their zero trust strategy.
- 55 per cent of organisations manage print security in-house; 18 per cent rely on a managed print service provider, and 14 per cent use a managed IT serviceprovider that also takes responsibility for print security.
Zero trust maturity and motivations
The research found distinct variations in the maturity of zero trust strategies. Overall, 42 per cent of respondents said they had adopted a zero trust strategy. (This rose to 47 per cent in the US and dropped to 36 per cent in the UK).
Business and professional services organisations were most likely to have a zero trust strategy in place (56 per cent), while public sector organisations were least likely to have implemented one (28 per cent).
The most common reason for adopting a zero trust model is to protect sensitive data (38 per cent), followed by keeping cloud deployments secure (29 per cent). Smaller organisations (500– 999 employees) are more likely to seek IT visibility from their zero trust strategy (31 per cent), compared to just 17 per cent of larger organisations. Securing office and home print infrastructure was the lowest priority, with just 10 per cent saying it was a top reason for adopting zero trust.
Quocirca’s Research Director, Louella Fernandes, said: “Zero trust momentum may be growing, but businesses have a blind spot around print devices in security infrastructure. As sophisticated endpoints on the network that process sensitive data of all kinds, they should be treated in a similar way to all endpoints, with robust access control, management and intrusion detection to ensure they are not compromised.
“For those in the print value chain, educating users on how the information- sensitive print environment can be a severe security issue if left unprotected should open a market for the inclusion of print protection services within an overall zero trust model. For MSPs, it makes sense to find partners in the print value chain with skills and solutions that can be leveraged to quickly and effectively provide print-inclusive zero trust services.”
Outsourcing vs in-house
The research also revealed that larger organisations are less likely than smaller ones to turn to managed IT service providers to handle security. While 37 per cent of companies with 500–999 employees use an MSP (and 47 percent take care of security in-house), of organisations with more than 1,000 employees, only 17 per cent fully outsource security to an MSP, with 23 per cent using a hybrid approach and 52 per cent handling security internally.
The type of approach taken also correlates with expectations around future security incidents. A higher proportion (46 per cent) of those that manage IT internally expect incident rates to rise significantly, compared with 32 per cent that use an MSP and 38 per cent that have a hybrid model.
When it comes to viewing print security management as part of the whole security management stack, there is a general preference for a single supplier
to manage both the print and overall IT environments, with more than half (56 per cent) claiming this would be their preferred route.
“In the fast-changing security environment, all participants in the value chain must educate themselves around the risks posed by complex endpoint devices such as printers and multifunction devices,” Louella said, adding: “Understanding where print sits in the security landscape and where weaknesses can be addressed by tools such as pull-printing, automatic job deletion, and routing, helps organisations improve their security posture and develop policies that protect data.”