Xage-Takepoint Research report reveals growing adoption of zero trust security in industrial enterprises

​​Zero trust access and protection vendor Xage Security, in collaboration with Takepoint Research, unveiled new research this week highlighting the ongoing expansion of zero trust security to safeguard both IT and OT (operational technology) environments. The Xage-Takepoint Research data found that new regulations and an evolving threat landscape have made cybersecurity a top priority for industrial enterprises across the globe. Many are exploring implementing a zero-trust architecture as a strategy to meet these new objectives.

The Xage-Takepoint Research report surveyed executives in critical infrastructure and manufacturing sectors from December 2023 to February 2024. It involved 269 respondents from industrial sectors worldwide, with a predominant focus on North America and Europe, to analyze the current status and trajectory of zero trust security implementation. Overall, the results are clear that zero trust is gaining traction and is actively being integrated into security programs. However, the speed of adoption and core objectives vary across industries and business functions.

In its ‘State of Zero Trust in the Industrial Enterprise’ report, the findings identified that the growing and evolving threat landscape has elevated cybersecurity to a top priority for infrastructure operators across the globe. New cybersecurity challenges are coming to the forefront for IT and OT systems, requiring more stringent security standards. The report found that it is evident zero trust is gradually gaining traction and attention within the industrial sectors and is actively being integrated into security programs.

It also analyzed the current status and trajectory of zero trust security implementation within industrial organizations, focusing on critical infrastructure and manufacturing sectors. 

The 27-page Xage-Takepoint Research report identified that the adoption of zero trust should prioritize reducing organizational risk rather than solely introducing new tools or paradigms. While zero trust offers benefits such as improved security and streamlined remote access to OT environments, implementing zero trust security in industrial settings poses distinct challenges.

“Unlike IT departments that might swiftly deploy solutions and expect compliance, the industrial sector is inherently more intricate,” the Xage-Takepoint Research report detailed. “It involves a wide array of stakeholders—from engineering and operations to Chief Risk Officers, executives, board members, and control room staff, and an army of third-party contractors and experts—each with their distinct perspectives and objectives. This complexity underscores the need for a tailored approach to Zero Trust, one that recognizes and addresses the diverse needs and concerns within these organizations.”

Zero Trust is not a one-size-fits-all solution or magic bullet. Organizations are evolving their understanding of zero trust as a strategy to enhance the safety, security, and reliability of both their enterprise and OT environments.

“While zero trust is not a one-size-fits-all model, the data shows that organizations are evolving their understanding of zero trust as a strategy to enhance the safety, security, and reliability of both their enterprise IT and OT environments,” Jonathon Gordon, industry analyst at Takepoint Research, said in a media statement. “The industrial world is taking action and recognizes the necessity to expedite zero trust adoption to keep our nation’s—and world’s—critical infrastructure safe from cyberattacks.”

“Amidst market confusion surrounding various zero trust strategies, it is evident that organizations are now diligently navigating through them and honing their approaches,” said Sri Sundaralingam, senior vice president of marketing at Xage. “The survey results underscore the increasing adoption of zero trust across industrial sectors, aimed at mitigating crucial business risks while propelling digital transformation alongside new business initiatives.”

The Xage-Takepoint Research report revealed that most organizations have adopted zero trust principles, as 72 percent have started adopting zero trust principles, with 38 percent of organizations establishing, implementing, and optimizing zero trust control measures. 

Data also disclosed that 31 percent are currently in the process of crafting a strategy for zero trust deployment while integrating the zero trust approach with legacy systems stands out as the primary challenge in zero trust implementation, cited by 51 percent of respondents as their top concern. The second biggest challenge is managing distributed and decentralized systems (19 percent), followed by budgetary constraints in third place.

Organizations, varying in cybersecurity maturity, must navigate the zero trust adoption process by evaluating their risk tolerance and the potential benefits, ensuring that security enhancements do not compromise user experience or productivity. 

Zero trust implementation will co-exist and integrate into existing frameworks, revising policies to reflect zero trust principles, and establishing clear technical controls for access and authentication. Zero trust’s integration offers a path to improved security that aligns with operational needs, marking a strategic step forward in balancing protection with efficiency in industrial settings.

Data identified that as data transitions from the OT environment to IT, the cloud, or third parties, 78 percent expressed concern or significant concern about data sharing. Ensuring data security and protection against unauthorized access and tampering emerges as the foremost worry for 55 percent of respondents.

An intriguing discovery in the report reveals the top three concerns for individuals safeguarding OT environments. These include IT/OT integration and its implications (77 percent), ransomware threats (76 percent), and the security of remote access (55 percent). Interestingly, OT job titles prioritize IT/OT integration as the primary concern at 82 percent, while cyber/IT titles express overwhelming concern about ransomware-type attacks, with over 90 percent highlighting this as a major issue.

It also identified that remote access is vital for industrial operations and a major reason for adopting zero trust. The need for third-party access (74 percent) leads as the top driver for remote access, with the quest for improved efficiency and productivity (71 percent) closely behind.

The Xage-Takepoint Research survey revealed that industries are embracing transformation at varying speeds with manufacturing leading the charge, with 90 percent agreeing that integrating IT/OT and digital transformation is a pathway to progress. However, the oil and gas sector is lagging at 35 percent in agreement. 

Data further identified that the industrial CISOs perceive the greatest challenge as the risk of an attack (86 percent), followed by the hurdles of IT/OT integration (78 percent). “In contrast, cybersecurity practitioners, ranging from security administrators to directors, rate the risk of an attack even higher (95%), with IT/OT integration concerns dropping to 72%. The perspective from the OT domain is quite distinct; the most significant issue identified is IT/OT integration (82%), with remote access issues following at 67%. These differences underscore the unique challenges and priorities faced by each role within the realm of OT security.”

The answers to these questions vary depending on who you ask –their role and ‘world view.’ The existence of a multitude of stakeholders makes the landscape of industrial cybersecurity much more complex and challenging. Therefore, any endeavor to implement Zero Trust for OT must consider these varied perspectives from the outset. This diversity of viewpoints highlights the importance of a comprehensive approach that accounts for the unique challenges and priorities of all involved parties from day one.

Survey participants have implemented various remote access solutions, but they express notable concerns about these solutions. Specifically, 68 percent of respondents find their current solution complex in terms of usability and management. Moreover, 64 percent note a lack of features necessary for compliance with new regulations, while 61 percent highlight scalability issues with their current solutions as significant concerns.

When requested to evaluate the security oversight for their remote third-party suppliers and partners, only 35 percent of respondents felt confident about it, whereas 54 percent expressed low to moderate confidence.

The Xage-Takepoint Research survey revealed that 34 percent of respondents reported an increase in the zero trust budget over the past year.

In conclusion, the Xage-Takepoint Research survey identified that early implementations of zero trust security in the industrial sector have shown promise, highlighting the importance of focusing initial efforts on high-impact areas like secure remote access. The approach, starting at the network perimeter, enables a strategic, phased adoption of zero-trust principles, offering a pathway to mitigate significant risks while delivering substantial value. It sets the stage for a gradual, feedback-informed expansion of zero trust across cloud and on-premises environments, ensuring comprehensive security.

“Secure remote access stands out as a critical entry point for zero trust, addressing a major vulnerability and unlocking considerable benefits,” the Xage-Takepoint Research survey determined. “This strategy facilitates a smoother integration of zero trust, accommodating a broad range of resources and fostering interoperability across OT, IT, and cloud domains. It underscores the necessity of a unified security posture that spans various environments, catering to the needs of both in-house teams and external partners.”

However, challenges such as educational gaps and (valid) resistance to change persist, necessitating ongoing education and dialogue to bridge understanding and foster acceptance. The move towards hybrid operational models, with assets and personnel distributed across multiple settings, amplifies the need for robust, flexible cybersecurity measures that prioritize productivity and reliability while maintaining a consistent user experience.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.