The content of this report will be updated with the latest scenarios based on the global COVID-19 Pandemic
The Zero Trust Security Market market is expected to register a CAGR of 18% over the forecast period from 2020 to 2025. Cloud applications and the mobile workforce are redefining the security perimeter where employees are bringing their own devices and working remotely. Data is being accessed outside the corporate network and shared with external collaborators such as partners and vendors. Corporate applications and data are moving from on-premises to hybrid and cloud environments, and organizations need a new security model that more effectively adapts to the complexity of the modern context, embraces the mobile workforce and protects people, devices, applications, and data wherever they are located which the core of the zero-trust security.
- The increasing activities of cybercriminals who are becoming successful at penetrating and moving laterally within the security perimeter are expected to drive the implementation of zero-trust security because organizations which rely solely on on-premises firewalls and VPNs lack the visibility, solution integration and agility to deliver timely, end to end security coverage. As evidence, the rates of large-scale, multi-vector mega attacks are also growing, wreaking havoc on organizations and individuals worldwide. For instance, 1.76 billion records were leaked in January 2019 alone. Ransomware is expected to cost businesses and organizations USD 11.5 billion in 20193, and the global cost of online crime is expected to reach USD 6 trillion by 2021.
- A report suggests that 2019 has seen over a 50% increase in the number of breaches compared to the last four years. Ironically, these security breaches continue to rise even as companies invest record amounts of money and add more security tools to help prevent precisely that. An average large enterprise has over 100 security tools, while information security spending for 2019 is expected to exceed USD 125 billion. While traditional and outdated approaches to the security focus on bolting-on new security tools to secure the perimeter while trusting every resource inside, a new security model called Zero Trust does away with the concept of implicit trust.
- Zero Trust is driven by the precepts of never trusting anything inside nor outside the organization’s security perimeters. Instead, before access is granted, anything and everything that is attempting to connect to an organization’s systems must always be verified. With Zero Trust, the security team puts policies in place to validate every connection attempt and every device, and to intelligently limit access. In a Zero Trust model, every access request is strongly authenticated, authorized within policy constraints, and inspected for anomalies before granting access. Everything from the user’s identity to the application’s hosting environment is used to prevent a breach.
- A survey conducted by Check Point Technologies Ltd in August 2019 reveals that there is broad adoption of the Zero Trust approach by security professionals across multiple industries. More than half of respondents (52%) noted that the organization has begun or had completed an implementation of the Zero Trust approach, with 18% planning to start application during the coming year. The security environment is becoming more complex than ever, with it never being more challenging to protect data, assets, and networks. An organization can be supremely equipped to bolster its security posture and boost the protection of its most critical data-related assets by implementing Zero Trust Security.
- The dynamic nature of COVID-19 has resulted in rapidly evolving shifts to the remote workforce. Given the access provided through remote connectivity, the newly minted remote workforce, and the potential for limited security reviews, attackers are likely to take advantage of weaknesses to gain internal network access. The Zero Trust security is emerging in the recent years, which utilizes an identity provider to provide access to the applications and determines the authorization rights based on both the user and the device. Fundamental authorization rights include device and user identity checks to consider if the organization manages the device.
Key Market Trends
BFSI is Expected to Hold Significant Share
- The BFSI industry is frequently faced with sophisticated and persistent attacks, including malware, ransomware, social engineering and phishing attacks, fileless malware, rootkits, and injection attacks. Accenture estimates an average loss of USD 18 million per year at financial services institutions. Both zero-day attacks and ransomware are on the rise. Ransomware especially can negatively affect financial workflows, inflicting costly downtime, and further damaging business reputations. However, financial institutions are moving from zero trust security solutions to strengthen their security posture.
- In July 2019, a former Amazon employee was arrested and accused of carrying out a massive theft of 106 million Capital One records, one of the top ten banks of the United States. This included 140,000 Social Security numbers, one million Canadian Social Insurance numbers, and 80,000 bank account numbers, in addition to an undisclosed amount of information such as people’s names, addresses, credit scores, credit limits, balances. It is forecasted that as the threats attacking financial services institutions become more complex and iterative, zero trust security solutions must evolve to meet these threats and also take advantage of the increased data and insights at hand.
- Large organizations such as banks, deal with dispersed and widespread networks of data and applications accessed by employees, customers, and partners onsite or online, which makes protecting the perimeters more difficult. The Zero Trust Security takes a more nuanced approach of managing access to the identities, data, and devices within the proverbial castle. So, whether an insider acts maliciously or carelessly, or veiled attackers make it through the organization’s walls, automatic access to data is not a given.
- Open banking is being widely deployed, which is an initiative that allows third-party financial services companies to access users’ banking data through the use of APIs. Open banking increases risk by multiplying the interconnectivity between banks, providers, partners, vendors, and customers, and this interconnectivity introduces systemic risk. Banks need to approach security differently to ensure the protection of systems, data, and customers. Perimeter defenses are entirely insufficient to respond to this new type of systemic risk, and the risk is mitigated with the usage of a zero trust security model.
North America is Expected to Hold Major Share
- North America is a primary hub for all the major organizations across the world. The expansion of the various end-user industries and the increasing security perimeter are driving the demand for zero-trust security in the region. The risks of attacks that can impact the market vary from individuals and corporates to the governments. Thus, securing the data has become a priority in the region. Moreover, cyberattacks in the North American region, especially in the United States, are rising rapidly. They have reached an all-time high, primarily owing to the rapidly increasing number of connected devices in the region.
- Now more than ever, the U.S. government has focused on proactive cybersecurity measures. The country’s proposed budget for the fiscal year 2020, the federal cybersecurity budget would increase to USD 17.4 billion, up from USD 16.6 billion in 2019. Within cybersecurity spending, one of the areas the federal government is eyeing is the concept of zero trust security due in part to recent reports from the Defense Innovation Board and the American Council for Technology-Industry Advisory Council. Federal I.T. environments are complicated, and as the government takes a closer look, they will see in many cases they’re already notionally on a path to Zero Trust Security.
- Moreover, according to a survey by FedScoop, nearly half of U.S. federal government agencies, including the Agriculture Department and the Marine Corps, are adopting zero trust security. While the adoption is increasing, consistent implementation and monitoring are critical for zero trust security to succeed, which will lead to an increase in the approval of the solutions. Many municipalities in the United States have recorded ransomware attacks, which have cost these companies a substantial recovery. For instance, Baltimore spent over USD 18.2 million in regaining its access to its connected systems. Also, 23 towns in Texas and two towns in Florida faced system lockdown due to ransomware, which provides a need to use zero trust security solutions.
- The autonomous breach protection provider, Cynet, in its recently published State of Breach Protection 2020 Report, has mentioned that over 25% of security alerts are left unattended daily in the United States. The company has surveyed over 1,500 cybersecurity professionals for the same, and around 77% of the responding organizations stated that 20%-60% of the security alerts are left unattended due to their systems’ capacity limits. Zero trust security could be implemented in such cases establishing new perimeters around sensitive and critical data. These perimeters include traditional prevention technology such as network firewalls and network access controls, as well as authentication, logging, and controls at the identity, application, and data layers.
The zero trust security market primarily comprises multiple domestic and international players, in quite a fragmented and highly competitive environment. The market poses high barriers to entry for new players as they are already various established players in the market. Technological advancements in the market are also bringing sustainable competitive advantage to the companies, and the market is also witnessing multiple partnerships and mergers.
- April 2020 - Google made available BeyondCorp Remote Access, marking its first commercial product based on the zero-trust approach to network security that Google pioneered and has used internally for almost a decade. The cloud-based service lets employees access internal web apps from most devices, and any location, without a traditional remote-access virtual private network (VPN).
- February 2020 - BlackBerry Limited launched the BlackBerry Spark platform with the addition of a unified endpoint security layer, which can simultaneously work with the company’s centralized endpoint management to deliver zero trust security. BlackBerry Spark platform leverages AI, machine learning, and automation to offer improved cyber threat prevention and remediation and provides visibility across desktop, mobile, server, and IoT endpoints.
Reasons to Purchase this report:
- The market estimate (ME) sheet in Excel format
- 3 months of analyst support