How mature are ZTNA implementations? A Twingate Benchmark Survey

Daniel Dong

May 16, 2023

Twingate recently conducted a survey on the state of Zero Trust Network Access. Complete the survey to see how you compare to industry benchmarks.

Finding Highlights

  • Most organizations are still in the “build phase” of Zero Trust Network Access

  • Most organizations are able to segment traffic on a resource rather than a network level (60%+). 

  • There are still significant gaps in implementing least-privilege access, reducing public attack surface, upgrading authentication protocols to FIDO2/WebAuthn, and managing all Zero Trust pillars under “one single pane of glass.” 

The State of Zero Trust

Lots of organizations want to move to a Zero Trust model, but getting started can be daunting. That’s why we’re excited to share Twingate’s new ZTNA Benchmark Report.

Between marketing buzzwords and vague promises of better security, the ZTNA marketplace often has a distinct lack of clarity from vendors. This confusion isn’t just a nuisance, it can lead to security gaps and misconfigurations that leave companies vulnerable to cyberattacks

To combat this, we surveyed organizations across industries, geographies, and sizes, to get a pulse on the state of Zero Trust adoption. You can now compare your organization's ZTNA practices against benchmarks and best practices to pinpoint areas for improvement and identify key focus areas for your own ZTNA infrastructure roadmap.

You can get your own custom report benchmarking yourself against your peers by completing this survey

Twingate ZTNA Benchmark Survey Findings

Twingate's benchmark survey provides valuable insights into the state of ZTNA adoption among organizations of varying sizes and industries. Most organizations surveyed are still in the build phase of perfecting their ZTNA infrastructure. Commonly cited challenges are around difficulty of configurations and organizational alignment across teams.

Some of the key trends and insights from the Twingate survey are:

1. Admins are getting mature with segmentation and traffic filtering: Our research identified a growing trend towards segmenting traffic at the resource level instead of the network level, with 63% of respondents reporting they have migrated to this paradigm. However, 70% still have some resources exposed to the public internet, increasing their attack surface without proper visibility and alerting. DNS manipulation and information leaks are also significant vulnerabilities, with 77% of organizations remaining unprotected in those areas. To address these challenges, businesses should prioritize implementing resource-level segmentation and DNS filtering solutions to minimize their attack surface and protect against data leakage.

2. There’s still a gap to upgrading Identity Authentication Protocols: Organizations are increasingly shifting from legacy MFA/2FA to more secure identity protocols such as FIDO/Web2Authn, with 27% of respondents already migrated to these newer protocols. This trend is especially prevalent in regulated industries like banking and finance, where data security is paramount. Businesses should assess the effectiveness of their current authentication mechanisms and consider migrating to more robust solutions like FIDO/Web2Authn to enhance their overall security posture and protect against man-in-the-middle attacks. These modern authentication protocols not only provide enhanced security but also offer a better user experience, helping to drive adoption and compliance among employees.

3. Organizations are migrating, however slowly, from role-based access to least-privilege access: The survey shows that only 33% of organizations have implemented least-privilege access or least privilege and ephemeral access controls. The majority still grant access at the department or role level (23% and 43% adoption, respectively), leaving them vulnerable to privilege escalation and lateral movement attack vectors. To mitigate these risks, organizations should transition to a least-privilege access model, wherein users are granted access only to the resources necessary for their job functions. Implementing a granular access control system not only reduces the risk of unauthorized access but also aids in regulatory compliance by ensuring that sensitive data is accessed only by authorized personnel.

4. Needs are emerging for a centralized management of ZTNA pillars: While 71% of Twingate customers report having the ability to view and manage identity, device, and security posture in a single panel, 29% do not have a centralized panel. This fragmentation can lead to difficulties in monitoring and enforcing ZTNA policies across the organization. To streamline ZTNA management, businesses should invest in solutions that offer a centralized, "single pane of glass" view of their ZTNA infrastructure, allowing IT teams to efficiently monitor, manage, and respond to potential security threats.


Conclusion

Organizations should focus on segmenting and filtering traffic at the resource level, upgrading their identity authentication protocols, adopting least-privilege access models, and centralizing the management of their ZTNA infrastructure. By benchmarking their ZTNA practices against the insights from the Twingate survey, organizations can identify gaps and create a roadmap to achieve a comprehensive, robust ZTNA infrastructure.



Note: Given the ongoing nature of the survey, the data may evolve over time as more respondents submit survey data. This study draws a statistically significant sample from select practitioners in IT, Security, and DevOps working in technology businesses

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

How mature are ZTNA implementations? A Twingate Benchmark Survey

Daniel Dong

May 16, 2023

Twingate recently conducted a survey on the state of Zero Trust Network Access. Complete the survey to see how you compare to industry benchmarks.

Finding Highlights

  • Most organizations are still in the “build phase” of Zero Trust Network Access

  • Most organizations are able to segment traffic on a resource rather than a network level (60%+). 

  • There are still significant gaps in implementing least-privilege access, reducing public attack surface, upgrading authentication protocols to FIDO2/WebAuthn, and managing all Zero Trust pillars under “one single pane of glass.” 

The State of Zero Trust

Lots of organizations want to move to a Zero Trust model, but getting started can be daunting. That’s why we’re excited to share Twingate’s new ZTNA Benchmark Report.

Between marketing buzzwords and vague promises of better security, the ZTNA marketplace often has a distinct lack of clarity from vendors. This confusion isn’t just a nuisance, it can lead to security gaps and misconfigurations that leave companies vulnerable to cyberattacks

To combat this, we surveyed organizations across industries, geographies, and sizes, to get a pulse on the state of Zero Trust adoption. You can now compare your organization's ZTNA practices against benchmarks and best practices to pinpoint areas for improvement and identify key focus areas for your own ZTNA infrastructure roadmap.

You can get your own custom report benchmarking yourself against your peers by completing this survey

Twingate ZTNA Benchmark Survey Findings

Twingate's benchmark survey provides valuable insights into the state of ZTNA adoption among organizations of varying sizes and industries. Most organizations surveyed are still in the build phase of perfecting their ZTNA infrastructure. Commonly cited challenges are around difficulty of configurations and organizational alignment across teams.

Some of the key trends and insights from the Twingate survey are:

1. Admins are getting mature with segmentation and traffic filtering: Our research identified a growing trend towards segmenting traffic at the resource level instead of the network level, with 63% of respondents reporting they have migrated to this paradigm. However, 70% still have some resources exposed to the public internet, increasing their attack surface without proper visibility and alerting. DNS manipulation and information leaks are also significant vulnerabilities, with 77% of organizations remaining unprotected in those areas. To address these challenges, businesses should prioritize implementing resource-level segmentation and DNS filtering solutions to minimize their attack surface and protect against data leakage.

2. There’s still a gap to upgrading Identity Authentication Protocols: Organizations are increasingly shifting from legacy MFA/2FA to more secure identity protocols such as FIDO/Web2Authn, with 27% of respondents already migrated to these newer protocols. This trend is especially prevalent in regulated industries like banking and finance, where data security is paramount. Businesses should assess the effectiveness of their current authentication mechanisms and consider migrating to more robust solutions like FIDO/Web2Authn to enhance their overall security posture and protect against man-in-the-middle attacks. These modern authentication protocols not only provide enhanced security but also offer a better user experience, helping to drive adoption and compliance among employees.

3. Organizations are migrating, however slowly, from role-based access to least-privilege access: The survey shows that only 33% of organizations have implemented least-privilege access or least privilege and ephemeral access controls. The majority still grant access at the department or role level (23% and 43% adoption, respectively), leaving them vulnerable to privilege escalation and lateral movement attack vectors. To mitigate these risks, organizations should transition to a least-privilege access model, wherein users are granted access only to the resources necessary for their job functions. Implementing a granular access control system not only reduces the risk of unauthorized access but also aids in regulatory compliance by ensuring that sensitive data is accessed only by authorized personnel.

4. Needs are emerging for a centralized management of ZTNA pillars: While 71% of Twingate customers report having the ability to view and manage identity, device, and security posture in a single panel, 29% do not have a centralized panel. This fragmentation can lead to difficulties in monitoring and enforcing ZTNA policies across the organization. To streamline ZTNA management, businesses should invest in solutions that offer a centralized, "single pane of glass" view of their ZTNA infrastructure, allowing IT teams to efficiently monitor, manage, and respond to potential security threats.


Conclusion

Organizations should focus on segmenting and filtering traffic at the resource level, upgrading their identity authentication protocols, adopting least-privilege access models, and centralizing the management of their ZTNA infrastructure. By benchmarking their ZTNA practices against the insights from the Twingate survey, organizations can identify gaps and create a roadmap to achieve a comprehensive, robust ZTNA infrastructure.



Note: Given the ongoing nature of the survey, the data may evolve over time as more respondents submit survey data. This study draws a statistically significant sample from select practitioners in IT, Security, and DevOps working in technology businesses

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

How mature are ZTNA implementations? A Twingate Benchmark Survey

Daniel Dong

May 16, 2023

Twingate recently conducted a survey on the state of Zero Trust Network Access. Complete the survey to see how you compare to industry benchmarks.

Finding Highlights

  • Most organizations are still in the “build phase” of Zero Trust Network Access

  • Most organizations are able to segment traffic on a resource rather than a network level (60%+). 

  • There are still significant gaps in implementing least-privilege access, reducing public attack surface, upgrading authentication protocols to FIDO2/WebAuthn, and managing all Zero Trust pillars under “one single pane of glass.” 

The State of Zero Trust

Lots of organizations want to move to a Zero Trust model, but getting started can be daunting. That’s why we’re excited to share Twingate’s new ZTNA Benchmark Report.

Between marketing buzzwords and vague promises of better security, the ZTNA marketplace often has a distinct lack of clarity from vendors. This confusion isn’t just a nuisance, it can lead to security gaps and misconfigurations that leave companies vulnerable to cyberattacks

To combat this, we surveyed organizations across industries, geographies, and sizes, to get a pulse on the state of Zero Trust adoption. You can now compare your organization's ZTNA practices against benchmarks and best practices to pinpoint areas for improvement and identify key focus areas for your own ZTNA infrastructure roadmap.

You can get your own custom report benchmarking yourself against your peers by completing this survey

Twingate ZTNA Benchmark Survey Findings

Twingate's benchmark survey provides valuable insights into the state of ZTNA adoption among organizations of varying sizes and industries. Most organizations surveyed are still in the build phase of perfecting their ZTNA infrastructure. Commonly cited challenges are around difficulty of configurations and organizational alignment across teams.

Some of the key trends and insights from the Twingate survey are:

1. Admins are getting mature with segmentation and traffic filtering: Our research identified a growing trend towards segmenting traffic at the resource level instead of the network level, with 63% of respondents reporting they have migrated to this paradigm. However, 70% still have some resources exposed to the public internet, increasing their attack surface without proper visibility and alerting. DNS manipulation and information leaks are also significant vulnerabilities, with 77% of organizations remaining unprotected in those areas. To address these challenges, businesses should prioritize implementing resource-level segmentation and DNS filtering solutions to minimize their attack surface and protect against data leakage.

2. There’s still a gap to upgrading Identity Authentication Protocols: Organizations are increasingly shifting from legacy MFA/2FA to more secure identity protocols such as FIDO/Web2Authn, with 27% of respondents already migrated to these newer protocols. This trend is especially prevalent in regulated industries like banking and finance, where data security is paramount. Businesses should assess the effectiveness of their current authentication mechanisms and consider migrating to more robust solutions like FIDO/Web2Authn to enhance their overall security posture and protect against man-in-the-middle attacks. These modern authentication protocols not only provide enhanced security but also offer a better user experience, helping to drive adoption and compliance among employees.

3. Organizations are migrating, however slowly, from role-based access to least-privilege access: The survey shows that only 33% of organizations have implemented least-privilege access or least privilege and ephemeral access controls. The majority still grant access at the department or role level (23% and 43% adoption, respectively), leaving them vulnerable to privilege escalation and lateral movement attack vectors. To mitigate these risks, organizations should transition to a least-privilege access model, wherein users are granted access only to the resources necessary for their job functions. Implementing a granular access control system not only reduces the risk of unauthorized access but also aids in regulatory compliance by ensuring that sensitive data is accessed only by authorized personnel.

4. Needs are emerging for a centralized management of ZTNA pillars: While 71% of Twingate customers report having the ability to view and manage identity, device, and security posture in a single panel, 29% do not have a centralized panel. This fragmentation can lead to difficulties in monitoring and enforcing ZTNA policies across the organization. To streamline ZTNA management, businesses should invest in solutions that offer a centralized, "single pane of glass" view of their ZTNA infrastructure, allowing IT teams to efficiently monitor, manage, and respond to potential security threats.


Conclusion

Organizations should focus on segmenting and filtering traffic at the resource level, upgrading their identity authentication protocols, adopting least-privilege access models, and centralizing the management of their ZTNA infrastructure. By benchmarking their ZTNA practices against the insights from the Twingate survey, organizations can identify gaps and create a roadmap to achieve a comprehensive, robust ZTNA infrastructure.



Note: Given the ongoing nature of the survey, the data may evolve over time as more respondents submit survey data. This study draws a statistically significant sample from select practitioners in IT, Security, and DevOps working in technology businesses