GARTNER, INC. Through 2026, 75% of U.S. federal agencies will fail to implement zero trust security policies due to funding and expertise shortfalls, according to Gartner, Inc.
Gartner defines zero trust as a security paradigm that starts from the baseline of trusting no end user, and explicitly identifies users and grants them the precise level of access necessary to accomplish their task. Zero trust is not a specific technology, product or service. Instead, it is a set of security design principles that contrasts with the traditional perimeter-based security approach.
"With the September 2024 deadline for specific zero trust requirements for U.S. federal agencies being established, requirements are broad for all agencies," said Mike Brown, Vice President Analyst at Gartner. "However, consistent with other compliance deadlines, agencies will struggle to meet these goals. Given the typical delays for Congressional passage of the federal budget, funds will likely not be available for the zero trust initiative until the second quarter of fiscal 2024, allowing only a partial year to achieve goals."
Agencies Implementing Zero Trust Face Near-Term Hurdles
Although zero trust achievements, or lack thereof, may be captured in audits, public reporting on specific details of zero trust progress may be limited or obfuscated. This is to avoid identifying weaker aspects of government cybersecurity for the benefit of malicious actors.
"One of the main impediments for government agencies in their zero trust journey is a cybersecurity skills shortage," said Brown." Government agencies are challenged to compete with the private sector for staff with necessary skills. To address these talent shortages, agencies should be working simultaneously with service contracts, to reskill existing staff and to recruit new staff."
Failure to meet policy deadlines will continue to leave federal agencies exposed to risks that could be mitigated.
"This could lead to the interruption of vital government services or the compromise of sensitive information, both of which would have a significant fiscal impact on resolving what could be prevented," said Brown. "Security breaches will occur as even the best cybersecurity implementations are not immune. Still, those agencies and their CIOs who fail to fully and promptly adopt zero trust measures will be subject to the most negative scrutiny. A breach often catalyzes the focus and investment in mitigation, which is a predictable need."
Gartner clients can read more in "Predicts 2024: U.S. Federal Government."
Learn how to implement zero trust security in the public sector in the complimentary Gartner Zero Trust Toolkit.
Gartner Security & Risk Management Summit
Gartner analysts will present the latest research and advice for security and risk management leaders at the Gartner Security & Risk Management Summits, taking place February 12-13 in Dubai, February 26-27 in India, March 18-19 in Sydney, June 3-5 in National Harbor, July 24-26 in Tokyo and September 23-25 in London. Follow news and updates from the conferences on X using #GartnerSEC.
Gartner for Information Technology Executives provides actionable, objective insight to CIOs and IT leaders to help them drive their organizations through digital transformation and lead business growth. Additional information is available at www.gartner.com/en/information-technology.
Follow news and updates from Gartner for IT Executives on X and LinkedIn using #GartnerIT. Visit the IT Newsroom for more information and insights.
Attachments
- Original Link
- Permalink
Disclaimer
Gartner Inc. published this content on 28 March 2024 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 28 March 2024 08:35:08 UTC.
