Over the Easter weekend, we released a new research report looking at implementing Zero Trust in Europe.

When we started, we knew that a one-size-fits-all approach would not work in Europe. In addition, general awareness of the Zero Trust security model is much lower in Europe than in the US. Unheard of 12 months ago in Europe, several major vendors are going to market with Zero Trust today. In addition, European security conferences are making it a 2019 focus topic. Here are our observations of how Zero Trust is landing in Europe:

  1. Network-centric approaches to Zero Trust miss the point. Our research revealed that, while awareness of Zero Trust is rising, the messaging in Europe is focused on the network component of our Zero Trust eXtended (ZTX) framework. This is unsurprising, as the most vocal advocates of Zero Trust in Europe have been the network security vendors. This might help sell some next-generation firewalls; we reject a network-centric-only view of Zero Trust, however. European customers tell us that focusing only on the network scares budget holders that Zero Trust equals “expense in depth v2.0.” To implement the model successfully requires a far more holistic approach that makes use of existing security investments to reimagine the security model, rather than rip out and replace. Our own Zero Trust eXtended framework includes a focus on data, people, workload, device, identity, and network, telling you how to implement the Zero Trust security model in a holistic fashion.
  2. While customer awareness is lower, many ZTX principles are being used in practice. European public cloud adoption has increased since 2016. Fifty-seven percent of European organizations are using public cloud or planning to implement public cloud. As European customers have made that shift, they have had to implement new security models. Relying on a perimeter security model with a small number of controlled internet egress points does not work. As architectures have changed, many ZTX principles have been implemented across our customer base (for example, by governing access to resources based on identity). ZTX enables a successful transition to the cloud, helping the business take advantage of its agility.
  3. Paying attention to cultural and legal norms will save much pain. Cultural and linguistic diversity is widespread across Europe, and this is notable in customer attitudes, requirements, and willingness to implement more controversial controls such as employee monitoring and analytics. We recommend early stakeholder engagement to build a plan to deal with these issues proactively. Doing this will save you some pain and help stakeholders understand your motives.

To find out more and to dive into some of the implementation issues involved with Zero Trust in Europe, see our report here.