Zero trust is critically or very important to their business, say 91%, but office print infrastructure is not part of the security picture
Tuesday, 3rd May 2022: Zero trust security strategies are rapidly gaining momentum among medium- and large-sized businesses amid the growing frequency of security incidents, according to a Quocirca study of senior security professionals in the UK and US.
‘Zero Trust Security Trends 2022’ found that just over three-quarters (76%) of the 202 organisations surveyed had suffered an external attack, such as malware or ransomware, in the past year, and 48% had experienced insider threats from careless users. In addition, 43% had suffered vulnerabilities through compromised user credentials, and 42% reported supply chain attacks.
This high level of threats is shaping the way organisations view the future and where they are focusing security investment. Key findings from the research include:
- 90% expect to experience more security incidents in the coming year, 40% expect a significant increase.
- 49% say a zero trust strategy is critically important to their business; 42% say it is very important.
- Only 16% of organisations perceive their print infrastructure as presenting a significant threat.
- Securing the print infrastructure is the least common motivation for zero trust implementation and only 50% have already included print in their zero trust strategy.
- 55% of organisations manage print security in-house; 18% rely on a managed print service provider, and 14% use a managed IT service provider that also takes responsibility for print security.
Zero trust maturity and motivations vary
The research found distinct variations in the maturity of zero trust strategies. Overall, 42% of respondents said they had adopted a zero trust strategy, but this rose to 47% in the US and dropped to 36% in the UK. Business and professional services organisations were most likely to have a zero trust strategy in place (56%), while public sector organisations were least likely to have implemented one (28%).
The most common reason for adopting a zero trust model is to protect sensitive data (38%), followed by keeping cloud deployments secure (29%). Smaller organisations (500–999 employees) are more likely to seek IT visibility from their zero trust strategy (31%), compared to just 17% of larger organisations. Securing office and home print infrastructure was the lowest priority, with just 10% saying it was a top reason for adopting zero trust.
Quocirca’s research director, Louella Fernandes, comments: “Zero trust momentum may be growing, but businesses have a blind spot around print devices in security infrastructure. As sophisticated endpoints on the network that process sensitive data of all kinds, they should be treated in a similar way to all endpoints, with robust access control, management, and intrusion detection to ensure they are not compromised.
“For those in the print value chain, educating users on how the information-sensitive print environment can be a severe security issue if left unprotected should open a market for the inclusion of print protection services within an overall zero trust model. For MSPs, it makes sense to find partners in the print value chain with skills and solutions that can be leveraged to quickly and effectively provide print-inclusive zero trust services.”
Rate of MSP adoption for security linked to enterprise size
The research also revealed that larger organisations are less likely than smaller ones to turn to managed IT service providers to handle security. While 37% of companies with 500–999 employees use an MSP (and 47% take care of security in-house), of organisations with more than 1,000 employees, only 17% fully outsource security to an MSP, with 23% using a hybrid approach and 52% handling security internally.
The type of approach taken also correlates with expectations around future security incidents. A higher proportion (46%) of those that manage IT internally expect incident rates to rise significantly, compared with 32% that use an MSP and 38% that have a hybrid model.
When it comes to viewing print security management as part of the whole security management stack, there is a general preference for a single supplier to manage both the print and overall IT environments, with 56% claiming this would be their preferred route.
Louella Fernandes adds: “In the fast-changing security environment, all participants in the value chain must educate themselves around the risks posed by complex endpoint devices such as printers and multifunction devices. Understanding where print sits in the security landscape and where weaknesses can be addressed by tools such as pull printing, automatic job deletion, and routing helps organisations improve their security posture and develop policies that protect data.”
Quocirca’s full report on zero trust trends contains recommendations for both buyers and suppliers around implementing zero trust strategies that incorporate print infrastructure.
Quocirca is a global market insight and research firm providing strategic market analysis and intelligence to print industry business and technology leaders. Quocirca specialises in analysing the convergence of print and digital technologies in the future workplace.
Since 2006, Quocirca has played an influential role in advising clients on major shifts in the market. Our consulting and research are at the forefront of the rapidly evolving print services and solutions market, trusted by clients seeking new strategies to address disruptive technologies.
Trusted by global industry organisations, Quocirca offers a wealth of specialist knowledge across the connected print ecosystem. Our extensive research activities are backed up with rigorous analysis and a robust primary research programme.