Open Systems survey finds Zero Trust execution gaps

Open Systems and Cybersecurity Insiders surveyed 505 IT and security leaders in the United States and the United Kingdom and found that most organizations had not completed Zero Trust implementations, a gap that affected their ability to operate modern access and networking approaches at scale.

The survey showed hybrid environments had become the default operating model, with respondents securing remote workers, Software-as-a-Service (SaaS) applications, datacenters, multi-cloud workloads, branch locations and third-party access at the same time; 67–68% identified lack of end-to-end visibility as their top operational challenge, followed by inconsistent user experience, performance issues and rising ticket volumes.

Findings indicated Zero Trust adoption had progressed beyond initial steps: only 13–14% still relied solely on traditional Wide Area Network (WAN) and Virtual Private Network (VPN) architectures while most organizations had introduced Zero-Trust Network Access (ZTNA) and application-level access controls, yet only 8–9% reported a fully integrated Zero Trust Architecture (ZTA); respondents said operating VPN and ZTNA in parallel produced duplicated policies, fragmented tooling and increased operational overhead, and they cited skills shortages and integration challenges as limits on consistent operation.

The survey was conducted by Open Systems in collaboration with Cybersecurity Insiders; respondents reported preferences for co-managed or fully managed Secure Access Service Edge (SASE) models, with 78% of US and 85% of UK participants favoring those approaches, and they listed Artificial Intelligence (AI) use for monitoring, anomaly detection, incident response and ticket automation as priorities for reducing operational noise. Open Systems was founded in 1990, is headquartered in Switzerland, generates over USD 100 million in annual revenue and supports enterprise customers with more than 60,000 employees across operations in more than 180 countries.

“Enterprises are no longer debating whether Zero Trust and SASE are the right direction - that decision has been made,” said Stefan Keller. “What's slowing progress is the ability to execute day to day. Hybrid complexity, legacy infrastructure and limited internal capacity are colliding at the same time.” “SASE is no longer a product deployment, it's an operating model,” said Stefan Keller. “Customers want visibility-first platforms, shared responsibility and partners who can operate alongside them as environments grow more complex.”

The report concluded that enterprises were ready for Zero Trust and SASE and required operating models aligned with hybrid, cloud-first environments.