Towards Zero Trust Architecture: A Pilot Study on Information Systems Security Readiness amongst Small and Medium Enterprises
For SMEs lacking resources, this study provides early evidence and a practical staged approach to Zero Trust adoption, though findings are preliminary due to small sample size.
This pilot study identifies drivers and barriers for Zero Trust Architecture adoption among SMEs, finding that ZTA familiarity and cloud-computing needs strongly correlate with perceived necessity, while identity and access management complexity is the main hurdle. A three-stage adoption path is proposed.
Small and medium enterprises (SMEs) face growing cyber threats but often lack the resources and expertise needed to adopt Zero Trust Architecture (ZTA). This pilot study examines the drivers and barriers shaping SME perceptions of ZTA necessity and proposes an exploratory staged adoption path. Survey data from 64 IT and security professionals in the Asia-Pacific region show that ZTA familiarity and cloud-computing needs are the strongest positive correlates of perceived necessity, whereas accumulated barriers show only a weak negative association. Identity and access management complexity and scalability emerge as the main implementation hurdles. Based on these findings, we propose a three-stage route for SMEs: strengthening identity governance, segmenting high-value assets, and introducing targeted monitoring in line with operational capacity. The study offers early evidence for more realistic Zero Trust transitions in resource-constrained firms.