Towards Zero Trust Architecture: A Pilot Study on Information Systems Security Readiness amongst Small and Medium Enterprises

TL;DR

This pilot study explores the perceptions, barriers, and adoption path of Zero Trust Architecture in SMEs, highlighting key factors influencing implementation and proposing a staged approach tailored for resource-limited organizations.

Contribution

It provides empirical insights into SME-specific challenges and proposes a practical, phased adoption route for Zero Trust Architecture based on survey data.

Findings

Familiarity with ZTA and cloud needs increase perceived necessity.

Identity management complexity is a major implementation hurdle.

A three-stage adoption path is proposed for SMEs.

Abstract

Small and medium enterprises (SMEs) face growing cyber threats but often lack the resources and expertise needed to adopt Zero Trust Architecture (ZTA). This pilot study examines the drivers and barriers shaping SME perceptions of ZTA necessity and proposes an exploratory staged adoption path. Survey data from 64 IT and security professionals in the Asia-Pacific region show that ZTA familiarity and cloud-computing needs are the strongest positive correlates of perceived necessity, whereas accumulated barriers show only a weak negative association. Identity and access management complexity and scalability emerge as the main implementation hurdles. Based on these findings, we propose a three-stage route for SMEs: strengthening identity governance, segmenting high-value assets, and introducing targeted monitoring in line with operational capacity. The study offers early evidence for more realistic Zero Trust transitions in resource-constrained firms.