A staggering number of engineers are circumventing security protocols simply to perform their daily tasks—and many continue to hold access even after exiting the company.

According to a recent survey conducted on behalf of Tailscale, 83% of IT and engineering professionals admit to deliberately bypassing security measures to get work done.

The data comes from 1,000 responses across IT, security, and engineering roles in North America. The survey also revealed that 99% of organizations would prefer to completely overhaul their current access and networking infrastructure.

Two-thirds of respondents indicated that their company’s IT and security policies hinder or fail to understand their workflows, while nearly half (49%) stated their access systems aren’t scalable.

For instance, 68% of companies still depend on manual methods to manage network access—relying on outdated tools like static firewalls and IP-based permissions instead of adopting software-defined access models.

Despite widespread dissatisfaction, progress remains slow. While zero trust network access (ZTNA) is seen as the ideal direction, only 29% of respondents reported using identity-based access as their main approach.

The risks of manual processes were further highlighted by the fact that 68% of respondents retained access to internal systems after leaving a previous job.

Although 32% said their access was revoked immediately, 27% still had access for weeks, 13% for months, and in 6% of cases, former employees could still log in a year or longer after departure.

Virtual private networks (VPNs) were identified as a major pain point. Organizations still heavily dependent on VPNs are almost twice as likely to experience access issues or resort to insecure workarounds compared to those using modern alternatives. Only 10% of respondents said their current VPN setup functions well without significant drawbacks, while 90% cited problems such as security vulnerabilities, latency, or high operational complexity.

“Security and productivity should not be mutually exclusive,” said Avery Pennarun, CEO of Tailscale.

“When developers, engineers, and IT teams all agree the system is broken—and begin sidestepping it—that’s not a people problem, it’s a tooling problem. Zero trust has the potential to fix this, but only if it's implemented meaningfully, not just marketed as a buzzword.”

Tailscale predicts that security-focused organizations will either retire or begin phasing out legacy VPNs by the end of 2026, paving the way for more agile, modular solutions.

Over the next 24 months, the industry is expected to shift significantly toward unified, cloud-native secure access platforms—often referred to as universal ZTNA.

“Almost every company claims they’re on a Zero Trust journey, which is corporate speak for ‘we haven’t arrived, and might never get there,’” the report noted.

At the same time, many organizations are overwhelmed by fragmented tooling: 92% use multiple solutions for network security, and nearly one-third rely on four or more separate tools.

However, nearly half are actively working to consolidate their tech stacks. Early movers are transitioning to identity-first frameworks and just-in-time access models, which improve both security and usability.

AI and automation are also gaining traction—not only for threat detection but also for dynamically adjusting access based on real-time context.

Yet, the report found that 55% of respondents either expressed skepticism or admitted they don’t know where to begin when seeking better solutions.

“That knowledge gap is one of the biggest obstacles to improvement,” researchers stated. “Over the next two years, education around adaptive access, AI-powered threat detection, and practical zero trust implementation will be essential.”

The above is the detailed content of Majority of engineers bypass security controls to do their job – as zero trust ambitions aren't being met. For more information, please follow other related articles on the PHP Chinese website!