Dive Brief:
- A fundamental shift in information security practices is underway, as 55% of organizations now have a zero trust initiative in place, more than double the 24% totals from a year ago, according to the State of Zero Trust report from Okta released Tuesday.
- The report shows almost universal adoption of zero-trust principles, as 97% of businesses either have a zero trust initiative in place or will adopt one in the next 12-18 months.
- “Today we’ve seen that zero trust is no longer a theoretical idea — it's an active initiative that almost every organization across [every] industry is implementing,” Christopher Niggel, regional chief security officer for the Americas at Okta, said via email.
Dive Insight:
The report shows companies are making significant changes to how they secure the workplace, where standard practices changed following the widespread adoption of remote access post-pandemic.
In 2019, the first year the survey was conducted, only 16% of organizations had invested in zero trust initiatives. Since then, companies have largely migrated their applications to the cloud and hybrid workers are spending the vast majority of their time working from home or some other remote location, forcing companies to invest in new security measures to confirm identity.
“This new environment means that perimeter-based approaches and low-assurance security factors, such as passwords, leave organizations susceptible to attacks,” Niggel said. “To safeguard systems, data, workforces and customers, organizations have had to dramatically shift their cybersecurity approach and make identity the new perimeter.”
A zero-trust security model means companies will no longer assume an employee or outside contractor is a trusted user, and therefore anyone accessing a network will be required to confirm their identity.
Companies also limit access privileges to make sure anyone logging into the network does not have access to more sensitive data, unless it directly applied to their jobs. The report shows companies will focus on rolling out passwordless access over the next 12-18 months.
Another significant change for companies will be replacing VPNs with zero-trust network access technology, according to David Holmes, senior analyst at Forrester. The technology provides a more secure gateway and a better experience for remote workers, which allows them to be more productive.
But zero trust will be a long journey for many organizations, said Charlie Winckless, senior director analyst at Gartner. Many companies will be stymied by complexity and an inability to change the corporate culture.
“Those who focus on strong identity practices and build from there appear to have the most success and we see identity and context as the core underpinnings of the approach,” Winckless said.
Okta commissioned Pulse Q&A to conduct the survey of 700 security decision makers from the Asia-Pacific region, North America, Europe, the Middle East and Africa. The study took place during early 2022 and respondents included directors, vice presidents and C-suite executives.
