Zero Trust now a boardroom discussion

Okta’s fourth annual State of Zero Trust Security report reveals that budgets for Zero Trust initiatives are increasing for 85% of organisations.

  • 2 years ago Posted in

Zero Trust has quickly progressed from a buzzword to a critical business imperative, Okta’s 2022 State of Zero Trust Security Report has found. Today, 97% of businesses say that they have a Zero Trust initiative in place or will have one in the next 12-18 months, rising from 16% in 2018 - a more than 500% increase in the past four years. 

 

EMEA businesses are dragging their feet on Zero Trust strategy - but budgets are on the rise

 

Businesses in EMEA (Europe, Middle East and Africa) are falling behind other regions when it comes to having a defined Zero Trust strategy. Just 36% of organisations say they currently have a strategy in place, compared to 50% in APAC (Asia & Pacific) and 59% in North America. However, this is set to change with EMEA leading the race in terms of budget increases for Zero Trust strategies. 90% of businesses in EMEA are increasing investment, compared to 83% in APAC and 77% in North America.

 

In terms of the biggest challenges for businesses implementing Zero Trust initiatives, talent shortages are listed at the top in North America and APAC, and among the Global 2000. However, in EMEA, cost concerns are judged to be an equivalent challenge with awareness of solutions to support Zero Trust ranked even higher.

 

Globally, 80% of all organisations say identity is important to their overall Zero Trust security strategy, and an additional 19% go so far as calling identity business critical. This means that 99% of organisations cite identity as a major factor in their Zero Trust strategy. Among CISOs and other members of the C-suite specifically, 26% deem identity business-critical.

 

“Organisations in EMEA need to alter their approach to cybersecurity if they want to safeguard systems, data, workforces, and customers in a continually changing world”, comments Ian Lowe, Head of Industry Solutions, EMEA at Okta. “The region is making significant progress in their Zero Trust initiatives, but businesses still face a number of challenges, like improving awareness, skill shortages and making significant investments to help their teams implement new technologies.” 

 

EMEA is most balanced when it comes to usability and security concerns

 

Okta’s research shows that finding the balance between usability and security concerns is an ongoing challenge for organisations today. The shift toward security is more pronounced in APAC and North America, with the EMEA region reporting a more balanced prioritisation between the two. 

 

“Companies are now leveraging pandemic-era investments in usability, and catching up on some security debt,” adds Lowe. “But increasingly, they are also realising that stronger security and better usability aren’t necessarily at odds anymore. Passwordless technologies, as an example, simultaneously improve the user experience by making logging in frictionless, whilst also being more secure.”

 

Healthcare and financial services strive ahead, whilst Government falls behind on passwordless access

For financial services and healthcare organisations, most of the definitional work to get Zero Trust initiatives in place is already happening.

Within financial services:

Nearly 100% of financial service respondents plan to have a Zero Trust initiative underway within the next 12-18 months

Nearly half (48%) already have such an initiative in place today

75% of financial services companies expect to have SSO and/or MFA extended to servers, databases, and APIs within 18 months 

Within healthcare:

58% of respondents have already begun implementing their Zero Trust initiatives, representing a 20% increase from 2021

99% say identity plays an important or business critical role in their overall Zero Trust security strategies

All healthcare respondents say they plan to have extended SSO and/or MFA to SaaS apps, internal apps, and servers in the coming 12-18 months

Nearly 22% of respondents from financial services companies indicate that they will adopt passwordless access options in the coming 12-18 months, while 16% of healthcare and software companies plan to follow suit. Government institutions lag behind, with only 7% either already having passwordless access in place, or planning to implement this in the coming months. Yet, nearly all government respondents around the world say that identity is an important part of their overall Zero Trust strategy, with 19% deeming it as business-critical.


Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security...
Talent and training partner, mthree, which supports major global tech, banking, and business...
Cloud-native organisations to gain full understanding over every identity in the cloud, secured...
MSSPs identify regulatory compliance as additional factor as organisations seek to shift...
Orange Business (Norway), a global leader in digital services, has selected ARMO’s advanced...
Gigamon and Exclusive Networks have expanded their existing distribution partnership, broadening...
Trustwave and Cybereason have announced a definitive merger agreement offering a comprehensive and...
FortiDLP’s unified approach to data protection enables enterprise organizations to anticipate and...