This audio is generated automatically. Please let us know if you have any comments.
- A fundamental shift in information security practices is underway, as 55% of organizations now have a zero trust initiative in place, more than double the total 24% a year ago, according to the Zero Trust Status Report from Okta published on Tuesday.
- The report shows nearly universal adoption of zero trust principles, as 97% of companies have implemented a zero trust initiative or will adopt one within the next 12 to 18 months.
- “Today we saw that zero trust is no longer a theoretical idea – it is an active initiative that almost every organization across [every] industry implements,” said Christopher Niggel, regional security manager for the Americas at Okta, via email.
Overview of the dive:
The report shows that companies are making significant changes to how they secure the workplace, where standard practices have changed following the widespread adoption of remote access post-pandemic.
In 2019, the first year the survey was conducted, only 16% of organizations had invested in zero trust initiatives. Since, companies have largely migrated their applications to the cloud and hybrid workers spend the vast majority of their time working from home or remotely, forcing companies to invest in new security measures to confirm their identity.
“This new environment means that perimeter-based approaches and low-assurance security factors, such as passwords, leave organizations vulnerable to attack,” Niggel said. “To protect systems, data, workforce and customers, organizations have had to radically change their approach to cybersecurity and make identity the new perimeter.”
A zero-trust security model means that companies will no longer assume that an employee or external contractor is a trusted user, and therefore anyone accessing a network will need to confirm their identity.
Companies also limit access privileges to ensure that anyone connecting to the network does not have access to more sensitive data, unless it directly applies to their job. The report shows that enterprises will focus on rolling out passwordless access over the next 12 to 18 months.
According to David Holmes, Principal Analyst at Forrester, another big change for enterprises will be replacing VPNs with trustless network access technology. The technology provides a more secure gateway and a better experience for remote workers, allowing them to be more productive.
But zero trust will be a long journey for many organizations, said Charlie Winckless, principal analyst director at Gartner. Many companies will be stuck with complexity and the inability to change corporate culture.
“Those that focus on strong identity practices and build from there seem to have the most success and we see identity and context as foundational to the approach,” Winckless said.
Okta commissioned Pulse Q&A to conduct a survey of 700 security decision makers from Asia-Pacific, North America, Europe, the Middle East and Africa. The study took place in early 2022 and respondents included directors, vice presidents and senior executives.