Digital transformation goes hand-in-hand with Zero Trust security

Forward-looking organizations are investing in Zero Trust security and strong MFA, modern app development, IaaS, and digital transformation, a recently released Okta report has shown.

Current situation and expectations

Based on the answers by 1,050 IT, security, and engineering decision makers at global companies (from a wide variety of industries) with over $1 billion in revenue:

  • 63% of the companies are expected to increase the number of contractors and remote workers
  • 59% are either actively working to secure themselves with a Zero Trust philosophy or are beginning to build the strategy into a formal plan (and it seems that the the drive towards Zero Trust is being led from the management layers in IT, rather than the boardroom)
  • 50% are either actively working to digitize their business and technology or are beginning to build the strategy into a formal plan
  • 60% are expected to increase IaaS adoption
  • 55% are deploying a multi-cloud strategy and 65% are expected to increase the number of clouds they run in the coming year
  • 62% of the respondents expect their company’s cloud application “end state” to be between 10% to 50% of apps running in the cloud.

digital transformation Zero Trust security

86% of the companies are investing in at least one Agile application development technology (containerization, continuous delivery, Functions-as-a-Service, microservices – with CD and microservices being most popular), and 90% of the companies investing in either one or more of “forward-looking” technologies (AI, augmented reality, blockchain and IoT – with AI and IoT being most popular).

“Expectations around digital transformation are high, as IT, security, and engineering decision makers expect significant and often long-term returns for undertaking such initiatives. When asked to rank their expected benefits of digital transformation, respondents picked improve customer experience (19%), keep an edge against competitors (16%), and grow into new markets (16%) most frequently for the #1 spot,” Okta noted.

Security and privacy efforts and concerns

Nearly 40% of the respondents view fully remote workers as a security threat. Security is also the number one concern preventing companies from using more contract workers.

The increasing number of remote and contract employees and the explosion of IaaS and multi-cloud strategies has spurred companies to work towards a Zero-Trust reality, to allow various users – regardless of their location, device or network – to securely access company assets.

One of the important aspects of this plan is the implementation of multi-factor authentication (MFA).

“We found that overall, security questions (61%) and software one-time passwords (54%) were the MFA types that respondents most often said they used. And when looking at the overall set of factors that respondents picked, the majority (61%) reported using a mix of stronger factors and weaker factors,” Okta shared.

digital transformation Zero Trust security

“We also found a correlation between types of MFA and whether companies were pursuing a Zero Trust strategy. More than a quarter (27%) of respondents at companies without a Zero Trust strategy in the works were providing only weak MFA or none at all, compared to 15% of Zero-Trust-pursuing respondents providing the same.”

The report also revealed a new focus on privacy:

  • 43 of the respondents expect their company to provide their employees with more visibility into and control over their personal data in the coming year
  • 49% expect their company to provide their customers with more granular data privacy control in the coming year
  • 55% of the respondents also believe that a universal federal privacy policy law in the United States would make compliance easier for their organization.

digital transformation Zero Trust security

Finally, an unexpected revelation is that – despite a recent Ponemon study finding that the mean time for companies to identify a data breach incident is 197 days and that to contain it is 69 days – most respondents believe that their company would identify a security compromise (75%) and respond to it (78%) within 24 hours.

CIOs are particularly confident in their company’s preparedness and so are the respondents from some of the most vulnerable industries (financial services, healthcare, technology).

“The gulf between expectations and reality showcase why security can be such a challenge, even for the world’s largest companies,” Okta concluded.