Organizations aware of the importance of zero trust, yet still relying on passwords

Organizations have become more security conscious over the course of the pandemic, leading them to invest heavily in zero trust, according to a study from identity firm Okta.

The report surveyed over 600 global security leaders about their initiatives and found that remote work has led to a change in how organizations view the importance of zero trust, with financial services, healthcare organizations and the software industry seeing the most significant progress.

78% of companies globally say that zero trust has increased in priority and nearly 90% are currently working on a zero trust initiative, up from just 41% a year ago. In 2019, zero trust was a priority for only 18% of European companies. Now, two years later, the region is the most mature globally when it comes to zero trust adoption, with 90% either having fully implemented the strategy or planning to do so in the coming months.

As such, 82% of European organizations have increased their zero trust budgets in 2021, while not a single business in Europe says their budget has decreased. This comes during a period where cuts have been widespread, indicating the importance of zero trust as a security measure.

The greatest challenges for European organizations in adopting zero trust

• Cost concerns (26%)
• Technology gaps (22%)
• Stakeholder buy-in (19%)
• Awareness of solutions (15%)

“This research comes as cybersecurity remains a key challenge for organizations, following the heightened risk landscape created by the pandemic,” comments Ben King, CSO, EMEA at Okta.

“To avoid becoming the next victim of a data breach or attack, organizations are moving towards a more robust and comprehensive security posture that is centred around the zero trust principle of ‘never trust, always verify.’ Businesses must recognise that people are the new perimeter, and adopt strong authentication across all services, everywhere — from on-premises, to cloud, to mobile, and for employees as well as customers, partners, contractors, and suppliers.”

The most used security factors: The steady rise of biometrics

The research also reveals that companies are continuing to use low assurance factors, with the majority of companies still relying on passwords (95%) and security questions (68%). However, compared to the rest of the world, Europe has more widely implemented mature security factors, like biometrics, hardware one-time passwords (OTPs), and push notifications. 56% of organizations in Europe are already utilising biometric technology, compared with 43% for the rest of the world.

Globally, biometric technology has continued to skyrocket, with 45% of global companies, and over 50% in financial services and software, using biometrics as a high assurance factor.

“Overcoming the reliance on passwords is not going to happen overnight, but organizations can start with adopting contextual factors to ease authentication processes,” Ben King comments. “By embracing passwordless technologies such as biometrics and contextual factors, businesses can increase security and tackle data breaches more effectively.”