Zero trust has quickly progressed from a buzzword to a critical business imperative, Okta’s 2022 State of Zero Trust Security Report has found. Today, 97% of businesses say that they have a zero trust initiative in place or will have one in the next 12-18 months, rising from 16% in 2018 – a more than 500% increase in the past four years.
EMEA businesses are dragging their feet on zero trust strategy – but budgets are on the rise
Businesses in EMEA (Europe, Middle East and Africa) are falling behind other regions when it comes to having a defined zero trust strategy. Just 36% of organizations say they currently have a strategy in place, compared to 50% in APAC (Asia & Pacific) and 59% in North America. However, this is set to change with EMEA leading the race in terms of budget increases for zero trust strategies. 90% of businesses in EMEA are increasing investment, compared to 83% in APAC and 77% in North America.
In terms of the biggest challenges for businesses implementing zero trust initiatives, talent shortages are listed at the top in North America and APAC, and among the Global 2000. However, in EMEA, cost concerns are judged to be an equivalent challenge with awareness of solutions to support zero trust ranked even higher.
Globally, 80% of all organizations say identity is important to their overall zero trust security strategy, and an additional 19% go so far as calling identity business critical. This means that 99% of organizations cite identity as a major factor in their zero trust strategy. Among CISOs and other members of the C-suite specifically, 26% deem identity business-critical.
“Organizations in EMEA need to alter their approach to cybersecurity if they want to safeguard systems, data, workforces, and customers in a continually changing world”, comments Ian Lowe, Head of Industry Solutions, EMEA at Okta.
“The region is making significant progress in their zero trust initiatives, but businesses still face a number of challenges, like improving awareness, skill shortages and making significant investments to help their teams implement new technologies.”
EMEA is most balanced when it comes to usability and security concerns
The research shows that finding the balance between usability and security concerns is an ongoing challenge for organizations today. The shift toward security is more pronounced in APAC and North America, with the EMEA region reporting a more balanced prioritisation between the two.
“Companies are now leveraging pandemic-era investments in usability, and catching up on some security debt,” adds Lowe. “But increasingly, they are also realising that stronger security and better usability aren’t necessarily at odds anymore. Passwordless technologies, as an example, simultaneously improve the user experience by making logging in frictionless, whilst also being more secure.”
Healthcare and financial services strive ahead, Govt falls behind on passwordless access
For financial services and healthcare organizations, most of the definitional work to get zero trust initiatives in place is already happening.
Within financial services:
- Nearly 100% of financial service respondents plan to have a zero trust initiative underway within the next 12-18 months
- 48% already have such an initiative in place today
- 75% of financial services companies expect to have SSO and/or MFA extended to servers, databases, and APIs within 18 months
- 58% of respondents have already begun implementing their zero trust initiatives, representing a 20% increase from 2021
- 99% say identity plays an important or business critical role in their overall zero trust security strategies
- All healthcare respondents say they plan to have extended SSO and/or MFA to SaaS apps, internal apps, and servers in the coming 12-18 months
Nearly 22% of respondents from financial services companies indicate that they will adopt passwordless access options in the coming 12-18 months, while 16% of healthcare and software companies plan to follow suit.
Government institutions lag behind, with only 7% either already having passwordless access in place, or planning to implement this in the coming months. Yet, nearly all government respondents around the world say that identity is an important part of their overall zero trust strategy, with 19% deeming it as business-critical.