Okta’s fourth annual State of Zero Trust Security report reveals that budgets for Zero Trust initiatives are increasing for 85% of organisations.
Zero Trust has quickly progressed from a buzzword to a critical business imperative, Okta’s 2022 State of Zero Trust Security Report has found. Today, 97% of businesses say that they have a Zero Trust initiative in place or will have one in the next 12-18 months, rising from 16% in 2018 – a more than 500% increase in the past four years.
EMEA businesses are dragging their feet on Zero Trust strategy – but budgets are on the rise
Businesses in EMEA (Europe, Middle East and Africa) are falling behind other regions when it comes to having a defined Zero Trust strategy. Just 36% of organisations say they currently have a strategy in place, compared to 50% in APAC (Asia & Pacific) and 59% in North America. However, this is set to change with EMEA leading the race in terms of budget increases for Zero Trust strategies. 90% of businesses in EMEA are increasing investment, compared to 83% in APAC and 77% in North America.
In terms of the biggest challenges for businesses implementing Zero Trust initiatives, talent shortages are listed at the top in North America and APAC, and among the Global 2000. However, in EMEA, cost concerns are judged to be an equivalent challenge with awareness of solutions to support Zero Trust ranked even higher.
Globally, 80% of all organisations say identity is important to their overall Zero Trust security strategy, and an additional 19% go so far as calling identity business critical. This means that 99% of organisations cite identity as a major factor in their Zero Trust strategy. Among CISOs and other members of the C-suite specifically, 26% deem identity business-critical.
“Organisations in EMEA need to alter their approach to cybersecurity if they want to safeguard systems, data, workforces, and customers in a continually changing world”, comments Ian Lowe, Head of Industry Solutions, EMEA at Okta. “The region is making significant progress in their Zero Trust initiatives, but businesses still face a number of challenges, like improving awareness, skill shortages and making significant investments to help their teams implement new technologies.”
EMEA is most balanced when it comes to usability and security concerns
Okta’s research shows that finding the balance between usability and security concerns is an ongoing challenge for organisations today. The shift toward security is more pronounced in APAC and North America, with the EMEA region reporting a more balanced prioritisation between the two.
“Companies are now leveraging pandemic-era investments in usability, and catching up on some security debt,” adds Lowe. “But increasingly, they are also realising that stronger security and better usability aren’t necessarily at odds anymore. Passwordless technologies, as an example, simultaneously improve the user experience by making logging in frictionless, whilst also being more secure.”
Healthcare and financial services strive ahead, whilst Government falls behind on passwordless access
For financial services and healthcare organisations, most of the definitional work to get Zero Trust initiatives in place is already happening.
Within financial services:
- Nearly 100% of financial service respondents plan to have a Zero Trust initiative underway within the next 12-18 months
- Nearly half (48%) already have such an initiative in place today
- 75% of financial services companies expect to have SSO and/or MFA extended to servers, databases, and APIs within 18 months
- 58% of respondents have already begun implementing their Zero Trust initiatives, representing a 20% increase from 2021
- 99% say identity plays an important or business critical role in their overall Zero Trust security strategies
- All healthcare respondents say they plan to have extended SSO and/or MFA to SaaS apps, internal apps, and servers in the coming 12-18 months
Nearly 22% of respondents from financial services companies indicate that they will adopt passwordless access options in the coming 12-18 months, while 16% of healthcare and software companies plan to follow suit. Government institutions lag behind, with only 7% either already having passwordless access in place, or planning to implement this in the coming months. Yet, nearly all government respondents around the world say that identity is an important part of their overall Zero Trust strategy, with 19% deeming it as business-critical.
Commissioned by Okta, Pulse Q&A conducted a survey of 700 director-and-above security decision makers at organisations all over the world, across many industries. Decision makers were defined as people responsible for making technology purchasing decisions, from which our survey partner Pulse collected responses in early 2022. We refer to this survey as “our survey” and “survey” throughout, and refer to the people who responded on behalf of their organisations as “survey respondents” or “respondents.”