New research from Okta finds that the remote work economy has accelerated a Zero Trust culture, but the majority of companies are still relying on passwords
Organisations have become more security conscious over the course of the pandemic, leading them to invest heavily in Zero Trust, according to a new study from identity firm Okta. The State of Zero Trust Security 2021 report surveyed over 600 global security leaders about their initiatives and found that remote work has led to a change in how organisations view the importance of Zero Trust, with financial services, healthcare organisations and the software industry seeing the most significant progress.
More than three-quarters (78%) of companies globally say that Zero Trust has increased in priority and nearly 90% are currently working on a Zero Trust initiative, up from just 41% a year ago. In 2019, Zero Trust was a priority for only 18% of European companies. Now, two years later, the region is the most mature globally when it comes to Zero Trust adoption, with 90% either having fully implemented the strategy or planning to do so in the coming months.
As such, 82% of European organisations have increased their Zero Trust budgets in 2021, while not a single business in Europe says their budget has decreased. This comes during a period where cuts have been widespread, indicating the importance of Zero Trust as a security measure.
The greatest challenges for European organisations in adopting a Zero Trust infrastructure include:
- Cost concerns (26%)
- Technology gaps (22%)
- Stakeholder buy-in (19%)
- Awareness of solutions (15%)
“This research comes as cybersecurity remains a key challenge for organisations, following the heightened risk landscape created by the pandemic,” comments Ben King, Chief Security Officer, EMEA at Okta. “To avoid becoming the next victim of a data breach or attack, organisations are moving towards a more robust and comprehensive security posture that is centred around the Zero Trust principle of ‘never trust, always verify.’ Businesses must recognise that people are the new perimeter, and adopt strong authentication across all services, everywhere — from on-premises, to cloud, to mobile, and for employees as well as customers, partners, contractors, and suppliers.”
The most used security factors: the steady rise of biometrics
Okta’s research also reveals that companies are continuing to use low assurance factors, with the majority of companies still relying on passwords (95%) and security questions (68%). However, compared to the rest of the world, Europe has more widely implemented mature security factors, like biometrics, hardware one-time passwords (OTPs), and push notifications. 56% of organisations in Europe are already utilising biometric technology, compared with 43% for the rest of the world.
Globally, biometric technology has continued to skyrocket, with 45% of global companies, and over 50% in financial services and software, using biometrics as a high assurance factor.
“Overcoming the reliance on passwords is not going to happen overnight, but organisations can start with adopting contextual factors to ease authentication processes,” Ben King comments. “By embracing passwordless technologies such as biometrics and contextual factors, businesses can increase security and tackle data breaches more effectively.”
Okta is the leading independent provider of identity for the enterprise. The Okta Identity Cloud enables organisations to securely connect the right people to the right technologies at the right time. With over 7,000 pre-built integrations to applications and infrastructure providers, Okta customers can easily and securely use the best technologies for their business. More than 10,650 organizations, including JetBlue, Nordstrom, Slack, T-Mobile, Takeda, Teach for America and Twilio, trust Okta to help protect the identities of their workforces and customers.
Commissioned by Okta, Pulse Q&A conducted the survey of 600 IT and security decision makers at director level or above across multiple industries. This included 150 IT and security decision makers from EMEA, making up 25% of all respondents.