08/16/2022 | News release | Distributed by Public on 08/16/2022 08:06
What a difference four years makes.
Since launching our first State of Zero Trust report in 2019, we've been saying that the framework represents the future of security. This year, Zero Trust adoption reached a tipping point.
In 2019, many organizations that we surveyed acknowledged that Zero Trust was important, but just 16% had invested in Zero Trust initiatives. In 2022, organizations are ready to take action; 97% of survey respondents have a defined Zero Trust initiative in place or plan to have one within the next few months.
Our fourth annual State of Zero Trust report, compiled from surveys with 700 security leaders, reveals a fundamentally changed landscape, where there is no one-size-fits-all security solution. As different organizations, industries, and regions embrace varying Zero Trust strategies and priorities, some fascinating trends have emerged.
Here are five key insights from the 2022 report.
In the past year, the evolution of Zero Trust programs has been remarkable. In fact, the percentage of companies with a defined Zero Trust initiative in place more than doubled:
In 2020, organizations worldwide needed to abruptly support distributed, dynamic workforces, so it's understandable that considerations around accessibility and user-friendliness often overrode security concerns.
After implementing systems that enabled teams to work from anywhere, many organizations accrued security debt and are now learning where their vulnerabilities lie. But they've also realized that security doesn't have to come at the cost of usability, as the increasingly widespread adoption of passwordless authentication proves:
The central tenet of the Zero Trust security model is "never trust, always verify"-and while there may be a range of methods to do that, none is as reliable as identity and access management.
In total, identity is singled out as a key contributor to Zero Trust among 99% of organizations surveyed. The numbers are similar when speaking to senior leaders, such as CISOs and other C-suite executives, with 98% recognizing the integral role of identity in a robust Zero Trust approach.
"We're becoming an identity-driven security team, which is a real shift in culture, because we're talking about a team that was built for a flat, on-prem network." - John McLeod, CISO,NOV
Zero Trust is quickly gaining traction in the healthcare sector, as the last holdouts commit to new initiatives in the future. In 2021, 37% of organizations had started implementing Zero Trust initiatives, but that's increased to 58% in 2022. It's also worth noting that 96% have at least one initiative planned within the next 12-18 months-and for the vast majority, those initiatives will involve identity.
The adoption of identity solutions has likewise driven transformation across the financial services industry, with many organizations focusing on their internal systems and workforces first:
How quickly regions adopt new security initiatives can shed light on their Zero Trust priorities. For instance, respondents in both EMEA and APAC are doubling down on privileged access management for cloud infrastructure:
Organizations across the APAC region are also heavily invested in automating provisioning and deprovisioning processes for employees, with rates of adoption expected to increase from 22% in 2021 to 76% in 2022. Adoption rates in EMEA are not far behind, with 74% of organizations indicating that they will implement the security practice within the next 18 months.
These trends tell a broad-strokes story of how Zero Trust adoption is transforming industries and security worldwide. To see the whole picture, read the full report.