Zero trust adoption at tipping point, study finds

A new research study by Okta, an independent identity service provider, found consumers and businesses are adopting zero trust policies to protect identities and data. The 2022 State of Zero Trust report, published in August 2022 represents a global cohort of security leaders, noted Ryan Terry, senior solutions product marketing manager at Okta.

Zero trust, according to the National Institute of Standards and Technology, is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets and resources.

In an Aug. 16, 2022, blog post titled, “5 Important Insights from Our 2022 State of Zero Trust Report,” Terry noted that 97 percent of survey respondents have implemented a Zero Trust initiative or plan to do so, compared with 16 percent in 2019.

“Our fourth annual State of Zero Trust report, compiled from surveys with 700 security leaders, reveals a fundamentally changed landscape, where there is no one-size-fits-all security solution,” Terry wrote. “As different organizations, industries, and regions embrace varying Zero Trust strategies and priorities, some fascinating trends have emerged.”

Zero Trust highlights

Terry commended Okta researchers for painting a “broad-strokes picture” of zero trust adoption and highlighted the following five key insights from the report:

1. Global momentum: In the past year, zero trust program adoption has more than doubled worldwide. In 2021, only 24 percent of respondents had a zero trust initiative in place, and 65 percent had plans to implement one in the next 12 to 18 months. In 2022, 55 percent of respondents have a zero trust initiative in place, and 42 percent plan to implement one in the near term.

2. Security, user-friendliness can coexist: Security doesn’t have to come at the cost of usability and passwordless security is especially user friendly, respondents have found. Passwordless access is a priority globally over the next 12 to 18 months, with 24 percent of respondents planning to implement passwordless solutions.

3. Identity is key to zero trust: The central tenet of the zero trust security model, “never trust, always verify” has been embraced by 80 percent of respondents and 19 percent have deemed identity “business critical.”

4. Identity key to healthcare, financial services: Zero trust is gaining traction in healthcare, with 58 percent of organizations in the sector implementing Zero Trust initiatives in 2022, compared to 37 percent in the same period of the previous year. In addition, 96 percent have at least one initiative planned in the next 12 to 18 months.

5. Automation, access management: Zero trust includes privileged access management for cloud infrastructure in EMEA and APAC regions, according to the report, which projects EMEA adoption to reach 97 percent and APAC adoption to reach 88 percent in the next 18 months. By comparison, North American adoption rates will also double but top out at 70 percent. In addition, 76 percent of APAC businesses and 74 percent of EMEA businesses surveyed are automating provisioning and deprovisioning processes for employees.

Evolving security guidance

Srii Srinivasan, co-founder and CEO of Chargeback Gurus, described zero trust as a basic pillar of security that protects an organization’s internal and external stakeholders. “In a zero trust framework, all users within or outside of an organization must be authenticated, authorized and continuously validated,” she said. “Zero trust, combined with confidentiality to protect against data leaks, data integrity and training and awareness, represent fundamental guiding principles of security.”

Srinivasan further noted these guiding principles help stakeholders assess approaches to security. Having a good understanding and implementation of these principles, she noted, would directly impact the scope and type of assessments and security implementation.

Commenting on ever-changing technologies and threats, Srinivasan noted that security principles and implementation constantly evolve as hackers look for ways to exploit enterprises, citing the following examples:

1. Cross-border payments for money transfers as well as for ecommerce have blurred the lines on "who, how, when and where" of digital payments. This means the boundaries and associated rules are constantly redefined and rewritten.

2. Frictionless payments is another example of how innovation has made the act of payment seamless and easy to the consumer while the underlying technology behind it does bring in complexities and security aspects that service providers need to deal with.

3. QR Code based payments in many countries across the world have also made payment transactions seamless, but again they have been exploited by fraudsters using a new method of intercepting transactions by providing QR Codes embedded with malware to unsuspecting consumers.

A copy of the Okta research study is available at www.okta.com/resources/whitepaper-the-state-of-zero-trust-security-2022/ .

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.