The latest 'State of Zero Trust Security' report for 2023 by Okta reveals that Zero Trust has now become mainstream. The report shows an exponential increase in the adoption of this contemporary security framework in the last two years, with 61% of organisations having a defined Zero Trust initiative in place and a further 35% intending to implement one shortly.
David Bradbury, Chief Security Officer at Okta, asserts that we are significantly beyond the "tipping point" for Zero Trust. Bradbury said in an Okta blog post that this is no longer a matter of "will this happen?", but a clear case of "this is happening". The report, which gleaned insights from over 800 decision-makers around the globe, portrays a world where organisations are comprehensively embracing Zero Trust to protect their people, assets and infrastructure. Yet, despite these positive statistics, the study also exposed persisting obstacles to wider adoption of Zero Trust.
Respondents in this year’s report reported a variety of deterrents when trying to establish Zero Trust, with issues surrounding costs, technology gaps, and privacy regulations/data security being the most prominent. Okta asserts that Identity is integral to a Zero Trust strategy. Their identity-first approach assures that appropriate individuals have the suitable level of access to the right resources, while also ensuring that this access is perpetually assessed, delivering an optimal balance between security and user experience.
The report finds that the role of Identity in overall security strategies has nearly doubled. Previously, just 27% of global respondents declared the concept of Identity as "extremely" important, whilst this year, that figure surged to 51%. The study outlines how Zero Trust has swiftly transitioned from just being a plan of action to the new norm. Back in 2021, only 24% of respondents reported having an established Zero Trust initiative in place, but that figure climbed to 55% in 2022 and 61% in 2023.
Although global budgets are tightening due to varied macroeconomic pressures, the funding for Zero Trust initiatives continues to rise. A remarkable 80% of survey participants reported a growth in their budgets for Zero Trust security initiatives over the previous year.
"People" remain the top concern for security projects, reflecting Identity's pivotal function in Zero Trust security initiatives. Of the respondents, 71% deemed Identity important to Zero Trust's security approach last year but only 27% considered it crucial for business. This year, 51% of respondents labelled Identity as "extremely important", while 40% deemed it "somewhat important".
The report also emphasised a growing demand for phishing resistant authenticators as an alternative to passwords, which are currently the leading authentication factor across industries. Okta suggests a passwordless approach with phishing resistant authenticators to offer improved security against Identity-based attacks such as phishing and increase the difficulty for threat actors to commit impersonation.