5 Key Takeaways from Our 2021 State of Zero Trust Security Report

How important is it to implement Zero Trust? We asked over 600 business and security leaders across North America, Asia Pacific (APAC), Europe, the Middle East, and Africa (EMEA)—and the overwhelming consensus is that it has become crucial.

With the unprecedented shift to remote work, the adoption of new digital products and services, and the rising threat of cyber attacks, security experts and business leaders are prioritizing Zero Trust more than ever. In a world where people are logging on from everywhere, identity is the new perimeter, and that means the only way to protect your data is to treat all user traffic as untrusted.

Here’s a closer look at five overarching themes that emerged from our 2021 State of Zero Trust Security report, and what they tell us about how decision makers are embracing a modern security framework.

1. The newfound focus on Zero Trust is fuelled by distributed work

There is a strong correlation between remote work adoption and Zero Trust implementation. In 2020, 41% of organizations said they were working on a Zero Trust initiative or intended to start one in the near future. This year, that number spiked to 90%. In fact, 78% call it out specifically as an area of growing priority, and are committed to increasing their investments in it. This shift in priorities was especially extreme in the EMEA region, where only 18% of organizations had a Zero Trust agenda in 2020, yet 90% have one or are starting one in 2021.

Adoption is even higher when looking exclusively at Forbes Global 2000 (F2000) companies, with 95% showing a commitment to Zero Trust: 

• 50% currently have a Zero Trust initiative in place
• 45% plan to implement Zero Trust within 12–18 months

F2000 companies are also investing more: 83% of these global leaders are boosting their Zero Trust security budgets due to changes brought on by the pandemic—and of those, 14% report that the budget is set to grow significantly.

2. It’s imperative for people and devices to be authenticated

When talking about Zero Trust, it’s often said that people are the new corporate perimeter, and the survey responses reflect this. Most decision makers stated that people are a top focus when determining which security initiatives to tackle first:

• Globally, 33% said people was their top priority
• 26% said devices were their top priority
   

This focus upon people coincides with a key finding that Gartner highlighted in its top ten security trends for 2021 —that identity is actually the de facto corporate perimeter.

3. Sophisticated Zero Trust adoption has accelerated rapidly

To help organizations measure their Zero Trust progress and plan their next steps, Okta developed the Zero Trust Maturity Curve. In the past, advancing across its three stages may have seemed ambitious. But it doesn’t look that way anymore.
The APAC region has progressed by leaps and bounds, with all projects in Stage 1 of the Zero Trust Maturity Curve expected to be adopted by more than half of all companies by 2023—and at least half will adopt four out of the five main initiatives in Stage 2 as well.

North American companies are a bit further behind, but building momentum. Connecting employee directories to cloud apps is an essential step along the Zero Trust Maturity journey, and 74% of organizations have already done this, or will do so in the next 12 to 18 months.

4. Organizations want long-term strategies, not quick wins

Gone are the days when identity initiatives were implemented as one-off projects with limited impact. Today, global organizations have accepted that identity is the foundation on which security is built, and they’re focused on adopting solutions such as single sign-on (SSO) and multi-factor authentication (MFA) for their contractors, partners, and suppliers, along with advanced capabilities such as context-based access policies and passwordless authentication.

Within the next 12–18 months, 39% of companies in EMEA are prioritizing secure access for external users with SSO, and 40% are pursuing this with MFA. In APAC, these numbers are 17% and 25%, respectively.

As for passwordless authentication, a quarter of companies worldwide have stated that they currently have options for their users, or will soon have them. In the imminent future, adoption among North American companies is forecast to leap from 1% to 43%. And while only 9% of Forbes Global 2000 companies offer passwordless options today, that number is set to grow to 41% by the end of 2022.

5. Financial services, healthcare, and software companies are making Zero Trust a priority

While organizations across many sectors have implemented a Zero Trust security model, a handful of industries stood out in our data:

• It comes as no surprise that it’s a priority for 76% of healthcare companies, with their strict compliance requirements and accelerated digitization due to the pandemic.
• Financial services organizations are also making strides; the number of companies with Zero Trust plans has gone from 48% in 2020 to 94% in 2021.
• Security is a critical differentiator for software. While only 9% of tech companies have a Zero Trust initiative in place today, 79% plan to adopt them in the next year.

Read the full report

In this new world of distributed workforces, rapid digitization, rising threats, and heightened regulatory requirements, identity is the new perimeter—and Zero Trust security is the common denominator. Read the full State of Zero Trust Security report, or try this free assessment tool to see where your business ranks on the Zero Trust Maturity Curve.