Zero Trust Programs Rapidly Gain Traction

Zero Trust is taking root in the corporate world and gaining increasing importance: New insights from Okta on preferred measures across various industries.

TL;DR

Zero Trust on the rise: Companies worldwide are implementing Zero-Trust strategies as a new security standard.
MFA as the foundation: Multi-Factor Authentication is the most frequently implemented Zero-Trust measure.
Industry-wide: From financial services to manufacturing, everyone is embracing Zero Trust.
Okta study: Data on adoption rates and preferred measures by industry.
Principle: “Never trust, always verify” – access only after continuous verification.

In the race against increasingly sophisticated cyberattacks, companies worldwide are increasingly focusing on implementing Zero-Trust initiatives. This is the central finding of the report “State of Zero Trust Security 2023” by the identity provider Okta, based on interviews with 860 security professionals and top decision-makers.

Specifically, 61 percent of respondents state that they have already implemented a Zero-Trust strategy. Another 28 percent plan to do so within the next 6-12 months. In other words, currently six out of ten companies are on their way to more comprehensive implementation of Zero Trust, compared to 24 percent the previous year.

Identity Management Gains Importance

Not surprisingly: 51 percent of all surveyed decision-makers consider identity management to be “very important” for their business strategy. In comparison, this share was only about 27 percent last year. Furthermore, half of these decision-makers agree that responsibility for Zero Trust and identity management should lie with the security teams. This development is likely due to the fact that identity-based attacks, such as phishing, remain among the most widespread threats. Security teams have more specialized competencies in this area compared to IT.

It is therefore hardly surprising that corresponding budgets are being made available for the implementation of these initiatives. A full 80 percent of participants reported that their budgets for Zero Trust have increased compared to the previous year. More precisely, 60 percent reported budget increases of up to 25 percent, while another fifth reported even larger increases. This increase in investment is due, among other things, to the rise of hybrid work models, unrestricted access to cloud environments, and the increasing number of attacks on corporate networks.

Employees Remain the Biggest Security Risk

Nevertheless, the authors of the study emphasize that Zero Trust is far from a self-runner, as there are still many uncertainties to be managed. At the top of the list are employees who want to log in from anywhere using any device. Additionally, there is a lack of expertise due to low staffing levels in the security sector and gaps in the modernization of IT infrastructure. The challenges of Zero Trust have therefore become more complex and structural.

To best address the uncertainty factor of “human,” 34 percent of all IT and security decision-makers surveyed rely on Multi-Factor Authentication – for both external partners and suppliers. 33 percent prefer this security measure for their own employees. In contrast to the previous year’s report, where usability was in the foreground due to the many hybrid work models, now two out of three companies tend to focus more on security within the Zero Trust approach.

Leaders in Zero Trust: Financial Services and Software Industry

A look at Zero Trust initiatives across industries reveals: Depending on whether and to what extent industries are subject to legal regulations, the security measures they use also vary to ensure reliable compliance. For example, if you look at the financial and healthcare sectors, as well as the public sector and the software industry, you notice that while all industries have made the greatest progress in Zero Trust implementation, there is still a long way to go. Financial services lead with 71 percent in Zero Trust initiatives, closely followed by the software industry with 69 percent. The public administration (58 percent) and healthcare (47 percent) are in third and fourth place.

Financial Services Focus on Protecting Servers and Databases

Hardly any industry experienced as many security attacks last year as the financial sector. In the years 2021, 2022, and the current year, this industry regularly had to deal with the most serious data breaches – often affecting millions of consumer data. Therefore, Zero Trust was implemented particularly early here. As early as 2022, half of all decision-makers surveyed worldwide were already using Zero Trust. This year, this number increased by a further 21 percent. More than 90 percent of respondents consider identity management to be key.

Regarding resource protection, financial services have particularly focused on their servers, databases, and SaaS applications. 62 percent state that they have already taken measures to protect these resources, while 51 percent are planning accordingly. In terms of access protection, 43 percent rely on Single Sign-On (SSO) or Multi-Factor Authentication. Additionally, 36 percent use Privileged Access Management for the cloud.

Three Top Zero Trust Initiatives in Financial Services

Multifactor-Authentifizierung für Mitarbeiter (43 Prozent umgesetzt / 42 Prozent geplant)
Privileged Access Management für Cloud-Infrastrukturen (36 Prozent umgesetzt / 45 Prozent geplant)
Sicherer Zugriff auf APIs (33 Prozent umgesetzt / 47 Prozent geplant)

Zero Trust in the Software Industry: From Zero to 70 in Two Years

With far less regulation, the software industry matches the financial sector in Zero Trust adoption. From nearly zero companies in 2021, the adoption rate of a Zero-Trust strategy stands at almost 70 percent today. This rapid growth is likely driven by software developers’ deep understanding of why identity-based security is a critical asset worth protecting. 61 percent prioritize protecting their servers, 58 percent focus on databases, and 48 percent each target internal and SaaS applications.

Three Top Zero Trust Initiatives in the Software Industry

Multifactor-Authentifizierung für Mitarbeiter (34 Prozent umgesetzt / 43 Prozent geplant)
Sicherer Zugriff auf APIs (34 Prozent umgesetzt / 42 Prozent geplant)
Privileged Access management für Cloud-Infrastrukturen ( 27 Prozent umgesetzt / 44 Prozent geplant)

Public Sector: Zero Trust Defies Bureaucracy

The public sector also faces intense pressure regarding security frameworks. Despite stringent regulation and bureaucratic hurdles, 58 percent have already implemented a Zero-Trust strategy. Nearly one-third plan to do so within the next 6-12 months. Servers and databases were identified as the most critical assets requiring protection. Accordingly, over half of all respondents stated they protect their servers via Single Sign-On (SSO) connections and Multi-Factor Authentication (MFA). At least 43 percent have deployed one or both of these measures.

Three Top Zero Trust Initiatives in the Public Sector

Multifactor-Authentifizierung für Mitarbeiter (33 Prozent umgesetzt / 34 Prozent geplant)
Sicherer Zugriff auf APIs (30 Prozent umgesetzt / 35 Prozent geplant)
Single Sign On für Mitarbeiter (27 Prozent umgesetzt / 36 Prozent geplant)

Despite High Cost Pressure, Zero Trust Is Implemented

Even if many healthcare facilities have not yet modernized their IT infrastructure and IT has had to contend with cost-cutting mandates, the importance of security concepts like Zero Trust is widely recognized. When asked about prioritized resource protection, respondents cited deploying Multi-Factor Authentication (MFA) for employees and external users, followed by integrating employee directories with cloud applications.

Three Top Zero Trust Initiatives in Healthcare

Multifactor-Authentifizierung für Mitarbeiter (34 Prozent umgesetzt / 52 Prozent geplant)
MFA für externe Nutzer (Lieferanten, Partner) (40 Prozent umsetzt / 38 Prozent geplant)
Mitarbeiter-Directories an Cloud-Anwendung angebunden (38 Prozent umgesetzt / 40 Prozent geplant)

Key Facts at a Glance

Principle: “Never trust, always verify” – no access without verification

Top Measure: MFA (Multi-Factor Authentication) most frequently implemented

Other Measures: Microsegmentation, Least Privilege, continuous monitoring

Drivers: Remote work, cloud migration, increasing cyberattacks

Source: Okta State of Zero Trust Report

Fact: Only 22 percent of German companies have already implemented a Zero-Trust strategy, according to IDC.

Fact: Companies with Zero-Trust architecture save an average of $1.76 million on security incidents, according to IBM.

Frequently Asked Questions

What does Zero Trust mean?

Zero Trust is a security concept that does not trust any user or device – regardless of whether they are inside or outside the corporate network. Every access is continuously verified, authenticated, and authorized.

Why is Zero Trust necessary today?

Traditional perimeter security (firewall around the corporate network) no longer works: Remote work, cloud services, and mobile devices dissolve fixed network boundaries. Zero Trust also protects in distributed, hybrid environments.

What measures belong to Zero Trust?

Multi-Factor Authentication (MFA), microsegmentation of the network, Least-Privilege Principle (minimal access rights), continuous monitoring, identity management, and automated policy enforcement.

Is Zero Trust only relevant for large companies?

No. The principle can be implemented step by step. Even MFA and Least-Privilege access controls significantly improve security. Cloud-based identity solutions make Zero Trust accessible and affordable for SMEs as well.

How long does it take to implement Zero Trust?

Zero Trust is not a one-time project but an ongoing strategy. Initial measures like MFA and network segmentation can be implemented in weeks. A complete Zero-Trust architecture is a multi-year process that requires continuous adaptation.