5 Important Insights From Our 2022 State of Zero Trust Report
What a difference four years makes.
Since launching our first State of Zero Trust report in 2019, we’ve been saying that the framework represents the future of security. This year, Zero Trust adoption reached a tipping point.
In 2019, many organizations that we surveyed acknowledged that Zero Trust was important, but just 16% had invested in Zero Trust initiatives. In 2022, organizations are ready to take action; 97% of survey respondents have a defined Zero Trust initiative in place or plan to have one within the next few months.
Our fourth annual State of Zero Trust report, compiled from surveys with 700 security leaders, reveals a fundamentally changed landscape, where there is no one-size-fits-all security solution. As different organizations, industries, and regions embrace varying Zero Trust strategies and priorities, some fascinating trends have emerged.
Here are five key insights from the 2022 report.
1. Zero Trust initiatives have come astonishingly far in one year
In the past year, the evolution of Zero Trust programs has been remarkable. In fact, the percentage of companies with a defined Zero Trust initiative in place more than doubled:
- In 2021, only 24% of respondents had a Zero Trust initiative in place, and 65% had plans to implement one in the next 12-18 months
- In 2022, 55% of respondents have a Zero Trust initiative in place, and 42% say they’ll implement one in the near future
2. More than ever, security and usability are mutually inclusive
In 2020, organizations worldwide needed to abruptly support distributed, dynamic workforces, so it’s understandable that considerations around accessibility and user-friendliness often overrode security concerns.
After implementing systems that enabled teams to work from anywhere, many organizations accrued security debt and are now learning where their vulnerabilities lie. But they’ve also realized that security doesn’t have to come at the cost of usability, as the increasingly widespread adoption of passwordless authentication proves:
- Passwordless access is a priority globally over the next 12-18 months
- 24% of financial services respondents are planning to move forward with it soon, or have already done so
- Nearly one-fifth of healthcare (17%) and software respondents (18%) expect to do likewise
3. The verdict is in—identity is vital for a Zero Trust strategy
The central tenet of the Zero Trust security model is “never trust, always verify”—and while there may be a range of methods to do that, none is as reliable as identity and access management.
- 80% of respondents deem identity important to their Zero Trust strategies
- 19% have taken this a step further, declaring identity to be business critical
In total, identity is singled out as a key contributor to Zero Trust among 99% of organizations surveyed. The numbers are similar when speaking to senior leaders, such as CISOs and other C-suite executives, with 98% recognizing the integral role of identity in a robust Zero Trust approach.
“We’re becoming an identity-driven security team, which is a real shift in culture, because we’re talking about a team that was built for a flat, on-prem network.” — John McLeod, CISO, NOV
4. Identity is a key focus for healthcare and financial services
Zero Trust is quickly gaining traction in the healthcare sector, as the last holdouts commit to new initiatives in the future. In 2021, 37% of organizations had started implementing Zero Trust initiatives, but that’s increased to 58% in 2022. It’s also worth noting that 96% have at least one initiative planned within the next 12-18 months—and for the vast majority, those initiatives will involve identity.
- 99% of healthcare organizations consider identity central to their Zero Trust strategies
- 72% of those respondents describe it as important, while 27% say it’s business critical
The adoption of identity solutions has likewise driven transformation across the financial services industry, with many organizations focusing on their internal systems and workforces first:
- Nearly 75% of financial services companies aim to extend single sign-on (SSO) and MFA to servers, databases, and APIs within 18 months
- For almost 80% of respondents, SSO has already been extended to employees, but at present, only 37% have extended MFA to users outside their organizations
5. EMEA and APAC prioritize automation and access management
How quickly regions adopt new security initiatives can shed light on their Zero Trust priorities. For instance, respondents in both EMEA and APAC are doubling down on privileged access management for cloud infrastructure:
- Adoption rates in the EMEA region are scheduled to reach 97% in the next year and a half
- For APAC, adoption rates in the next 18 months are projected to double, rising from 44% in 2021 to 88% in 2022
- By comparison, adoption rates in North America will also double but top out at 70%
Organizations across the APAC region are also heavily invested in automating provisioning and deprovisioning processes for employees, with rates of adoption expected to increase from 22% in 2021 to 76% in 2022. Adoption rates in EMEA are not far behind, with 74% of organizations indicating that they will implement the security practice within the next 18 months.
Read the full report
These trends tell a broad-strokes story of how Zero Trust adoption is transforming industries and security worldwide. To see the whole picture, read the full report.