Health sector stands out in the adoption of Zero Trust practice 

How has the use of the Zero Trust concept, which preaches never trust; always verify, evolved in recent times? Companies have become aware that there is no way to effectively apply the moat-protected castle mentality in the field of cyber security and that, in a cloud-dominated world, there is no perimeter that can be established to mount a defence against cyber criminals.

In short, Zero Trust is a security model based on three fundamental principles: nobody and nothing is trusted by definition; the rule of least privilege must be used, and a comprehensive monitoring scheme must be implemented.

According to the “Okta State of Zero Trust Security 2021” report released last year, the percentage of companies with a Zero Trust initiative in place had more than doubled from 24% to 55%, but how have things evolved in recent months?

According to the 2022 edition of the same survey, it can be said that the Zero Trust mindset is essential today. More than half of the organisations surveyed (55%) have a Zero Trust initiative in place, and the vast majority (97%) plan to have one in the next 12 to 18 months. What’s more, the study also made clear that these actions are not limited by the size of the organizations, geographic location or industry sector.

Not surprisingly, data, networks and devices continue to be named as the highest priority categories, although the research predicts that this may change over time, with the people aspect gradually gaining stature as more emphasis is placed on users and less on equipment. “Identity is a powerful force multiplier for Zero Trust initiatives, even if it is not their only important component,” the study reinforces, explaining that ensuring that each person always has the right level of access to the right resources has been as important for cybersecurity, but also for management, compliance and many other concerns associated with the technology universe.

And it seems that the concept of identity is gaining ground in practice – 80% of respondents said identity is important in Zero Trust security strategy, and 19% even said identity is business critical. So it’s no wonder that Gartner recently listed “identity system defence” among the top seven cybersecurity trends for 2022 in an article.

Health on the rise

This year, the research deepened its analysis across four main sectors – healthcare, financial services, software and, for the first time, government – to try to understand their specific needs are influencing Zero Trust adoption, in particular how they balance often opposing forces of security and usability.

What was interesting to note, according to the survey, is that respondents this year considered security a slightly higher priority than usability – a change from 2021. An example of this came from the healthcare segment, which is reducing its reliance on low assurance and vulnerable factors such as passwords, placing greater attention on security with more secure and, not always, easier-to-use solutions.

The number of healthcare respondents with a Zero Trust initiative underway or plans to begin such initiatives in the next 12-18 months has risen from 91% in 2021 to 96% in 2022. A whopping 58% of healthcare respondents have already begun implementing their initiatives, up an impressive 21 percentage points from 37% last year.

One of the biggest advances in terms of identity projects in the coming months for this sector will be adopting context-based access policies: only 6% of respondents said they already have such policies in place, but another 40% expect to implement them in the next 12-18 months. All healthcare respondents said they plan to extend Single Sign-On (SSO), MFA or both to SaaS applications, internal applications and servers in the next 12-18 months. Healthcare organizations are also focusing on IaaS.

Challenges still to be faced

Despite significant progress in Zero Trust initiatives compared to the past, there are still several challenges of concern. When security leaders were asked what the top barriers to implementing Zero Trust were, talent and skills shortages were listed as the top challenge in North America, APAC and among the Global 2000. In EMEA, the cost was considered an equal challenge and awareness was ranked as an even greater concern.

It is important to point out that Zero Trust is a guiding principle that requires several security solutions to work in a perfectly integrated way. Each company has a different starting situation, different resources and priorities, so walking the path towards Zero Trust, even if it leads to the same destination, will be a particular experience for each one.