Zero Trust Architecture Rises Across Industries.

• Author: Roaten, Meredith
• Position: ALGORITHMIC WARFARE

Government agencies and businesses around the world are moving rapidly to adopt the cybersecurity practice zero trust, a change from just a few years ago, according to a new report.

Information technology company Okta recently released its annual global snapshot of zero trust implementation across industries and found that 72 percent of government organizations surveyed were already employing zero trust methods. Across all industries, including healthcare and software, 55 percent of companies said they had zero trust initiatives, which is more than double the amount in the previous year's survey.

Okta surveyed 700 security decision makers across "many" organizations and companies internationally for the report "The State of Zero Trust Security 2022."

The company has released the whitepaper annually since 2019, and cybersecurity has drastically changed since then, said Sean Frazier, Okta's federal chief security officer. Zero trust architecture--which mandates that even users known to a network be double-checked throughout their time on the network--is becoming more prevalent through identity- and access-based protections, he said.

Even though government agencies were ahead of the curve globally, the clock is ticking for the U.S. government. A May 2021 Biden administration executive order requires all federal entities to implement zero trust methodology by 2024. The administration followed up the order by issuing a zero trust reference architecture last fall.

The COVID-19 pandemic changed the threat landscape, explained Booz Allen Hamilton's senior solution architect Imran Umar, who heads zero trust assessments at the consultant firm. Defense companies and agencies alike have praised the flexibility that working from home allows, but it also creates new opportunities for cyber attacks.

"Users are now sort of distributed. They're not in some central location at a headquarters all working together," which changes the threat vector, he said.

For example, employees working from home may introduce their own devices, which may not have a cyber-hardened connection to the main network. "So taking into account all those different attributes whether it's the user identity, behavioral analytics and the combination of things like device health status--is very important, especially if you have a very large remote workforce," he said.

But the shift is not just "a pandemic-related spike," according to the Okta report. Frazier said he sees zero trust as the...