Over 85% of organizations around the world have increased their zero trust cybersecurity budgets since 2021. Last year, 24% of organizations had a zero trust initiative in place, while in 2022 that number increased to 55%.

The State of Zero Trust Security 2022 report from Okta surveyed 700 security decision-makers about zero trust adoption and maturity at their organizations. The report identified five levels of zero trust maturity across businesses and found key characteristics of each maturity level.

1. Traditional

At the first stage of zero trust adoption, the report found that organizations experience the challenges of a lack of zero trust maturity, such as higher levels of cyber risk. According to the report, implementing multi-factor authentication (MFA) for employees at this stage can help organizations progress to the next step of zero trust adoption.

2. Emerging

As an organization's cloud adoption expands, the need to secure the expanding cyberattack surface becomes more relevant. For organizations considering zero trust, this step involves implementing MFA for external users, adding tools such as single sign-on (SSO) across the employee base, and determining secure applications for enterprise use automatically.

3. Maturing

Organizations with advanced cloud and remote work structures may have a greater need for identity management frameworks, such as zero trust. Maturing businesses can expand SSO to external users, introduce automated role-based access control (RBAC), and monitor for cyber threats across their cloud infrastructure.

4. Elevated

Businesses in the elevated stage of cloud and zero trust adoption can look into phasing out legacy technologies and focusing on application security. Securing application programming interfaces (APIs) and focusing on context-based access management can be goals during this stage.

5. Evolved

Evolved organizations have put zero trust strategies in place in their networks and can monitor for real-time threats to their attack surface. Identity management strategies that evolved organizations can consider include passwordless authentication and access control at the data level, according to the report.

For more report insights, click here.