January has been and gone and we’re still firmly in the midst of a pandemic, but it was a busy month in terms of Zero Trust security news. This month’s edition of Zero Trust Digest goes over our annual Cloud Security Report, Okta’s Business at Work Report, the CSA’s Cloud Controls Matrix version 4 as well as a few other pieces from industry analysts.

Cloud Security Report 2021

On January 19, we released our annual Cloud Security Report 2021, formerly known as the Mobile Threat Landscape. The report delves into the security and access challenges that IT faced in 2020, and unsurprisingly, there were a number of noteworthy data points.

Some of the key findings include::

  • 52% of organizations experienced a malware incident on a remote device in 2020, up from 37% in 2019; a 41% increase.
  • Of devices compromised by mobile malware in 2020, 37% continued accessing corporate emails after being compromised and 11% continued accessing cloud storage.
  • In 2020, 28% of organizations were regularly utilizing an operating system with a known security vulnerability.
  • Relative to pre-pandemic times, there has been a notable increase of up to 100% in connections to inappropriate content during office hours.
  • Phishing remains the number one threat on portable devices

2020 was an abnormal year and businesses of all sizes faced technological issues. Security continues to be a key IT investment for the year ahead and having an understanding of the challenges facing a distributed workforce will help determine priorities.

You can read the full version of the report here.

Business at Work 2021

Okta released its seventh ‘Business at Work’ report, providing an in-depth look into how organizations and people work today. As companies rushed to support a remote workforce and quickly engineer online customer experiences, strategies fully embraced technologies to stay afloat. The 41-page report provides a thorough analysis of application usage within Okta’s customer base analyzing:

  • the most popular apps being used, amongst those are M365, AWS and Zoom
  • how applications like M365, Google Workspace and Salesforce have secured strong footholds
  • the fastest-growing apps
  • preferred apps for developing digital experiences
  • which apps benefited from the remote working situation,
  • maturing of authentication strategies with 184% increase in authentications between February and October 2020 and the steady decline in weak factors used such as SMS and security questions.

One of the standout stats from the report was the average number of applications used by companies (88). As you can see from the graph below, there has been consistent growth across the board in application adoption.

You can read the full report here.

Cloud Security Alliance’s New Cloud Controls Matrix v4 Adds New Log and Monitoring Domain and More Than 60 New Cloud Security Controls

The Cloud Security Alliance (CSA) released version 4 of the Cloud Controls Matrix (CCM), their flagship framework for cloud computing. The CCM v4 includes additional cloud security and privacy-related controls and encompasses coverage of requirements deriving from new cloud technologies, improved control auditability, enhanced interoperability and compatibility with other standards, and expanded support offerings to navigate the cloud shared responsibility model.

You can read more on the new version of CCM here.

Cybersecurity investments will increase to 10% in 2021

According to the research firm Canalys, the overall cybersecurity market value is expected to reach $60.2 billion in 2021 covering endpoint security, network security, web and email security, data security, vulnerability and security analytics and identity and access management (IAM).

Despite continued growth in security investment, the number of data breaches and records being compromised, as well as ransomware attacks, reached an all-time high last year, demonstrating the strain of remote working on security strategies. Over 22 billion records containing PII were reportedly compromised in 2020.

You can read the full analysis here.

2021 State of CIO research

IDG released their 2021 State of the CIO research report, which looks at how the role of the CIO is being defined globally. According to the research:

  • 82% of CIOs say that they have implemented new technologies, IT strategies and/or methodologies.
  • 37% of organizations have increased their IT budget while 36% said they have made no changes, 27% made IT budget cuts
  • Most IT investment in the coming year includes transforming existing business processes, increasing cybersecurity protections and improving the customer experiences
  • CIOs are focusing their time on security management (44%), improving IT operations / systems performance (41%) and aligning IT initiatives with business goals (40%)
  • 68% of heads of IT say that the creation of new revenue-generating initiatives is among their job responsibilities
  • 81% say that automating business and IT processes has increased in importance following by interacting directly with customers (78%), developing a customer journey (75%) and creating more diverse and inclusive tech teams (71%)

You can read the full analysis here

Gartner Predicts 40% of Boards Will Have a Dedicated Cybersecurity Committee by 2025

Board Directors rate cybersecurity as the second-highest source of risk for enterprises, following regulatory compliance risk. By 2025, 40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member, up from less than 10% today according to Gartner.

CISOs will experience more scrutiny as a result, they are also likely to receive more support and resources. CISOs must expect executive conversations to shift away from performance and health-related discussions to risk-oriented and value-driven exercises.

According to the CISO effectiveness index, top-performing CISOs regularly meet with three times as many non-IT stakeholders as they do IT stakeholders.

You can read the full press statement here.

Webinar

How to secure SaaS applications when everyone is working remotely

Wednesday, February 17 2021 8:00 AM PST / 4:00 PM GMT

SaaS comes with a set of risks that companies need to consider as they embrace more cloud-hosted applications, but there are options for improving the organization’s defenses that IT and security leaders must consider. Find out at our upcoming webinar.

Register now