Across the Asia Pacific, the unprecedented mass migration of organizations’ IT infrastructure to cloud and digital systems in the past year has compressed years of planned digital transformation into a matter of months – or even weeks.
While this agility is impressive, the addition of countless new devices, networks and applications to organizations’ IT ecosystems within a short period of time has increased businesses’ vulnerability to threat actors, who now have more avenues to exploit.
The need for Zero Trust Security – which emphasises a “never trust, always verify” approach through continuous assessment of user access privileges for individual resources – has thus become crucial, especially with greater adoption of cloud-based technologies.
To learn more about how organizations in the region are approaching Zero Trust Security today, and in a post-pandemic world where hybrid working becomes a norm, independent identity provider Okta surveyed 400 security leaders in Asia Pacific, as part of a study – The State of Zero Trust Security in Asia Pacific 2021.
Notably, APAC organizations prioritise Zero Trust Security the most – COVID-19 has accelerated Zero Trust Security as a priority in 77% of APAC organizations – higher than EMEA (76%), and North America (74%).
Despite the emphasis on Zero Trust Security, at the time of the survey APAC organizations were clearly lagging their counterparts in EMEA and North America – only 13% had already implemented a Zero Trust Security strategy, compared to 20% of organizations each in EMEA and North America. The greatest challenges for Asia Pacific organisations in adopting a Zero Trust Security infrastructure include, talent/skill shortages (44%), cost concerns (22.3%) and technology gaps (14.3%).
“Organisations across Asia Pacific have practiced hybrid working arrangements for the past year and a half. Today, most business leaders recognise the value of such arrangements in driving long term business growth post pandemic, and are committed to sustaining them,” said Graham Sowden, General Manager, Asia Pacific, Okta.
“However, it is imperative to the long-term growth of these businesses that they continue to be vigilant in anticipating new threats that emerge in this new digital landscape, by continually assessing their current IT infrastructure, and making strategic investments to stay ahead of threat actors,” he added.
The study introduces Okta’s Identity Access Management Curve, which reviews organizations’ identity-driven security practices on everything from the type of resources they manage, to how they provision and deprovision users.
Adoption in APAC is promising – Stage 1 implementations such as single sign-on for employees, along with multi-factor authentications have been implemented at 84% of organizations.
However, when it comes to Stage 2 strategies and solutions, there is room for improvement – for instance, only 35% have implemented secure access to APIs. Additionally, while only 3% of organizations have context-based access policies, 40% intend to implement it within the next 12-18 months.
“It is promising that most APAC organisations have the fundamentals covered,” Sowden adds. “But the reality is that threat actors will only get savvier and find new avenues to exploit vulnerabilities. Adopting advanced measures like passwordless technologies − such as biometrics and contextual factors, for instance – will help businesses increase security and tackle data breaches more effectively.”