The remote work economy has accelerated a Zero Trust culture in APAC, but companies urgently need to upgrade their defence to adapt to a new threat landscape
SINGAPORE – Media OutReach – 14 October 2021 – Across Asia Pacific, the unprecedented mass migration of organizations’ IT infrastructure to cloud and digital systems in the past year has compressed years of planned digital transformation into a matter of months – or even weeks.
While this agility is impressive, the addition of countless new devices, networks and applications to organizations’ IT ecosystems within a short period of time has increased businesses’ vulnerability to threat actors, who now have more avenues to exploit.
The need for Zero Trust Security – which emphasises a “never trust, always verify” approach through continuous assessment of user access privileges for individual resources – has thus become crucial, especially with greater adoption of cloud-based technologies.
To learn more about how organizations in the region are approaching Zero Trust Security today, and in a post-pandemic world where hybrid working becomes a norm, leading independent identity provider Okta surveyed 400 security leaders in Asia Pacific, as part of a study – The State of Zero Trust Security in Asia Pacific 2021.
Notably, APAC organizations prioritise Zero Trust Security the most – COVID-19 has accelerated Zero Trust Security as a priority in 77% of APAC organizations – higher than EMEA (76%), and North America (74%).
Despite the emphasis on Zero Trust Security, at the time of the survey APAC organizations were clearly lagging their counterparts in EMEA and North America – only 13% had already implemented a Zero Trust Security strategy, compared to 20% of organizations each in EMEA and North America.
The greatest challenges for Asia Pacific organisations in adopting a Zero Trust Security infrastructure include:
- Talent/skill shortage (44%)
- Cost concerns (22.3%)
- Technology gaps (14.3%)
“Organisations across Asia Pacific have practiced hybrid working arrangements for the past year and a half. Today, most business leaders recognise the value of such arrangements in driving long term business growth post pandemic, and are committed to sustaining them,” said Graham Sowden, General Manager, Asia Pacific, Okta.
“However, it is imperative to the long-term growth of these businesses that they continue to be vigilant in anticipating new threats that emerge in this new digital landscape, by continually assessing their current IT infrastructure, and making strategic investments to stay ahead of threat actors,” he added.
The study introduces Okta’s Identity Access Management Curve, which reviews organizations’ identity-driven security practices on everything from the type of resources they manage, to how they provision and deprovision users.
Adoption in APAC is promising – Stage 1 implementations such as single sign-on for employees, along with multi-factor authentications have been implemented at 84% of organizations.
However, when it comes to Stage 2 strategies and solutions, there is room for improvement – for instance, only 35% have implemented secure access to APIs. Additionally, while only 3% of organizations have context-based access policies, 40% intend to implement it within the next 12-18 months.
“It is promising that most APAC organisations have the fundamentals covered,” Sowden adds. “But the reality is that threat actors will only get savvier and find new avenues to exploit vulnerabilities. Adopting advanced measures like passwordless technologies
Okta is the leading independent provider of identity for the enterprise. The Okta Identity Cloud enables organisations to securely connect the right people to the right technologies at the right time. With over 7,000 pre-built integrations to applications and infrastructure providers, Okta customers can easily and securely use the best technologies for their business. More than 10,650 organizations, including JetBlue, Nordstrom, Slack, T-Mobile, Takeda, Teach for America and Twilio, trust Okta to help protect the identities of their workforces and customers.
Commissioned by Okta, Pulse Q&A conducted a survey of 300 director and above security decision makers at APAC companies across multiple industries. In Japan, Rakuten Insight conducted a survey with 100 security decision makers. Decision makers were defined as someone responsible for making technology purchasing decisions, and Pulse collected responses in early 2021.
Respondents hailed from organisations with at least 500 staff. About 40% of the respondents worked with companies with more than 10,000 headcount. Key industries covered include finance, banking and insurance, healthcare and social assistance, software, and others.