CFOtech Asia - Technology news for CFOs & financial decision-makers
Story image
APAC orgs embracing Zero Trust Security, reveals Okta
Thu, 6th Oct 2022
FYI, this story is more than a year old

Okta, an independent identity provider, has revealed that a growing number of Asia-Pacific (APAC) organisations are embracing Zero Trust Security initiatives to overcome the challenges of today’s dynamic cyber threat landscape.

The State of Zero Trust Security in Asia Pacific 2022 report, commissioned by Okta and conducted by Pulse Q&A, found that the percentage of APAC organisations that had implemented a Zero Trust Security initiative had grown by 18 points from the 2021 figure to reach 50%.

While the rate of Zero Trust adoption among APAC organisations (18% YoY growth) was lower than the global figure (31% YoY growth), almost all (96%) respondents in APAC have a defined Zero Trust security initiative in play or in plan for 2022.

The report also found that APAC organisations were slower to recognise the importance of leaving passwords behind in the quest for more robust security and identity and access management (IAM) to combat increasingly sophisticated cyber threats. 

Of all organisations worldwide, those in APAC had the lowest adoption of password-less access, with only 0.5% having implemented it and only 10% planning to implement it in the next 18 months.

There is a growing consensus among global organisational thinking that an identity-first approach to Zero Trust is paramount and essential. 

This allows organisations to fully leverage identity and access management (IAM), by integrating it with other critical security solutions into a powerful central control point for intelligently governing access among users, devices, data, and networks. 

The research found that 80% of global organisations consider identity important to their overall Zero Trust security strategy, and an additional 19% say identity is business critical.

APAC respondents rated the importance of identity to their overall Zero Trust security strategy at 83%, while an additional 15% say identity is business critical.

While securing data, networks and devices continue to rank as the top priorities among surveyed organisations; a growing proportion recognises the importance of people to an identity-centric security model.

The report found organisations in the APAC region place a greater emphasis on automating the provisioning and de-provisioning of employees and working on privileged access for cloud infrastructure over the coming 18 months. As a result, the responses forecast an increase from 22% to 76% adoption, and from 43.5% to 88% adoption, respectively.

“By adopting Zero Trust Security, organisations can position themselves to overcome the challenges presented by hybrid work. They can adopt an identity-centric approach to network and resource access, rather than relying on outdated security models based on the traditional network perimeter," says Ben Goodman, SVP and General Manager for the Asia Pacific, Okta. 

“Our research showed that while APAC organisations lagged behind their global counterparts in implementing Zero Trust Security, 98% of respondents recognised that identity was important or business-critical to that approach.”

To be sure, Zero Trust Security is a security framework based on the assumption that every user, device, and IP address accessing a resource is a threat until proven otherwise. Therefore, it requires organisations to implement rigorous security controls to verify anything that attempts to connect to the corporate network. 

The rapid take-up of mobile, cloud, and hybrid working has put pressure on organisations to replace increasingly redundant ‘castle and moat’ security models with more agile, holistic approaches centred on identity.

In the context of Zero Trust Security, identity is an actor–whether human or process–that wants access to data for purposes that include retrieval, deletion, and modification. 

With an identity-centric approach, organisations can give the right people the right level of access to the right resources in the right context, with access assessed continuously.

Notably, Australia and New Zealand (ANZ) organisations lead their counterparts in the Asia-Pacific (APAC) in implementing Zero Trust security strategies to overcome the challenges of today's dynamic threat landscape. However, there is still much to be done, especially in moving away from passwords.

The State of Zero Trust Security in Asia Pacific 2022 report found that 53% of ANZ organisations had already commenced a Zero Trust initiative, which is higher than the APAC-wide number of 49%. Moreover, nearly all of the remainder planned to implement Zero Trust within the next 18 months.

"Like their APAC counterparts, ANZ organisations are slow to recognise the importance of leaving passwords behind in the quest for stronger security and identity and access management to combat increasingly sophisticated threats. Only 0.5% of ANZ organisations had password-less access, and just 11% planned to implement password-less access in the next 18 months," says Phil Goldie, Vice President and Managing Director, Okta ANZ. 

Despite the concept of Zero Trust Security being discussed as early as 2009, many APAC organisations and leaders lack an understanding of its benefits. This elevates risk in an environment of increasingly sophisticated security threats. 

However, most APAC organisations are acutely aware of the need to stop malicious actors from compromising their people, systems, and data to the extent that 75% of those surveyed prioritised security over the usability of business-critical applications and resources, unlike most of their global counterparts.

Of those APAC organisations that have yet to implement a Zero Trust Security initiative, 38% said they planned to do so over the next six to 12 months.

Unfortunately, as with many ICT projects, the global talent crunch presents a sizeable challenge; 31% of APAC organisations cited talent and skills shortages as a challenge, followed by a lack of stakeholder buy-in and lack of awareness of Zero Trust Security solutions, both cited by 18% of respondents.

The report found that APAC organisations typically followed through on their 2021 commitments to invest in Zero Trust Security. 

Last year, 76% of organisations in the region pledged to increase their Zero Trust Security budgets moderately or significantly, and 82% of APAC organisations in this year’s survey reported a moderate or significant increase.