Organisations in Asia Pacific are prioritising Zero Trust Security more than other regions, but lag in implementation, according to new research from Okta.
Across the rgion, the unprecedented mass migration of organisations' IT infrastructure to cloud and digital systems in the past year has compressed years of planned digital transformation into a matter of months or even weeks.
While this agility is impressive, the addition of countless new devices, networks and applications to organisations' IT ecosystems within a short period of time has increased businesses' vulnerability to threat actors, who now have more avenues to exploit.
The need for Zero Trust Security which emphasises a "never trust, always verify" approach through continuous assessment of user access privileges for individual resources has thus become crucial, especially with greater adoption of cloud-based technologies.
Okta surveyed 400 security leaders in Asia Pacific, as part of its State of Zero Trust Security in Asia Pacific 2021 study.
Notably, APAC organisations prioritise Zero Trust Security the most COVID-19 has accelerated Zero Trust Security as a priority in 77% of APAC organisations - higher than EMEA (76%), and North America (74%).
Despite the emphasis on Zero Trust Security, at the time of the survey APAC organisations were clearly lagging their counterparts in EMEA and North America only 13% had already implemented a Zero Trust Security strategy, compared to 20% of organisations each in EMEA and North America.
The greatest challenges for Asia Pacific organisations in adopting a Zero Trust Security infrastructure include:
- Talent/skill shortage (44%)
- Cost concerns (22.3%)
- Technology gaps (14.3%)
"Organisations across Asia Pacific have practiced hybrid working arrangements for the past year and a half. Today, most business leaders recognise the value of such arrangements in driving long term business growth post pandemic, and are committed to sustaining them," says Graham Sowden, general manager, Asia Pacific, Okta.
"However, it is imperative to the long-term growth of these businesses that they continue to be vigilant in anticipating new threats that emerge in this new digital landscape, by continually assessing their current IT infrastructure, and making strategic investments to stay ahead of threat actors," he says.
The study introduces Okta's Identity Access Management Curve, which reviews organisations' identity-driven security practices on everything from the type of resources they manage, to how they provision and deprovision users.
Adoption in APAC is promising Stage 1 implementations such as single sign-on for employees, along with multi-factor authentications have been implemented at 84% of organisations.
However, when it comes to Stage 2 strategies and solutions, there is room for improvement for instance, only 35% have implemented secure access to APIs. Additionally, while only 3% of organisations have context-based access policies, 40% intend to implement it within the next 12-18 months.
"It is promising that most APAC organisations have the fundamentals covered," Sowden adds.
"But the reality is that threat actors will only get savvier and find new avenues to exploit vulnerabilities. Adopting advanced measures like passwordless technologies such as biometrics and contextual factors, for instance will help businesses increase security and tackle data breaches more effectively."