Okta, Inc. (NASDAQ: OKTA), one of the leading independent identity providers, today revealed that a growing number of Asia-Pacific (APAC) organisations are embracing Zero Trust Security initiatives to overcome the challenges of today’s dynamic cyber threat landscape.
The State of Zero Trust Security in Asia Pacific 2022 report, commissioned by Okta and conducted by Pulse Q&A, found that the percentage of APAC organisations that had implemented a Zero Trust Security initiative had grown by 18 points from the 2021 figure to reach 50%.
While the rate of Zero Trust adoption among APAC organisations (18% YoY growth) was lower than the global figure (31% YoY growth), almost all (96%) respondents in APAC have a defined Zero Trust security initiative in play or in plan for 2022.
The report also found that APAC organisations were slower to recognise the importance of leaving passwords behind in the quest for stronger security and identity and access management (IAM) to combat increasingly sophisticated cyber threats. Of all organisations worldwide, those in APAC had the lowest adoption of passwordless access, with only 0.5% having implemented and only 10% planning to implement in the next 18 months.
There is a growing consensus among global organisational thinking that an identity-first approach to Zero Trust is not only paramount, but essential. This allows organisations to fully leverage identity and access management (IAM), by integrating it with other critical security solutions, into a powerful central control point for intelligently governing access among users, devices, data, and networks.
The research found that 80% of global organisations consider identity as important to their overall Zero Trust security strategy, and an additional 19% say identity is business critical. APAC respondents rated the importance of identity to their overall Zero Trust security strategy at 83% while an additional 15% say identity is business critical.
While securing data, networks and devices continue to rank as the top priorities among surveyed organisations, a growing proportion recognises the importance of people to an identity-centric security model.
The report found organisations in the APAC region place a greater emphasis on automating the provisioning and deprovisioning of employees and working on privileged access for cloud infrastructure over the coming 18 months. The responses forecast an increase from 22% to 76% adoption and from 43.5% to 88% adoption, respectively.
Nearly all APAC organisations acknowledge identity is key to Zero Trust Security
“By adopting Zero Trust Security, organisations can position themselves to overcome the challenges presented by hybrid work–including mobile and remote working–by adopting an identity-centric approach to network and resource access rather than relying on outdated security models based on the traditional network perimeter,” says Ben Goodman, SVP and General Manager for Asia Pacific, Okta. “Our research showed that while APAC organisations lagged behind their global counterparts in implementing Zero Trust Security, 98% of respondents recognised that identity was important or business-critical to that approach.”
Despite the concept of Zero Trust Security being discussed as early as 2009, many APAC organisations and leaders lack understanding about its benefits. This elevates risk in an environment of increasingly sophisticated security threats.
However, most APAC organisations are acutely aware of the need to stop malicious actors from compromising their people, systems, and data to the extent that 75% of those surveyed prioritised security over the useability of business-critical applications and resources, unlike most of their global counterparts.
Of those APAC organisations that have yet to implement a Zero Trust Security initiative, 38% said they planned to do so over the next six to 12 months.
Unfortunately, as with many ICT projects, the global talent crunch presents a sizable challenge; 31% of APAC organisations cited talent and skills shortages as a challenge, followed by a lack of stakeholder buy-in and lack of awareness of Zero Trust Security solutions, both cited by 18% of respondents.
Investment commitments in Zero Trust Security Upheld
The report found that APAC organisations typically followed through on their 2021 commitments to invest in Zero Trust Security. Last year, 76% of organisations in the region pledged to increase their Zero Trust Security budgets moderately or significantly, and 82% of APAC organisations in this year’s survey reported a moderate or significant increase.
Zero Trust Security is a security framework based on the assumption that every user, device, and IP address accessing a resource is a threat until proven otherwise and requires organisations to implement rigorous security controls to verify anything that attempts to connect to the corporate network.
The rapid take-up of mobile, cloud, and hybrid working has put pressure on organisations to replace increasingly redundant ‘castle and moat’ security models with more agile, holistic approaches centered on identity.
In the context of Zero Trust Security, identity is an actor–whether human or process–that wants access to data for purposes that include retrieval, deletion, and modification. With an identity-centric approach, organisations can give the right people the right level of access to the right resources in the right context, with access assessed continuously.
To complete the State of Zero Trust Security in Asia Pacific 2022 report–which assesses the maturity of identity and access management in APAC organisations and where they reside on the journey towards a full Zero Trust security posture–Pulse Q&A surveyed 200 security leaders across the region. The survey questionnaire covered the Zero Trust initiatives organisations had in place and how they planned to prioritise these over the near and long term.
Okta’s State of Zero Trust Security in Asia Pacific 2022 report can be downloaded here (https://www.okta.com/au/resources/whitepaper-the-state-of-zero-trust-security-in-asia-pacific-2022/thankyou/)