Half of APAC firms now into zero trust amid hybrid work

Half (50%) Asia-Pacific (APAC) organisations have now implemented a zero-trust security initiative, with the percentage growing by 18 points from the 2021 figure, according to  Okta.

While the rate of zero-trust adoption among APAC organisations (18% YoY growth) was lower than the global figure (31% YoY growth), almost all (96%) respondents in APAC have a defined zero-trust security initiative in play or in plan for 2022.

To complete the State of Zero Trust Security in Asia Pacific 2022 report, Pulse Q&A surveyed 200 security leaders across the region.

The report also found that APAC organisations were slower to recognise the importance of leaving passwords behind in the quest for stronger security and identity and access management (IAM) to combat increasingly sophisticated cyber threats. 

Of all organisations worldwide, those in APAC had the lowest adoption of passwordless access, with only 0.5% having implemented and only 10% planning to implement in the next 18 months.

There is a growing consensus among global organisational thinking that an identity-first approach to zero trust is not only paramount, but essential. 

This allows organisations to fully leverage identity and access management (IAM), by integrating it with other critical security solutions, into a powerful central control point for intelligently governing access among users, devices, data, and networks. 

The research found that 80% of global organisations consider identity as important to their overall zero-trust security strategy, and an additional 19% say identity is business critical. 

APAC respondents rated the importance of identity to their overall zero-trust security strategy at 83% while an additional 15% say identity is business critical.

While securing data, networks and devices continue to rank as the top priorities among surveyed organisations, a growing proportion recognises the importance of people to an identity-centric security model. 

The report found organisations in the APAC region place a greater emphasis on automating the provisioning and deprovisioning of employees and working on privileged access for cloud infrastructure over the coming 18 months. The responses forecast an increase from 22% to 76% adoption and from 43.5% to 88% adoption, respectively.

“By adopting zero-trust security, organisations can position themselves to overcome the challenges presented by hybrid work–including mobile and remote working–by adopting an identity-centric approach to network and resource access rather than relying on outdated security models based on the traditional network perimeter,” says Ben Goodman, Okta SVP and general manager for APAC. 

“Our research showed that while APAC organisations lagged behind their global counterparts in implementing zero-trust Security, 98% of respondents recognised that identity was important or business-critical to that approach,” said Goodman.

Of those APAC organisations that have yet to implement a zero-trust security initiative, 38% said they planned to do so over the next six to 12 months.

Unfortunately, as with many ICT projects, the global talent crunch presents a sizable challenge; 31% of APAC organisations cited talent and skills shortages as a challenge, followed by a lack of stakeholder buy-in and lack of awareness of zero-trust security solutions, both cited by 18% of respondents.