The unprecedented mass migration of organisations' IT infrastructure to cloud and digital systems in the past year across Asia Pacific has compressed years of planned digital transformation into a matter of months -- or even weeks.
While such agility is impressive, the addition of countless new devices, networks and applications to IT ecosystems has increased businesses' vulnerability to cyber threat actors, who now have more avenues to exploit, according to Okta, a Nasdaq-listed identity and access management company based in San Francisco.
The need for zero-trust security -- which emphasises a "never trust, always verify" approach through continuous assessment of user access privileges for individual resources -- has thus become crucial.
To understand more about the challenges in a post-pandemic world where hybrid working has become the norm, Okta surveyed 400 regional security leaders as part of a new report, "The State of Zero Trust security in Asia Pacific 2021".
About 40% of the respondents worked with companies with more than 10,000 employees. Key industries covered include finance, banking and insurance, healthcare and social assistance, software, and others.
Notably, the survey found, organisations in Asia Pacific prioritise zero-trust security more than their peers in other regions, at 77% compared with 76% in Europe, the Middle East and Africa (EMEA) and 74% in North America.
Despite the emphasis on zero-trust security, at the time of the survey Asia Pacific organisations were clearly lagging their counterparts in EMEA and North America -- only 13% had already implemented a zero-trust security strategy, compared to 20% in each of the two other regions.
The greatest challenges for Asia Pacific organisations in adopting a zero-trust security infrastructure were identified as a talent/skill shortage (44%), cost concerns (22.3%) and technology gaps (14.3%).
"Organisations across Asia Pacific have practised hybrid working arrangements for the past year- and-a-half," said Graham Sowden, general manager for Asia Pacific with Okta. "Today, most business leaders recognise the value of such arrangements in driving long-term business growth post-pandemic, and are committed to sustaining them.
"However, it is imperative to the long-term growth of these businesses that they continue to be vigilant in anticipating new threats that emerge in this new digital landscape, by continually assessing their current IT infrastructure, and making strategic investments to stay ahead of threat actors."
The study also introduces Okta's Identity Access Management Curve, which reviews organisations' identity-driven security practices in terms of everything from the type of resources they manage, to how they provision and deprovision users.
Adoption in Asia Pacific is promising -- Stage 1 implementations such as single sign-on for employees, along with multi-factor authentications have been implemented at 84% of organisations, the company said.
However, when it comes to Stage 2 strategies and solutions, there is room for improvement -- for instance, only 35% have adopted secure access to application program interfaces. As well, while only 3% of organisations have context-based access policies, 40% intend to implement them within the next 12-18 months.
"It is promising that most Asia Pacific organisations have the fundamentals covered," said Mr Sowden. "But the reality is that threat actors will only get savvier and find new avenues to exploit vulnerabilities.
"Adopting advanced measures like passwordless technologies − such as biometrics and contextual factors, for instance -- will help businesses increase security and tackle data breaches more effectively."
