Over the past year, organisations in Asia have embraced the zero trust security framework at a fast pace, recognising the need to upgrade their IT security strategy to address the ongoing digital shift, according to a new survey by Okta, a publicly traded identity and access management firm.

Zero trust is a security model that requires all users to be authenticated, authorised, and continuously validated for security configuration before being granted or keeping access to applications and data.

It’s a framework that’s particularly relevant today as it addresses modern challenges relating to securing remote workers, hybrid cloud environments, and emerging cyber threats by tightening up security in the face of an ever-expanding network perimeter.

In a new report, Okta shares findings from a survey of 300 IT and security leaders across the Asia Pacific (APAC) region that it had conducted last year.

The survey found that although APAC organisations have been slower adopters of zero trust compared to their international counterparts, the past year has seen APAC companies rapidly embracing the framework.

The research found that while only 8% of Asian organisations indicated having implemented a zero trust strategy, 82% were planning to implement one in the next 12 to 18 months.

Australia and New Zealand showed similar findings with 5% of respondents having implemented such a strategy and 85% planning to do so in the coming year.

These figures indicate a significant improvement from the previous year during which only 36% of organisations in Asia had any zero trust plans for the future.

COVID-19 pushes organisations towards zero trust

In 2020, the global COVID-19 pandemic forced nearly every organisation to switch to a zero trust strategy as employees turned to remote working and digital transformation became critical to organisational sustainability.

Organisations had to move away from the traditional approach which follows the “trust but verify” principle, and embrace the more proactive and integrated zero trust framework which explicitly and continuously verifies every transaction, gives least privilege, and relies on intelligence, advanced detection, and real-time response to threats.

A recent survey by cybersecurity firm Fortinet of over 470 cybersecurity professionals and business leaders worldwide found that 40% of these organisations already have a zero trust and/or zero trust network access strategy fully implemented, while 54% were in the process of implementing one.

22% of respondents indicated that “security across the entire digital attack surface” as the most significant benefit, followed closely by “better user experience for remote work.”

Rapid adoption of zero trust comes on the back of an increase in the volume of sophistication of attacks targeting individuals, organisations, and increasingly critical infrastructure.

Fast progress

Okta identified three key stages of an organisation’s zero trust journey. Stage 1 involves reducing password risks with strong authentication methods such as multi-factor authentication (MFA) and single sign-on (SSO) access to employees, contractors and partners.

Stage 2 involves applying context-based access policies, and automating user provisioning and deprovisioning so that an organisation is sure that employees have access only to the apps that they need, and that, whenever they leave, their access is automatically removed for all connected applications.

Finally, stage 3 which is the most mature stage, involves embracing risk-based access policies, and providing continuous and adaptive authentication and authorisation, ultimately leading to passwordless and frictionless access.

Most Asian companies fall within the stage 0 or stage 1 of the maturity curve, Okta says, with user provisioning emerging as the greatest barrier to reaching stage 2.

When asked about their biggest challenges in implementing a zero trust model, respondents from around the world indicated talent and skill shortage as the top hurdle, followed by cost concerns.

Despite Asian firms’ relative lateness, the research found that Asian organisations prioritised securing their networks at a much larger extent than other regions, with 85% of respondents in Asia, 84% of respondents in Australia and New Zealand, and 82% of respondents in Japan, indicating that the global pandemic and the booming remote working economy have forced them to put zero trust at the top of their priority lists, against 78% for the rest of the world.

APAC firms’ commitment to improve cybersecurity within their organisations is evidenced by the rising amount of financial resources these organisations are willing to allocate towards zero trust.

88% of Asian organisations indicated having increased their budget for zero trust over the past year, a figure that stands at 85% for Australian and New Zealand organisations.

Find out how you can implement your zero trust strategy more efficiently here.