APAC organisations warm to zero trust

Two-thirds of APAC organisations have a zero-trust strategy even as they grapple with the lack of skills and other organisational challenges, study finds

Awareness of zero-trust security is growing in Asia-Pacific, with two-thirds of organisations in the region having implemented a zero-trust strategy, a new study has found.

Of those that have not done so, 58% said they will be implementing a zero-trust strategy in the next 12 months, according to a Cloudflare study involving 1,000 IT and cyber security decision-makers across Australia, India, Japan, Malaysia and Singapore.

In its report, Cloudflare noted that the basic drivers of why companies have started or will start on their zero-trust journey are varied, but they reflect the problem areas that have been identified.

For example, 44% of respondents ranked maximising the productivity of their remote workforce as one of their top three priorities, while four in 10 ranked the perceived or actual increase in security incidents as their top three drivers for adopting zero trust. The ability to get senior executive buy-in and investment was also key for one in three organisations.

Jonathon Dixon, Cloudflare’s vice-president and general manager for Asia-Pacific, told Computer Weekly that across countries, Australia has been aggressive in adopting zero trust, while over 90% of Indian organisations are expected to manage a hybrid workforce, driving them to consider a zero-trust approach to cyber security.

However, the concept behind zero-trust security, which treats all users and data equally wherever they are, can be hard to adapt to for enterprises that are used to thinking about security in terms of trusted and untrusted network segments.

Enterprises also face a number of organisational challenges, such as the lack of skills that is posing the biggest risk to their ability to execute their zero-trust strategy, exacerbated by the tendency of IT teams to operate in silos.

Dixon noted that for zero trust to be effective, networking, security, strategy and architecture teams need to come together, along with executive leadership to drive the development of skills. “The company has to be prepared to upskill their organisation, and once they do that and get to a certain critical mass, it becomes a lot easier,” he said.

Read more about cyber security in APAC

Simon Piff, vice-president of security practice at IDC Asia-Pacific, said it does not help that the zero-trust concept becomes warped by supplier messages. “No single vendor spans the entire needs of enterprise security, and as vendors are the main source of information for most users, it’s a challenge to fully grasp the breadth of the zero-trust concept,” he said.

Acknowledging the breadth of offerings in the market, Dixon said Cloudflare works with other suppliers in the marketplace, such as Okta, to support enterprises in their zero-trust journey.

A separate Okta survey similarly concluded that zero-trust adoption is growing in Asia-Pacific, with 84% of organisations in the region having implemented single sign-on and multifactor authentication for employees.

But when it comes more advanced strategies and solutions, there is room for improvement – only 35% have implemented secure access to application programming interfaces, while just 3% of organisations have context-based access policies.

“It is promising that most Asia-Pacific organisations have the fundamentals covered,” said Graham Sowden, general manager at Okta Asia-Pacific. “But the reality is that threat actors will only get savvier and find new avenues to exploit vulnerabilities.

“Adopting advanced measures like passwordless technologies – such as biometrics and contextual factors – will help businesses increase security and tackle data breaches more effectively.”

Read more on Hackers and cybercrime prevention