Zero Trust Security (ZTS) throws away the idea that we should have a \u201ctrusted\u201d internal network and an \u201cuntrusted\u201d external network. The adoption of mobile and cloud means that we can no longer have a network perimeter-centric view of security; instead, we need to securely enable access for the various users (employees, partners, contractors) regardless of their location, device or network.\nThere is no silver bullet when it comes to achieving a Zero Trust Security architecture, but identity and access management is the core technology that organisations should start with on their zero trust journeys.\nOkta, a leading identity and access management company, surveyed 400 security leaders across Asia Pacific (APAC), for a special report, The State of Zero Trust Security in Asia Pacific 2021.\nOkta found that with the rise in remote work, ZTS grew tremendously in the past year. And that\u2019s not going to change\u00a0 \u2013 82% of company leaders plan to allow at least partial remote work after the pandemic, and 47% will allow employees to permanently work from home full-time.\nAt the same time, identity-based attacks skyrocketed last year. This means developing a Zero Trust Security strategy that gives the right people access to the right resources at the right time is critical.\nWith the rapid shift to remote working, Okta found most companies plan to implement additional ZTS initiatives within the next 12-18 months and intend to spend more than they have done before. About 76% in APAC will moderately, or significantly, increase their budget on Zero Trust.\nThe bottom line in the Zero Trust equation is that with identity as a company\u2019s new perimeter, identity and access management (IAM) becomes the central control point across users, devices, data, and their networks. Gartner recently singled out \u201cidentity-first\u201d security as one of the top security and risk trends this year, since it provides visibility and control over which users have access to what resources, and minimises risk such as compromised credentials or incorrect provisioning or authentication.\nIn observing how Zero Trust Security and IAM prioritisation have shifted over the last year, Okta found it\u2019s clear the pandemic supercharged organisations\u2019 move towards Zero Trust Security and many teams were allocated more budget to get there. Across APAC, about 90% said they were working on a Zero Trust Security initiative today or plan to start one.\nSo how is Zero Trust Security maturity evolving? Okta says ZTS projects span everything from the types of resources an organisation manages, to which authentication methods they deploy. To this end, Okta\u2019s IAM Curve reviews organisations\u2019 identity-driven security practices on everything from the type of resources they manage to how they provision and deprovision users.\nIt also explores which authentication methods they deploy, the policies they have in place, and their future business priorities.\nThe IAM Maturity curve is broken down into the following stages:\n\nDuring Stage 0, an organisation might begin to embrace Cloud technologies, but don\u2019t yet integrate those solutions with an IAM platform or on-premises resources.\nAt Stage 1, teams start wrapping their arms around a unified IAM ecosystem and eliminating poor password hygiene by implementing single sign-on (SSO) and multifactor authentication (MFA) for employees to access key resources.\nMoving into Stage 2, businesses adopt additional security best practices by extending access controls to other resources such as their APIs, and also using rich context and diverse factors to better inform authentication decisions.\nOnce companies reach Stage 3, they\u2019ve successfully adopted a full risk-based authentication approach to Zero Trust.\n\nUnlike last year, when most of the companies Okta surveyed were focused on Stage 0 or Stage 1 projects, this year 100% of respondents expected to be firmly in Stage 1 by 2022. By 2023, 40% of organisations within APAC would have implemented context-based access policies; with 29% implementing secure access to APIs \u2013 applications categorised under Stage 2.\nPromisingly, within APAC, Stage 1 implementations such as single sign-on for employees and multi-factor authentications have already been implemented across most organisations.\nImplementation for several Stage 2 strategies and solutions have been healthy as well, including secure access to APIs (35%).\nBy adding multiple layers of security to their authentication mechanisms, Stage 1 organisations are finding effective ways to give the right people access to the right resources, with minimal friction.\nSo what\u2019s next? Download your copy of The State of Zero Trust Security\u00a0 in Asia Pacific 2021 report to learn:\n\nThe top five Zero Trust security takeaways.\nHow your peers are progressing along the ZTS maturity curve.\nThe sophisticated strategies 40% of companies are prioritising now\n\nZero Trust presents a proactive way of thinking about security for the information age. Learn how Okta can help your business bring its principles to life.