Credit: iStock Zero Trust Security (ZTS) throws away the idea that we should have a “trusted” internal network and an “untrusted” external network. The adoption of mobile and cloud means that we can no longer have a network perimeter-centric view of security; instead, we need to securely enable access for the various users (employees, partners, contractors) regardless of their location, device or network. There is no silver bullet when it comes to achieving a Zero Trust Security architecture, but identity and access management is the core technology that organisations should start with on their zero trust journeys. Okta, a leading identity and access management company, surveyed 400 security leaders across Asia Pacific (APAC), for a special report, The State of Zero Trust Security in Asia Pacific 2021. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe Okta found that with the rise in remote work, ZTS grew tremendously in the past year. And that’s not going to change – 82% of company leaders plan to allow at least partial remote work after the pandemic, and 47% will allow employees to permanently work from home full-time. At the same time, identity-based attacks skyrocketed last year. This means developing a Zero Trust Security strategy that gives the right people access to the right resources at the right time is critical. With the rapid shift to remote working, Okta found most companies plan to implement additional ZTS initiatives within the next 12-18 months and intend to spend more than they have done before. About 76% in APAC will moderately, or significantly, increase their budget on Zero Trust. The bottom line in the Zero Trust equation is that with identity as a company’s new perimeter, identity and access management (IAM) becomes the central control point across users, devices, data, and their networks. Gartner recently singled out “identity-first” security as one of the top security and risk trends this year, since it provides visibility and control over which users have access to what resources, and minimises risk such as compromised credentials or incorrect provisioning or authentication. In observing how Zero Trust Security and IAM prioritisation have shifted over the last year, Okta found it’s clear the pandemic supercharged organisations’ move towards Zero Trust Security and many teams were allocated more budget to get there. Across APAC, about 90% said they were working on a Zero Trust Security initiative today or plan to start one. So how is Zero Trust Security maturity evolving? Okta says ZTS projects span everything from the types of resources an organisation manages, to which authentication methods they deploy. To this end, Okta’s IAM Curve reviews organisations’ identity-driven security practices on everything from the type of resources they manage to how they provision and deprovision users. It also explores which authentication methods they deploy, the policies they have in place, and their future business priorities. The IAM Maturity curve is broken down into the following stages: During Stage 0, an organisation might begin to embrace Cloud technologies, but don’t yet integrate those solutions with an IAM platform or on-premises resources. At Stage 1, teams start wrapping their arms around a unified IAM ecosystem and eliminating poor password hygiene by implementing single sign-on (SSO) and multifactor authentication (MFA) for employees to access key resources. Moving into Stage 2, businesses adopt additional security best practices by extending access controls to other resources such as their APIs, and also using rich context and diverse factors to better inform authentication decisions. Once companies reach Stage 3, they’ve successfully adopted a full risk-based authentication approach to Zero Trust. Unlike last year, when most of the companies Okta surveyed were focused on Stage 0 or Stage 1 projects, this year 100% of respondents expected to be firmly in Stage 1 by 2022. By 2023, 40% of organisations within APAC would have implemented context-based access policies; with 29% implementing secure access to APIs – applications categorised under Stage 2. Promisingly, within APAC, Stage 1 implementations such as single sign-on for employees and multi-factor authentications have already been implemented across most organisations. Implementation for several Stage 2 strategies and solutions have been healthy as well, including secure access to APIs (35%). By adding multiple layers of security to their authentication mechanisms, Stage 1 organisations are finding effective ways to give the right people access to the right resources, with minimal friction. So what’s next? Download your copy of The State of Zero Trust Security in Asia Pacific 2021 report to learn: The top five Zero Trust security takeaways. How your peers are progressing along the ZTS maturity curve. The sophisticated strategies 40% of companies are prioritising now Zero Trust presents a proactive way of thinking about security for the information age. Learn how Okta can help your business bring its principles to life. Related content Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe