SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Special report: Okta provides insights around Zero Trust adoption in APAC
Fri, 26th Aug 2022
FYI, this story is more than a year old

The concept of Zero Trust has significantly changed over the last few years. Digital identity has become paramount to enterprise security as changes to business climates occur, and organisations across the globe are slowly shifting towards implementing Zero Trust solutions as both a crucial tool and a critical benchmark.

New research from the security leaders at Okta has revealed that while some companies across APAC are embracing Zero Trust, others still have a long way to go.

Trends and insights - a driver for change

The State of Zero Trust Security in Asia Pacific 2022 report, commissioned by Okta and conducted by Pulse Q-A, revealed that only 49% of APAC organisations had a Zero Trust Security initiative already in place, which is less than the worldwide average of 55%. Specifically, in ANZ, only 53% of companies have a Zero Trust strategy in place, signalling a slight edge over the general APAC market.

While the adoption rate among APAC organisations yet to implement Zero Trust Security was found to be low, the percentage of APAC organisations that had implemented a Zero Trust Security initiative was found to have grown by 18 points from the 2021 figure. 96% of respondents in the survey said that Zero Trust security initiatives were in play or planned for 2022, highlighting the drive and need for innovative solutions.

Okta SVP and GM for APAC Ben Goodman says that part of the reason behind the research was to show trends and promote industry understanding of Zero Trust, as the term can often not be fully understood and solutions are not utilised effectively.

"There was definitely an increase [in Zero Trust] over the last 12 to 18 months, as digital businesses grew during COVID, in terms of the importance of identity, and elevated security posture globally," he says.

"Whether it was a B2B business or a B2C business, all of them were forced to expose more digital channels to their customer base. If you think about how that posture changed from previously, it was much more about securing the systems themselves rather than the point of access. As we shifted into COVID, the point of access and more importantly the identity of who was accessing became super critical."

Keeping enterprises safe across verticals

Goodman says that making sure all parts of the process are taken into account in relation to identity access management is crucial, and this is to ensure that both the provider and consumer are kept safe.

"If you're a grain manufacturer, sure, getting better B2B systems with your logistics partners and your end users is critical. If you are a BNPL organisation in Australia, getting more frictionless and seamless transactions with your merchants and your consumers was an absolute requirement during COVID, because the physical interaction wasn't there," he says.

When examining different verticals and their implementation of Zero Trust, Goodman says that it's mainly the B2B and B2C organisations that are leading the charge, as they are the ones considered the digital natives and have been in the thick of the technology.

"It's those who are heavily B2B and B2C, ones that rely on customer interactions to drive business. It's those like FinTech organisations who are very much either brought up in the cloud or bought into the cloud via COVID, whose entire objective is to have a digital relationship with you without human intervention."

He says that large firms such as those in manufacturing and pharmaceutical biotechnology are generally slower to adopt because of their business mechanics.

"[These are] much more human orientated businesses. There are still many more people physically on site, with limited business to business relationships."

That's not to say these organisations don't want to make changes. Many understand the benefits of change to their business practices, and this is why they are looking more closely at digital identity.

"The importance of general security posture for them is rising given everything that's happening across the globe, and more of these enterprises are exploring how they can get their products to market more directly, and therefore they want to start to open digital channels."

The Okta report describes a five-phase identity adoption model for Zero Trust initiatives, acting as a guide for those in the process of implementing solutions. The phases span from traditional outlooks that contain identity attacks and disconnected services, all the way to becoming evolved by embracing edge security and supporting modern access/passwordless technologies.

"I think anyone who's explored Zero Trust in depth knows that it's a journey, not a target state that you start with," says Goodman.

"It's an evolution of looking at your entire security posture and understanding everything from the people accessing your systems, to the systems talking to other systems and everything in between."

Solutions and innovations

Okta is also leading the charge when it comes to providing the best identity management solutions on the market. The company puts a strong emphasis on ensuring both an organisation's employees and its customers are well looked after and that they understand the importance of Zero Trust.

"One [area of security focus] is the employees of an organisation. That might be the actual employees, contractors, business to business relationships and those people that are very close to the core of the operation of an organisation. We make sure that they have the right access to the right technologies at the right time to do their jobs," says Goodman.

"It's about experience as much as it is security, the ability to log in and know that it takes me five seconds to get access to everything I need. But I still need to ensure the right multifactor checks and balances are happening to make sure I'm the right person coming in."

There is also a significant focus on making sure market services are fit for customers.

"The other side of what Okta does is what we call the Customer Identity Cloud. This is really focused on the seamless and frictionless ability for organisations to deploy their market facing services, and have a really secure and frictionless identity management platform for their customers."

The research makes it clear that Zero Trust initiatives are now being viewed as part of both the overall technology governance in a business as well as a boardroom-level conversation. Goodman says a measure of progression could be found simply by examining passwordless technology trends.

"The adoption of passwordless I think could be a good leading indicator as to how much progression we are actually seeing across the board," he says.

“By adopting Zero Trust Security, organisations can position themselves to overcome the challenges presented by hybrid work–including mobile and remote working–by adopting an identity-centric approach to network and resource access rather than relying on outdated security models based on the traditional network perimeter."

To learn more about Okta research and to view The State of Zero Trust Security in Asia Pacific 2022 report, click here.

To get in contact with Okta to enquire about Zero Trust in your business, click here.