sb-au logo
Story image

Three access management trends making waves in APAC

08 Nov 2018

Article by Auth0 CEO and co-founder Eugenio Pace

 In an attempt to prevent the growing pandemic of cyber crime, hacks, and breaches, companies are turning to Identity and Access Management (IAM) as a crucial piece of the equation when building or modernising any application or web service.

In fact, a recent industry report by Report Buyer forecasts the world of consumer identity proofing, authentication, and authorisation will top the $37 billion value mark by 2023.

This growth comes as no surprise, with a whopping 22 million personal records exposed in the first half of 2018 alone.

In APAC, the figures are even more staggering – 67% of APAC countries suffered job losses as a consequence of cyber attacks in a single year, and recent reports measured the total economic impact of cyber attacks in APAC at an annual US$1,745 trillion – seven percent of the region’s total GDP.

Thankfully, identity access management is rapidly ascending on the Asia Pacific enterprise shopping list, and APAC accounts for the highest growth rate in the entire global IAM market.

Cyber crime affects every business - large and small - but the larger the enterprise, the more that’s at stake.

It’s vital to keep a finger on the pulse of emergent cybersecurity trends, and here are three that should be high on every APAC CIO’s agenda:

1. Risk-based security is arming enterprises

Recent IBM-backed studies estimate the cost of data breaches to be at around $3.72million each. Most of these breaches involve some sort of phishing, a form of identity theft that has been unswayed by old multi-factor authentication solutions.

The sophistication of these attacks are so high, and so pervasive, that traditional means of security user identity are falling short. 

Using risk-based security and having measures in place to thwart the efforts of cybercriminals is much more effective. 

Multifactor Authentication, Breached Password Detection, and Anomaly Detection are essential pieces of any IAM strategy, and users’ real-time data (including time, location, source device, browser and network reputation) are tracked to rate the security of a login attempt.

If flagged as suspicious, the attempt is red-flagged and these measures are put into place, providing additional layers of protection.  

2. Urgent GDPR-compliant adoption enabled by extensible IAM

“Just like the size of an iceberg, the economic loss for organisations suffering cybersecurity attacks can be often underestimated,” warns Microsoft Asia enterprise cybersecurity group director Eric Lam.

Now, in the wake of the EU’s new GDPR regulations, these economic risks have increased tenfold for companies around the world, with fines of up to 4% annual revenue waving a warning flag.

Obviously, increased identity governance has had to take priority – even in non-EU countries – after the legislation placed identity ownership back into the hands of individuals, empowering them with explicit permission, the “right to forget”, increased transparency, permanency of records, time limits on reporting breaches, and further consequences for companies not complying.

With regulations still evolving (and sure to evolve elsewhere in the market), companies need better (and more flexible) data management tools that help them evolve too - with immediate effect.

So, extensible IAM solutions that help jumpstart identity innovation and enable immediate GDPR compliance are taking centre stage.

Easy-to-deploy access security software enables tech decision makers with a developer/hacker mindset to implement fast and effective measures in their enterprises across all use cases, with the flexibility to expand into any direction.

3. Companies need one-stop shops

As cloud technologies, BYOD, remote work policies, and IoT devices infiltrate workplaces, IDaaS (Identity-as-a-Service) is becoming increasingly popular as a one-stop shop for access management.

IDaaS platforms help secure multiple logins across intricate combinations of legacy and cloud platforms in evolving hybrid enterprises.

Enabling companies to compile myriad access points in one seamless interface is a powerful way of providing oversight over all points of vulnerability, regardless of device or user, and improves the user experience of security management for every person involved.

After all, security is no longer just the responsibility of the CIO or CSO.

Employees have increasing power over their own data, and need to be given the knowledge, support and positive user experience in order to remain on board with solutions and measures that help protect their identities.  

Story image
How security awareness training can safeguard companies from cyber-attacks
Training goes a long way in embedding a culture of cybersecurity compliance within the company.More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More
Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
Video: 10 Minute IT Jam – Who is Cohesity?
If you could pick two words to describe Cohesity, ‘data management’ fit very well.More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More