What is Zero Trust Security, and How Does it Maximise the Business Value of Hybrid Work?
When nationwide lockdowns forced organisations across Asia Pacific into remote working arrangements in 2020, many anticipated a smooth return to the workplace within a matter of months.
Instead, a combination of unrelenting COVID-19 outbreaks across the region, along with a new-found appreciation of the business value of hybrid working, has shifted the general consensus in the past year. No longer a stop-gap emergency measure, organisations have since fully embraced the potential of hybrid arrangements in driving business growth.
Such flexible arrangements mean that employees have greater flexibility, and more time to invest in upskilling, boosting their companies’ productivity and agility. And as workers across the region become adept at working remotely, geographical limitations of talent continue to disappear, allowing employers to access a large new pool of global hires.
Across Asia Pacific, flexible work has become a key factor when it comes to retaining talent, with more than half (54%) of APAC respondents surveyed by EY noting that, post-pandemic, they are likely to quit their current role if not offered continued flexibility in where and when they work.
The foundation of this rapid remote working migration is built on cloud and mobile technologies. A recent Alibaba Cloud survey reveals that 85% of APAC businesses agree that cloud-native solutions have been crucial in helping them cope with the impact of the pandemic.
In a world where IT infrastructure is increasingly diversified, here’s why Zero Trust security is crucial
Across industries, remote working has made IT infrastructure more diverse than ever, with employees connected to work through more devices, networks and applications. But this new diversity has become a double-edged sword. The porosity of devices has inadvertently made businesses more vulnerable than ever to threat actors—who now have more avenues to exploit.
Herein lies the benefit of Zero Trust security. Legacy IT security has used traditional firewalls and VPNs to create a perimeter around a closed network. This system allowed only authenticated users and devices to access resources and traverse through it. But Zero Trust security operates on a “never trust, always verify” basis, requiring companies to continually assess access privileges without adding friction for users and their devices.
Zero Trust security in Asia Pacific is picking up, but there’s room for improvement
As COVID-19 redefined the realities of working, Okta conducted its annual State of Zero Trust Security in Asia Pacific 2021 survey, which looked into the maturity of Zero Trust security across APAC organisations in the past year.
The study showed that while APAC organisations lagged their counterparts in EMEA and North America in Zero Trust adoption – with only 13% of organisations having a Zero Trust security strategy in place – as many as 77% agree that COVID-19 has accelerated the adoption of Zero Trust.
Zero Trust security comprises projects spanning everything from the types of resources an organisation manages, to which authentication methods they deploy. To unpack these projects, the report introduced Okta’s Identity Access Management (IAM) curve, which reviews organisations’ identity-driven security practices holistically.
Relying soley on traditional security solutions, such passwords, leaves organisations vulnerable to password spraying and credential stuffing. Promisingly, more than a third of all companies are prioritising single sign-on (SSO) and multi-factor authentication (MFA) for external users, context-based access policies, and automated account provisioning and deprovisionin, all of which fall under stage 1 of the maturity curve. By 2022 all organisations would have implemented these solutions.
However, these may not suffice – especially with cybercriminals getting savvier by the day. To this end, Stage 2 projects (which includes extending access controls to other resources such as APIs, and using rich context and diverse factors to better inform authentication decisions) will be the next frontier in Zero Trust, and are set to be implemented by nearly half of companies in APAC by 2023.
Meanwhile, to progress to the stage 3 of Zero Trust security, organisations should embrace passwordless access using high assurance factors. This includes multiple high assurance factors such as factor sequencing, biometric-based logins through WebAuthn or U2F security keys, which can mitigate these risks and provide the flexibility for passwordless authentication in scenarios where such deployment is feasible.
While stage 3 adoption is still in its infancy in APAC, the signs are promising. For instance, passwordless access is minimal at the time of survey, but 29% expect to adopt it by 2021.
Zero Trust security will underpin organisations’ recovery and growth in an endemic economy
The past year has seen organisations in APAC migrate legacy IT infrastructure in a matter of weeks and grow increasingly adept in managing a fragmented workforce. As the region gears up for a future where hybrid working becomes the norm, organisations should continue to stay ahead of the curve of looming threats.
For starters, organisations should always recognise that people – not networks – are the new perimeter, and adopt strong authentication across all services, everywhere. With many moving parts in the IT architecture of today’s organisations, it has become ever so important to centralise identity and access control across the enterprise for better risk management. IT departments should also look to enable security visibility and collaboration, by integrating key tools to their identity and access management solution.
The way we work will become increasingly fragmented, yet collaborative at the same time. Inevitably, this will make our systems more vulnerable than ever. Business and security leaders need to start thinking now about safeguarding their organisations for the new era.
Interested in learning more? Read our The State of Zero Trust Security in Asia Pacific 2021 whitepaper.