In the Philippines, the unprecedented mass migration of organizations’ IT infrastructure to cloud and digital systems in the past year has compressed years of planned digital transformation into a matter of months – or even weeks.
While this agility is impressive, the addition of countless new devices, networks and applications to organizations’ IT ecosystems within a short period of time has increased businesses’ vulnerability to threat actors, who now have more avenues to exploit.
The need for Zero Trust Security – which emphasizes a “never trust, always verify” approach through continuous assessment of user access privileges for individual resources – has thus become crucial, especially with greater adoption of cloud-based technologies.
To learn more about how organizations in the region are approaching Zero Trust Security today, and in a post-pandemic world where hybrid working becomes a norm, leading independent identity provider Okta surveyed 400 security leaders in Asia Pacific, including 20 in the Philippines, as part of a study – The State of Zero Trust Security in Asia Pacific 2021.
Notably, only 5% of Philippine organizations have existing Zero Trust security strategies, the lowest across APAC markets – as compared to their counterparts in Japan (32%), Malaysia (13%) and Indonesia (10%).
Nevertheless, this is set to change – 95% of Philippine organizations intend to beef up their Zero Trust initiatives in the upcoming 12-18 months.
The greatest challenges organizations in the Philippines face in adopting a Zero Trust Security infrastructure include:
- Talent/skill shortage (45%)
- Cost concerns (30%)
- Technology gaps (15%)
“Organisations across the Philippines have practiced hybrid working arrangements for the past year and a half. Today, most business leaders recognize the value of such arrangements in driving long-term business growth post-pandemic, and are committed to sustaining them,” said Graham Sowden, General Manager, Asia Pacific, Okta.
“However, our data has shown that the country has plenty of room for improvement when it comes to implementing Zero Trust Security strategies. It is imperative to the long-term growth of these businesses that they continue to be vigilant in anticipating new threats that emerge in this new digital landscape, by continually assessing their current IT infrastructure, and making strategic investments to stay ahead of threat actors,” he added.
The study introduces Okta’s Identity Access Management Curve, which reviews organizations’ identity-driven security practices on everything from the type of resources they manage, to how they provision and deprovision users.
Adoption in APAC is promising – Stage 1 implementations such as single sign-on for employees, along with multi-factor authentications have been implemented at 84% of organizations.
However, when it comes to Stage 2 strategies and solutions, there is room for improvement – for instance, only 35% have implemented secure access to APIs. Additionally, while only 3% of organizations have context-based access policies, 40% intend to implement it within the next 12-18 months.
“It is promising that most APAC organizations have the fundamentals covered,” Sowden comments. “But the reality is that threat actors will only get savvier and find new avenues to exploit vulnerabilities. Adopting advanced measures like passwordless technologies − such as biometrics and contextual factors, for instance – will help businesses increase security and tackle data breaches more effectively.”