The firm behind the invention of the term certainly wants this to happen, despite challenges, disparate mindsets and indigenous APAC circumstances.
By now, most IT practitioners and CybersecAsia readers would have come across the term Zero Trust. The concept centers on the belief that trust is a vulnerability, and security must be designed with the strategy, ‘Never trust, always verify’.
In the Asia Pacific region (APAC), Zero Trust (ZT) adoption has lagged behind that by global peers, but the recent acceleration of cloud adoption and an explosion in remote work, as well as changing regulations and consumer behavior trends may change that.
The combination of trends has pushed APAC firms to take a fresh approach to security and accelerate ZT adoption. Market research firm Forrester—whose principal analyst in 2019, John Kindevag, coined the term and concept—predicts that at least one government in the region will embrace the Zero Trust cybersecurity framework in 2021. The firm has released a report detailing how APAC firms can benefit from the ZT model and framework here:
- APAC has been adopting ZT in a piecemeal fashion, without necessarily calling it as such. Many CISOs that Forrester interviewed had acknowledged the guiding principles of ZT such as ‘never trust, always verify’, but full adoption and naming is still rare: not everyone is ready to take the plunge yet, and embrace something different.
- APAC CISOs see the business benefits, and vendors are coming to market to help with architectures. 37% of APAC C-level security decision makers polled viewed complexity of their environment as a key challenge. ZT can help firms rationalize security investments and reduce complexity. CISOs were also increasingly leveraging the framework to align stakeholders on common principles and improve collaboration. While the vendor community has often been accused of over-hyping, in this case many were driving improved awareness and understanding of ZT.
- Regional issues impact adoption. APAC CISOs are at wildly-different stages of adoption, ranging from ‘we are learning’ to ‘ZT is a strategic priority, and we are implementing’. This disparity makes it difficult to set standard, region-wide adoption priorities or agree on a common lexicon and share lessons learned.
- APAC CISOs face challenges. 29% of C-level security decision makers polled said they struggled with visibility and influence, compared with only 13% in North America. 19% also cited lack of security staff as a major challenge. Hence even if they had the bandwidth to manage large-scale implementations, they were likely to struggle getting the support and budget needed to deliver.
In addition, according to the report, some firms bristled at the concept of Zero Trust simply because of the name. Some may have felt that the term implies that we should not trust users or employees.
According to Forrester, ZT is not about people per se, but about eliminating dangerous trust assumptions of a technical nature in the security architecture. They assert that the concept will actually build customer trust by enhancing security.
Regardless of the predictions, misunderstandings and naysayers about Zero Trust as a solution and platform, the reality is that 2021 will be an acid test of how the defense-in-depth paradigm can be differentiated to cope with increased cyberthreats and technical debt without impeding productivity.