APAC was probably the most-attacked region last year (for a wealth of reasons). Time for zero trust adoption to take root!
In today’s ‘work from anywhere’ era—the corporate network’s attack surface is expanding and exposing organizations to new and advanced threats.
Whether they are working from the road or a home office, employees must be provided with the proper security control they need to access applications and resources located in the cloud or data center.
Unfortunately, most traditional infrastructures focus on rerouting traffic to fixed security points for inspection, causing a severe impact on user experience. Traffic bottlenecks will cause noticeable slowdowns for users, and devices and applications are in constant motion—so this approach is inadequate.
Too often, organizations use whitelisting to allow specific network traffic to bypass security, supposedly to ensure business performance uptime. However, because outdated tools cannot adequately examine encrypted applications, data, and video streams at high speeds, full access is given to all connected devices within the network.
This kind of network security policy has not panned out well in the Asia Pacific region, which was targeted in 26% of global cyberattacks.
Zero excuses for zero trust
The cybersecurity situation in APAC is characterized by Forrester as having “a gulf in zero trust adoption levels.”
Organizations in the region have cited shortages in budget/skilled staff/resources as hindrances to taking the zero trust plunge. However, in reality, many security teams continue to try and weave an array of products from multiple vendors into tightly integrated platforms that span remote sites, corporate facilities, and multi-cloud deployments. This approach can be ill-suited to today’s highly distributed networks.
As industry leaders and governments add to the chorus calling for wider adoption of zero trust, APAC as a whole can respond by leaving behind outdated cybersecurity postures and assimilating a model that ensures the least amount of privileged access.
Zero trust needs to be integrated
Limiting user access only to the necessary resources for each role enables continuous visibility over everything on the network, safeguarding organizations’ critical assets.
At a macro level, however, adopting zero trust works best when a platform integrates products by design.
Trying to blend and integrated multiple separate vendor strategies is too complex and incapable of addressing the volume, variety, and velocity of data and threats found in today’s networks.
Likewise, it is valid to ask questions about the speed and scalability of threat detection and mitigation under a zero trust approach, since it runs on the principle that every device or user is potentially compromised.
With zero trust, tight integration becomes the bedrock upon which organizations identify and classify all users and devices seeking network and application access. This is done through assessing their state of compliance with internal security policies in order to assign them zones of control automatically, and then continuously monitoring the actions—both on and off the network.
Through an automated, integrated zero trust cybersecurity mesh, organizations in APAC and beyond can grant all workers remote access to work resources securely—no matter what stage of implementation they may be at, and no matter where their users, devices, or resources may be located.
As CISOs in the region strive to stay secure and drive productivity under a ‘work from anywhere’ policy, they need to chart a realistic path for their zero trust transition to minimize risks such as compromised credentials or incorrect provisioning or authentication, in order for their organizations to remain competitive on the global stage.