Zero trust now a reality in Asia Pacific firms: Forrester
According to a new report, The State Of Zero Trust Adoption In Asia Pacific, data from Forrester indicates that Asia Pacific organizations are starting to realize the benefits that Zero Trust (ZT) offers, with 71% of APAC business and technology professionals saying that their organization will adopt ZT edge in the next 12 months or have plans to do so.
While sharing the details of the report, Jinan Budge, VP, Principal Analyst at Forrester, says, "Forrester started covering Zero Trust adoption in APAC in early 2020, when Zero Trust was largely touted as a buzzword in our region. At the time, this inaugural APAC-specific ZT research showed that, while ZT was already mainstream in the US and Europe, it was slowly but surely gaining adoption in APAC. Fast-forward two years or so, and the story is very different: In 2023, Zero Trust is finally moving from concept to reality in Asia Pacific."
"Zero Trust in APAC has moved from being a piecemeal to a strategic initiative. In 2020, CISOs who we spoke to in the region had fallen short of embracing ZT as a holistic framework and settled for adopting parts of the framework. By contrast, in 2022, 80% of APAC organizations have senior leadership committed to adopting a ZT security strategy and 78% investing resources into a ZT security strategy. ZT is a strategic initiative, and organizations aren't shying away from adopting it to its fullest."
"CISOs in APAC have moved from a wait-and-see approach to pioneering adoption. The CISOs who we spoke to in 2020 were still looking toward their peers, adopting a herd mentality to evaluate whether adoption is right for them. This is not so in 2022, when many CISOs we spoke to were seeking many of the benefits of pioneering adoption: to be seen as innovators, garnering commercial benefits, and working with new solutions," she adds.
APAC organizations understand that ZT comes with significant business and employee experience benefits.
In 2020, organizations in APAC still underfunded security initiatives, with 29% of C-level security decision-makers saying that lack of visibility and influence was a top IT security challenge for their firm.
"In 2022, the biggest supporters of ZT programs in the region are business executives, and the CISOs who we spoke to are eager to understand and unblock the pain of doing business by using ZT to improve the employee experience and enable the business, as well as provide protection," adds Budge.
She also elaborated on the obstacles still hampering the adoption of Zero Trust.
"It is true that ZT is becoming part of the nomenclature in almost all APAC markets in APAC, and ZT adoption is now widely accepted and discussed. Like all things security, however, it's not all beer and skittles. Our 2020 research showed several obstacles to adoption, and while some of these have been resolved, some have stayed the same, with new adoption obstacles emerging," she says.
ZT nomenclature and a paucity of ZT pioneers are no longer stated as obstacles to adoption. Both were significant challenges to CISOs in the region in 2020 but were no longer mentioned as obstacles or have been overcome.
"For example, ZT nomenclature was a major obstacle for adoption in countries founded on trust, so the CISOs who we spoke to used different language to depict their ZT strategy as a way to solve these nomenclature challenges. And as mentioned above, far from adopting a wait-and-see approach, CISOs in the region are working to realize the many benefits from pioneering adoption."
The lack of visibility and influence remains an issue, but in 2022, this comes with a twist. In 2022, Zero Trust implementation in APAC was no longer from boards or the business but largely from technology teams such as network, architecture, and development teams. This means that CISOs in the region have to work harder with their technology counterparts instead of focusing on selling ZT to the overall business.
Vendor hype and small security functions continue to challenge the adoption. Unfortunately, vendors still pretend to be ZT experts, and security functions here remain relatively small.
Most security functions lack the bandwidth and capability to deliver large-scale implementations such as a Zero Trust rollout, with talent acquisition and retention remain significant challenges. This will likely remain a challenge, and CISOs will need to be strategic, work with service providers, and cut through vendor hype to overcome these.
"Two new obstacles to adoption emerge. The CISOs who we spoke to mentioned two new obstacles that they now encounter. They are overwhelmed by the sheer volume and scope of the many well-intended ZT frameworks and definitions, such as from the National Institute of Standards and Technology, the White House, the Cybersecurity and Infrastructure Security Agency, or the Singapore government. CISOs here simply aren't always sure which framework to adopt for what purpose. And legacy applications remain a major bottleneck, inhibiting consistent ZT implementations," adds Budge.
In conclusion, here are our tips. Assess your ZT maturity. Get some quick wins under your belt and demonstrate value along the way. Lead with empathy to win over tech stakeholders. Challenge vendor claims and demand product rationalization. Integrate ZT as part of your digitization strategy."