Even if the Philippines logs the lowest in terms of Zero Trust security strategies in the Asia Pacific region at only 5%, majority or 95% of organizations have vowed to amplify it in the next 12 to 18 months. This is among the result of independent identity provider Okta’s latest study.

About 32% of companies and Japan, 13% in Malaysia, and 10% in Indonesia have already been using Zero Trust “never trust, always verify” approach.

Okta surveyed 400 security leaders in the Asia Pacific, including 20 in the Philippines, as part of its “The State of Zero Trust Security in Asia Pacific 2021” report.

Survey: 80% of breaches caused by privileged credential abuse
IBM rolls out new zero trust capabilities to Cloud Pak for Security

The survey found talent/skill shortage (45%), cost concerns (30%), and technology gaps (15%) as the main factors that hinder Philippine companies in building Zero Trust infrastructure.

“Our data has shown that the country has plenty of room for improvement when it comes to implementing Zero Trust Security strategies,” said Graham Sowden, GM, Asia Pacific, Okta. “It is imperative to the long-term growth of these businesses that they continue to be vigilant in anticipating new threats that emerge in this new digital landscape, by continually assessing their current IT infrastructure, and making strategic investments to stay ahead of threat actors.”

Advanced security measures

The study introduces Okta’s Identity Access Management Curve, which reviews organizations’ identity-driven security practices on everything from the type of resources they manage, to how they provision and deprovision users.

Okta found that Zero Trust strategy in APAC is showing promise. Among many of companies’ security postures include single sign-on for employees, along with multi-factor authentications have been implemented at 84% of organizations. These are the most basic security features for organizations.

However, in terms of a more sophisticated security posture, companies in the Philippines still has quite a long way to go. The survey found that only 35% have implemented secure access to APIs, while only 3% of organizations have context-based access policies, 40% intend to implement it within the next 12-18 months.

“It is promising that most APAC organizations have the fundamentals covered,” Sowden said. “But the reality is that threat actors will only get savvier and find new avenues to exploit vulnerabilities. Adopting advanced measures like passwordless technologies, such as biometrics and contextual factors, for instance, will help businesses increase security and tackle data breaches more effectively.”