Over the past decade, Asia’s technological capabilities have expanded rapidly with many businesses focusing on digital transformation as one of their key goals. For example, over the course of the pandemic, Singapore’s Mandai Wildlife Group saw the pandemic-induced reduced footfall as an opportunity to enhance guest experience, sustainability, and biodiversity. They leveraged technology solutions that included an intelligent aviary mesh inspection system, environmental monitoring devices, animal monitoring devices and an autonomous food delivery system for staff. Warung Pintar, a digital enabler for warungs, or mom-and-pop shops in Indonesia, has helped over half a million shop owners go online during the course of the pandemic.
While the wheels of digital transformation were set in motion much earlier, the pandemic accelerated their speed. It significantly impacted how organisations approach their IT ecosystem and security. Cloudflare’s 2021 report, ‘Data security in the Age of Zero Trust’, indicated that on average, around 88% of IT influencers and decision-makers from Asia Pacific organisations expect a more mobile workforce in the future with greater use of personal devices. This impacts IT security and makes it vital for organisations, governments, technology providers, startups, and leaders to make decisions driven by insights to build a secure and efficient digital ecosystem.
Challenges in driving digital transformation
Building a digital ecosystem within any business can be tough. From budget constraints and lack of IT skills to the security framework and evolution of cultural mindsets, an organisation may face many challenges. Moreover, another crucial aspect that organisations need to keep in mind is setting up IT infrastructure that can withstand cyberattacks.
According to IBM’s Security X-Force Threat Intelligence Index 2022 report, server access and ransomware were among the most popular attack methods used by cybercriminals on Asian organisations in 2021. Vulnerability exploitation and phishing tied for the top infection vector, both leading to 43% of attacks observed in the region. With COVID-19, working from home has become a new normal, which makes ensuring IT assets are secure is not just a nice-to-have, but an absolute must-have.
Businesses, big and small, are under threat and therefore need to ensure they have a robust security posture in place to protect their IT and network assets. Today’s landscape, with no perimeter, requires a Zero Trust approach. Consider the analogy of traditional boats built with very thick, sturdy hulls. While strong, a single leak would sink the entire boat. Zero Trust is like the invention of bulkheads for boats. You want to make sure that if there is that leak somewhere, that it doesn’t sink the entire ship, that it’s contained to a small portion. And that’s what Zero Trust brings.
How does Zero Trust eliminate security risks?
Zero Trust is a framework or security principle where there is no default trust but always verified. A Zero Trust model identifies the critical security pain points of an organisation – applications, passwords, and data – and requires it to envelop them with maximum protection through rigid policies. The next step is the determination of access. The solution identifies the assets being accessed within or outside a specific network perimeter. Underpinning all of that is identity, a key tenet of a Zero Trust framework according to Accenture. With a robust Identity component in place, Zero Trust can be brought to life by layering on the other components that govern infrastructure and data.
A Zero Trust security model not only secures the network but also offers a plethora of other benefits, unlike traditional security solutions. These include:
- Increased productivity: Unlike traditional security models, Zero Trust has less scope for damage to digital assets and credentials because of the limited access to critical information. This allows the team to work from anywhere, increasing overall productivity.
- Greater reliability: Modern websites and browsers with complex algorithms often succeed in negating traditional security frameworks. However, the Zero Trust system goes the extra mile to verify the user and the device, allowing them to navigate and have a better experience.
- Transparency: The organisation can verify users at each stage, which allows them to track unusual behaviour and mitigate data breaches.
- Data protection and authenticity: The solution stops attackers from gaining access to all digital assets and prevents phishing by putting additional verifications in place. Since users are required to verify their identity at each step, the solution also removes the need for VPNs.
- Reduced risks: The risk is much lower since access to all assets is verified with strict identity and access verifications. Owing to this, the evaluation of infringements is also easier to track.
IT security is an ongoing process, and organisations need to commit to enhance and implement a robust IT security strategy sooner rather than later. However, the first aspect organisations need to address is the lack of IT security staff to carry out these implementations. Beyond this, it is also vital for IT leaders and cyber security decision makers to fully understand Zero Trust to implement it efficiently. According to Cloudflare’s 2021 report, ‘Data security in the Age of Zero Trust’, there is high awareness of Zero Trust across countries like Australia, Japan, Singapore, Malaysia and India, with an almost universal awareness in Australia and Malaysia.
As the digital landscape evolves, cyber threats are becoming more advanced, with attackers developing newer tactics to steal data and access sensitive information. With most attacks generated within organisations, it is clear that the traditional approach of monitoring and prevention is no longer effective. What’s needed are advanced solutions to cope with these threats. It is now imperative for businesses to have a fool proof security framework like Zero Trust to empower their digital transformation journey.