Singapore embraces Zero Trust: A prediction comes true

One of my favorite parts of our annual predictions process is reviewing the accuracy of Forrester's predictions from the previous year. This is not simply navel gazing. Looking backward actually makes us far better predictors, keeps us firmly grounded in the reality of our customers, and ensures that our predictions remain firmly embedded in reality. Some teams within Forrester even have a rating system, ranging from "completely missed the mark" to "nailed it." I won't lie that it is an absolute thrill when a prediction I've contributed to comes true, especially when it has the potential to positively impact our clients, the industry, or even society as a whole. 

Twelve months ago, we predicted that at least one Asia Pacific (APAC) government would embrace a Zero Trust (ZT) framework in the coming year. In keeping with our rating system, I'm happy to say we nailed it! Since 2009, when ZT was coined by Forrester, large technology companies have adopted it as their security model, and now the US federal government is following suit. In Europe, ZT went from concept to reality for many firms during 2020 and then accelerated in 2021 as COVID-19 hastened the death of traditional security models across the region. 

Unfortunately, APAC has been a very different story. ZT adoption has been slow; according to the Forrester Analytics Business Technographics® Security Survey, 2021, only 13% of security leaders in APAC cite Zero Trust as a top strategic information/IT security priority. While ZT is slowly gaining momentum in the Asia Pacific region, it faces many adoption challenges: concerns over the nomenclature, paucity of ZT pioneers, under-resourced security teams. 

With all these challenges in play, predicting that an APAC government would embrace a ZT framework in 2021 was a bold call, indeed. Why'd we make it? We fully expected ZT momentum to accelerate for a number of reasons: 1) the shift to remote work requires a new approach to security; 2) the evolving regulatory landscape across APAC has increased focus on data protection; 3) Forrester Analytics survey data shows that APAC consumers and citizens are prioritizing security and privacy in their purchasing decisions; and 4) the release of the US's National Institute of Standards and Technology's publication on ZT architecture, which further validated the approach. 

I've led multiple APAC CISO roundtables on the topic of Zero Trust over the past 12 months. While participants were supportive of the prediction in principal, they were also skeptical -- there were no indications in the media or elsewhere to support such a big call. 

And then in October, exactly one year after we made the prediction, Singapore Senior Minister and Coordinating Minister for National Security Teo Chee Hean announced Singapore's new cybersecurity strategy. The strategy was supported by Prime Minister Lee Hsien Loong, who acknowledged in the strategy foreword: "Five years ago, we launched the first Singapore Cybersecurity Strategy. The world is now a different place," noting the need for a new way of thinking about security. The new Singaporean cybersecurity strategy clearly defines ZT as "[a] security framework requiring all end users, whether in or outside the organization's network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data." The strategy endorses a mindset shift from perimeter defense toward a ZT cybersecurity model, encourages critical infrastructure owners to adopt a ZT cybersecurity posture for critical systems, and states that the government is implementing the Government Trust-based Architecture that translates ZT principles to government context. 

Looking to the future, we will continue to make important predictions about the state of Zero Trust adoption, particularly in governments. In fact, in our 2022 public sector predictions, we make the call that five governments will adopt Zero Trust to revive public trust in digital services, following the lead of the US and Singapore.  

For more regional insight beyond ZT, check out Forrester's 2022 Asia Pacific predictions, where trust and values take center stage. We look forward to assessing how we fared this time next year.

This post was written by Principal Analyst Jinan Budge, and it originally appeared here.