While Zero Trust (ZT) security is mainstream in the US and Europe, it has only just begun gaining momentum in the Asia Pacific (APAC). Why now? The global pandemic has accelerated cloud migration and remote work at the same time that firms are grappling with rapidly changing regulations and mounting consumer pressure for improved data privacy. This combination of trends has pushed APAC leaders to take a fresh approach to security and accelerate ZT adoption. Now is the time to embrace ZT and learn lessons from global peers and others who have been on the journey. To that end, I collaborated with my colleague Chase Cunningham (who leads our ZT research globally) to align the local and global experiences on this very important topic.
Zero Trust is an architectural model that combines microperimeters and microsegmentation with other critical capabilities to more intelligently and strategically upscale an organization's security posture. It increases data security through obfuscation, limits the risks associated with excessive user privileges, and uses analytics and automation to dramatically improve security detection and response. Forrester created ZT in 2009, and it has since become a dominant security model. In August 2020, the US National Institute of Standards and Technology released its standard for ZT architecture; the US federal government, including the Department of Defense, uses ZT as a key piece of its long-term security strategy.
Firms and public sector entities across APAC are now exploring the benefits of ZT as their security architecture of choice:
CISOs in the region are at wildly different stages of adoption, ranging from "we are learning" to "ZT is a strategic priority, and we are implementing." This disparity makes it difficult to set standard, region-wide adoption priorities, agree on a common lexicon, and share lessons learned. Some of the challenges CISOs in APAC have raised include:
Implementing ZT in the Asia Pacific requires more upfront planning than it does in other regions that began adopting it earlier and have many more pioneers to learn from. While no government in our region has yet adopted ZT as its cybersecurity agency's framework, some, such as the Australian government's Essential Eight, map to elements of the framework. So, start developing your ZT roadmap by assessing the maturity of your current ZT state, documenting where you can reuse existing capabilities, and setting goals for your future state. One of the things I've personally learned through this journey is that many organizations already possess key capabilities required for Zero Trust. It's not as overwhelming as it sounds. And it's time to act.
Forrester predicts that in 2021, at least one government in the Asia Pacific will embrace a Zero Trust cybersecurity framework. For more APAC predictions, download our 2021 Predictions Guide.
This post was written by Principal Analyst Jinan Budge, and it originally appeared here.