One survey, however, is suggesting that the APAC/APJ region is not taking a mature or agile approach to this risk vector
In a Q3 2022 international survey of 1,500 IT and security decision-makers whose organizations operated in a multi-cloud environment and who were knowledgeable about their organization’s identity and access management strategies and capabilities, only 9% of respondents were taking an “agile, holistic and mature approach to securing identities throughout their hybrid and multi-cloud environments.”
The international respondents were based in North America (US, Canada), Latin America (Mexico, Brazil), EMEA (Israel, Germany, UK, Spain, Italy, Netherlands) and APAC/APJ (400 from Australia, Hong Kong, India, Japan, Singapore, Taiwan).
Another finding from the survey data was that 42% of global respondents’ identity security programs were in the earliest stage of maturity and lacked foundational tools and integrations to quickly mitigate identity-related risk. Also, 72% of APJ respondents cited having suffered identity-based attacks.
Other notable findings
Some 69% of global C-level executives in the survey indicated they were making correct identity security-related decisions compared to 52% of all other personnel (technical decision makers and practitioners). In the APJ group, 60% of C-level respondents indicated the same beliefs. Also:
- 94% of APJ respondents indicated they believed that endpoint security or device trust and identity management are essential to a robust Zero Trust strategy, and 65% of APJ respondents indicated they believed the ability to correlate data was critical for effectively securing endpoints.
- APJ respondents indicated they had suffered from the following business impact of cyberattacks:
- Loss of customers/revenue: 44%
- Paid compliance fines: 47%
- Had difficulty responding to an audit/failed an audit: 49%
- Impact on the ability to provide services: 51%
- 41% of APJ respondents listed lack of cybersecurity staff as a top reason holding them back from optimizing their strategy on identity-related security issues; 38% cited lack of competency to secure identities.
- 58% of organizations across global respondents cited having two teams responsible for securing identities in the cloud and on-premises, and relying on numerous point solutions.
According to Amita Potnis, Director, Brand & Thought Leadership, CyberArk, which commissioned the survey: “The main focus for organizations looking to adopt a mature holistic identity security strategy is to secure access for all identities — human and machine — by breaking down silos and adopting a consolidated and automated approach.”
The firm recommends a holistic peer-based framework for security identity centered on four tenets:
- Procurement of tools spanning management, privilege controls, governance, authentication and authorization for all identities and identity types
- Integrations with other IT and security solutions within the organization’s stack to secure access to all corporate assets and environments
- Automation to help ensure continuous compliance with policies, industry standards and regulations, along with rapid response to high-volume routine and anomalous events
- Continuous threat detection and response capabilities based on a solid understanding of identity behaviors and organizational policies
