One survey, however, is suggesting that the APAC/APJ region is not taking a mature or agile approach to this risk vector

In a Q3 2022 international survey of 1,500 IT and security decision-makers whose organizations operated in a multi-cloud environment and who were knowledgeable about their organization’s identity and access management strategies and capabilities, only 9% of respondents were taking an “agile, holistic and mature approach to securing identities throughout their hybrid and multi-cloud environments.”

The international respondents were based in North America (US, Canada), Latin America (Mexico, Brazil), EMEA (Israel, Germany, UK, Spain, Italy, Netherlands) and APAC/APJ (400 from Australia, Hong Kong, India, Japan, Singapore, Taiwan).

Another finding from the survey data was that 42% of global respondents’ identity security programs were in the earliest stage of maturity and lacked foundational tools and integrations to quickly mitigate identity-related risk. Also, 72% of APJ respondents cited having suffered identity-based attacks.

Other notable findings

Some 69% of global C-level executives in the survey indicated they were making correct identity security-related decisions compared to 52% of all other personnel (technical decision makers and practitioners). In the APJ group, 60% of C-level respondents indicated the same beliefs. Also:

    • 94% of APJ respondents indicated they believed that endpoint security or device trust and identity management are essential to a robust Zero Trust strategy, and 65% of APJ respondents indicated they believed the ability to correlate data was critical for effectively securing endpoints.
    • APJ respondents indicated they had suffered from the following business impact of cyberattacks:
      • Loss of customers/revenue: 44%
      • Paid compliance fines: 47%
      • Had difficulty responding to an audit/failed an audit: 49%
      • Impact on the ability to provide services: 51%
    • 41% of APJ respondents listed lack of cybersecurity staff as a top reason holding them back from optimizing their strategy on identity-related security issues; 38% cited lack of competency to secure identities.
    • 58% of organizations across global respondents cited having two teams responsible for securing identities in the cloud and on-premises, and relying on numerous point solutions.

According to Amita Potnis, Director, Brand & Thought Leadership, CyberArk, which commissioned the survey: “The main focus for organizations looking to adopt a mature holistic identity security strategy is to secure access for all identities — human and machine — by breaking down silos and adopting a consolidated and automated approach.”

The firm recommends a holistic peer-based framework for security identity centered on four tenets:

    1. Procurement of tools spanning management, privilege controls, governance, authentication and authorization for all identities and identity types
    2. Integrations with other IT and security solutions within the organization’s stack to secure access to all corporate assets and environments
    3. Automation to help ensure continuous compliance with policies, industry standards and regulations, along with rapid response to high-volume routine and anomalous events
    4. Continuous threat detection and response capabilities based on a solid understanding of identity behaviors and organizational policies