ACROSS Asean, digital acceleration is reflected in increased cloud adoption, expanding digital services, and the growing use of AI-led automation. This rapid expansion is fundamentally reshaping the security perimeter, resulting in an identity attack surface that is significantly larger and more fluid than most organizations can fully account for. As the global attack surface continues to evolve, it introduces new and often unpredictable attack vectors while increasing the time required to detect and remediate exposures.
According to the 2025 X-Force Threat Intelligence Index, the Philippines ranks among the most attacked countries globally, alongside Indonesia, Thailand, and South Korea. This reinforces the region’s position as a high-intensity threat landscape.
Identity now serves as the primary control plane for access, with decisions continuously evaluated based on risk, context, and behavior to manage the growing volume of ungoverned identities. Every new application, API integration, service account, or AI agent introduces a new identity, many of which exist outside the scope of traditional IAM systems.
Simultaneously, regulatory developments across the region are raising the s takes. In Vietnam, the Personal Data Protection Law emphasizes accountability in how personal data is accessed and processed beginning in 2026. Brunei’s Personal Data Protection Order reinforces the need for auditability in access decisions. In Myanmar, Cybersecurity Law 1/2025 goes further by introducing legal consequences for unauthorized access and mishandling sensitive data, effectively criminalizing weak identity controls.
As a result, organizations are expected not only to control access but also to demonstrate that control with clarity and context. This necessitates complete visibility into the identity landscape.
Addressing hidden identities
Beneath the surface of enterprise systems, identities accumulate in ways that are rarely tracked in real time. Service accounts remain active long after their purpose has been fulfilled, API keys are embedded in applications without clear ownership, and machine identities operate across environments with elevated privileges and minimal oversight.
In many environments, non-human identities and AI agents are proliferating faster and acting more autonomously, yet they are governed with significantly less rigor. They do not follow structured life-cycle processes, are often excluded from access reviews, and in some cases are not even fully inventoried.
This creates a critical blind spot. Identity-based attacks are increasingly built on valid credentials, misconfigurations, and excessive privileges rather than malware. Detection becomes significantly more difficult when access appears legitimate.
The challenge is not just the scale of identities but the inability to see and interpret them comprehensively. Most enterprises still operate with IAM, IGA, and PAM as separate control layers, each holding only a partial view. As a result, what IT teams see is only a fraction of what actually exists, and security decisions are made using incomplete data. However, visibility on its own does not address the underlying risk.
Visibility alone is insufficient without posture
Organized crime groups in Southeast Asia are rapidly adopting automation and AI to scale cybercrime operations, as highlighted in a UNODC September 2025 policy brief identifying the region as an emerging testing ground for AI-driven crime.
AI-powered deepfakes, voice cloning, and synthetic identities are being used to execute large-scale fraud, while automation is accelerating phishing campaigns and malware distribution. Despite this, only 37 percent of Asean organizations have established AI security assessment processes, indicating a gap between threat sophistication and defensive readiness.
This is where many organizations encounter their next challenge. Misconfigurations remain one of the most common causes of identity-related exposure. Overpermissioned accounts, weak authentication mechanisms, and stale identities create risk that is often invisible until it is exploited.
Identity security posture management (ISPM) is emerging to address this layer of the problem. It builds on visibility by continuously evaluating how identities are configured and whether access aligns with policy. This includes identifying excessive permissions, automating access reviews, and ensuring that both human and nonhuman identities adhere to least-privilege principles.
More importantly, ISPM introduces consistency in environments where identity sprawl makes manual governance impractical. It enables organizations to move from periodic reviews to continuous assurance, reducing the window in which misconfigurations can be exploited. This is particularly critical as identity environments scale faster than governance teams can manually track.
The shift here is subtle but important. Identity management is becoming less about static governance checkpoints and more about continuous alignment. Yet even with strong posture, risk does not remain static. It evolves with usage patterns.
This is where detection becomes essential.
Detection must operate at the speed of identity-based attacks
As identity ecosystems grow more dynamic, attackers are increasingly leveraging valid credentials to move within environments. This changes the nature of detection. Traditional models that rely on identifying external threats are less effective when access appears legitimate.
Identity threat detection and response (ITDR) addresses this by focusing on behavior rather than authentication alone. It monitors how identities are used, identifying patterns such as unusual login activity, privilege escalation, or lateral movement across systems.
The ability to respond is equally important. Detection without timely action limits its effectiveness. Modern identity systems are therefore integrating response mechanisms that can dynamically restrict access, enforce additional authentication, or terminate sessions based on risk signals.
In practice, ITDR helps close the gap between detection and remediation by reducing reliance on manual intervention. It ensures that identity-based threats are not only identified faster but also contained before they can escalate across systems. This becomes essential in environments where attackers can move laterally within hours using legitimate access.
This marks a clear evolution in IAM. Identity solutions are no longer passive control systems. They are becoming active participants in security operations. As these capabilities mature, the boundaries between governance and protection begin to converge.
Preemptive approach to identity security
The traditional separation between IAM, IGA, PAM, posture management, and threat detection creates gaps in both visibility and response. Each system contributes value, but risk often exists in the connections between them.
A more effective approach is emerging around unification. Identity data is brought together, visibility extends across all identity types, and risk is continuously assessed using analytics. Access decisions are no longer static. They are influenced by context, behavior, and real-time signals.
This also enables a more preemptive approach to cybersecurity, as recommended by Gartner, shifting the focus from detecting and responding to preventing risks before they materialize. By embedding predictive analytics, continuous exposure management, and automated mitigation into identity systems, organizations can reduce the likelihood of successful attacks and limit disruption.
Such an approach allows emerging threats to be identified at their earliest indicators, enabling timely intervention before they escalate into incidents. It also helps reduce downstream financial and compliance risks by minimizing breach impact and strengthening overall security posture.
Resilience in Asean
The Asean digital economy is projected to reach $1 trillion by 2030, with the potential to double under the Asean Digital Economy Framework Agreement. That scale of interconnected digital infrastructure spanning financial services, government, healthcare, logistics, and the platforms underpinning them requires identity governance that matches it in maturity and continuity.
As ecosystems become more interconnected, the impact of identity-related incidents extends beyond individual systems. It affects regulatory compliance, customer trust, and operational continuity.
A risk-aware approach to identity management brings together visibility, posture, and detection into a continuous model. It enables organizations to move beyond static controls and align access decisions with evolving risk conditions. For organizations across Asean, the ability to secure this layer with clarity, context, and adaptability will play a defining role in how digital resilience is built and sustained.
Jay Reddy is the head of growth at ManageEngine, the enterprise IT management and cybersecurity division of Zoho Corporation. It develops software for IT operations, network monitoring, endpoint management, identity and access management (IAM), cybersecurity, and IT service management.