Across ASEAN, digital acceleration is reflected in increased cloud adoption, expanding digital services, and the growing use of AI-led automation. This rapid expansion is fundamentally reshaping the security perimeter, resulting in an identity attack surface that is significantly larger and more fluid than most organisations can fully account for. As the global attack surface continues to evolve, it introduces new and often unpredictable attack vectors, while also increasing the time required to detect and remediate exposures.
According to the 2025 X-Force Threat Intelligence Index, the Philippines ranks among the most attacked countries globally, alongside Indonesia, Thailand, and South Korea. This reinforces the regionโs position as a high-intensity threat landscape.
How agentic AI is shifting Southeast Asiaโs startups from tools that assist work to systems that execute it
Identity now serves as the primary control plane for access, with decisions continuously evaluated based on risk, context, and behaviour to manage the growing volume of ungoverned identities. Every new application, API integration, service account, or AI agent introduces a new identity, many of which exist outside the scope of traditional IAM systems.ย
Simultaneously, regulatory developments across the region are raising the stakes. In Vietnam, the Personal Data Protection Law emphasises accountability in how personal data is accessed and processed in 2026. Bruneiโs Personal Data Protection Order reinforces the need for auditability in access decisions. In Myanmar, Cybersecurity Law No. 1/2025 goes further by introducing legal consequences for unauthorised access and mishandling of sensitive data, effectively criminalising weak identity controls.
As a result, organisations are expected to not only control access, but also demonstrate that control with clarity and context. This necessitates complete visibility into the identity landscape.
Addressing hidden identities
Beneath the surface of enterprise systems, identities accumulate in ways that are rarely tracked in real time. Service accounts remain active long after their purpose is fulfilled, API keys are embedded into applications without clear ownership, and machine identities operate across environments with elevated privileges and minimal oversight.
In many environments, non-human identities and AI agents are proliferating faster and acting more autonomously, yet they are governed with significantly less rigour. They do not follow structured life cycle processes, are often excluded from access reviews, and in some cases are not even fully inventoried.
This creates a critical blind spot. Identity-based attacks are increasingly built on valid credentials, misconfigurations, and excessive privileges rather than malware. Detection becomes significantly more difficult when the access appears legitimate.
The challenge is not just the scale of identities but the inability to see and interpret them comprehensively. Most enterprises still operate with IAM, IGA, and PAM as separate control layers, each holding only a partial view. As a result, what IT teams see is only a fraction of what actually exists, and security decisions are made on incomplete data. However, visibility on its own does not address the underlying risk.
Visibility alone is insufficient without posture
Organised crime groups in Southeast Asia are rapidly adopting automation and AI to scale cybercrime operations, as highlighted in a UNODC September 2025 policy brief, which identifies the region as an emerging testing ground for AI-driven crime.
AI-powered deepfakes, voice cloning, and synthetic identities are being used to execute large-scale fraud, while automation is accelerating phishing campaigns and malware distribution. Despite this, only 37% of ASEAN organisations have established AI security assessment processes, indicating a gap between threat sophistication and defensive readiness.
This is where many organisations encounter their next challenge. Misconfigurations remain one of the most common causes of identity-related exposure. Over-permissioned accounts, weak authentication mechanisms, and stale identities create risk that is often invisible until it is exploited.
Identity security posture management (ISPM) is emerging to address this layer of the problem. It builds on visibility by continuously evaluating how identities are configured and whether access aligns with policy. This includes identifying excessive permissions, automating access reviews, and ensuring that both human and non-human identities adhere to least privilege principles.
More importantly, ISPM introduces consistency in environments where identity sprawl makes manual governance impractical. It enables organisations to move from periodic reviews to continuous assurance, reducing the window in which misconfigurations can be exploited. This is particularly critical as identity environments scale faster than governance teams can manually track.
The shift here is subtle but important. Identity management is becoming less about static governance checkpoints and more about continuous alignment. Yet even with a strong posture, risk does not remain static. It evolves with usage patterns.
This is where detection becomes essential.
Detection must operate at the speed of identity-based attacks
As identity ecosystems grow more dynamic, attackers are increasingly leveraging valid credentials to move within environments. This changes the nature of detection. Traditional models that rely on identifying external threats are less effective when access appears legitimate.
Identity threat detection and response (ITDR) addresses this by focusing on behaviour rather than just authentication. It monitors how identities are used, identifying patterns such as unusual login activity, privilege escalation, or lateral movement across systems.
The ability to respond is equally important. Detection without timely action limits its effectiveness. Modern identity systems are therefore integrating response mechanisms that can dynamically restrict access, enforce additional authentication, or terminate sessions based on risk signals.
In practice, ITDR helps close the gap between detection and remediation by reducing reliance on manual intervention. It ensures that identity-based threats are not only identified faster, but also contained before they can escalate across systems. This becomes essential in environments where attackers can move laterally within hours using legitimate access.
This marks a clear evolution in IAM. Identity solutions are no longer passive control systems. They are becoming active participants in security operations. As these capabilities mature, the boundaries between governance and protection begin to converge.
The preemptive approach to identity security
The traditional separation between IAM, IGA, PAM, posture management, and threat detection creates gaps in both visibility and response. Each system contributes value, but risk often exists in the connections between them.
A more effective approach is emerging around unification. Identity data is brought together, visibility extends across all identity types, and risk is continuously assessed using analytics. Access decisions are no longer static. They are influenced by context, behaviour, and real-time signals.ย
This also enables a more preemptive approach to cybersecurity, as recommended by Gartnerยฎ, shifting the focus from detecting and responding to preventing risks before they materialise. By embedding predictive analytics, continuous exposure management, and automated mitigation into identity systems, organisations can reduce the likelihood of successful attacks and limit disruption.
Such an approach allows emerging threats to be identified at their earliest indicators, enabling timely intervention before they escalate into incidents. It also helps reduce downstream financial and compliance risks by minimising breach impact and strengthening overall security posture.
Resilience in ASEAN will depend on how well identity risk is understood
The ASEAN digital economy is projected to reach $1 trillion by 2030, with the potential to double under the ASEAN Digital Economy Framework Agreement. That scale of interconnected digital infrastructure, spanning financial services, government, healthcare, logistics, and the platforms that underpin all of them, requires identity governance that matches it in maturity and continuity.
As ecosystems become more interconnected, the impact of identity-related incidents extends beyond individual systems. It affects regulatory compliance, customer trust, and operational continuity.
A risk-aware approach to identity management brings together visibility, posture, and detection into a continuous model. It enables organisations to move beyond static controls and align access decisions with evolving risk conditions. For organisations across ASEAN, the ability to secure this layer with clarity, context, and adaptability will play a defining role in how digital resilience is built and sustained.
The article titled “Powering ASEAN digital resilience through risk-aware identity management” was authored by Jay Reddy, head of growth at ManageEngine
About the author
Jay Reddy is the head of growth at ManageEngine, driving global adoption of its IAM and SIEM solutions. With over a decade of experience in identity security and enterprise product strategy, he advises C-suite leaders on aligning access management with broader business goals. A recognised voice at industry forums such as the RSA Conference, the Gartner Security & Risk Management Summit, and Forrester events, Jay helps translate technical innovation into practical outcomes for security and IT teams. He plays a key role in shaping ManageEngine’s go-to-market direction and scaling its presence across global enterprises through thought leadership, market insights, and customer engagement.