CYBERSECURITY | Most Southeast Asia firms ill-prepared for machine identities, SailPoint says
Horizons of Identity Security 2025–2026”report found that 63 percent of organizations still sit in early maturity stages that rely on manual processes.
A new SailPoint report warns that most organizations in Southeast Asia remain ill-prepared to manage the rapid rise of machine identities and AI agents, even as identity security becomes the top-return investment in the cyber stack.
The “Horizons of Identity Security 2025–2026” report, based on a survey of 375 identity and access management decision-makers, found that 63 percent of organizations still sit in early maturity stages that rely on manual processes, while only about 10 percent have reached advanced stages that pair automation with AI governance. The report says that as AI agents and cloud-native infrastructure proliferate, the bar for maturity has risen and some organizations have regressed because they failed to meet the new thresholds.
“The role of identity has fundamentally changed, from foundational control to the new frontier of security,” Matt Mills, SailPoint president, said in the company’s Philippines press release accompanying the report. He urged enterprises to treat identity as a strategic control point that enables automation, AI readiness, and faster threat response.
Why Southeast Asia matters
The report’s global survey included respondents from Asia, and its findings carry specific urgency for Southeast Asia where cloud adoption, platform modernization, and AI pilots are accelerating across finance, telecommunications, government, and e-commerce. Regional firms that leave machine accounts, service credentials, and AI agents unmanaged risk lateral attacks that move from cloud workloads to sensitive data stores, the report said.
In the Philippines, where banks and large enterprises are rapidly modernizing back-office systems and expanding cloud services, the stakes are both regulatory and commercial. Identity-driven breaches and privilege abuse in cloud environments can trigger heavy compliance costs, operational disruption, and reputational damage, while mature identity programs can unlock measurable productivity gains and faster digital transformation.
ROI and the maturity gap
SailPoint’s research highlights that investments in identity and access management often produce higher perceived returns than many other security domains. Organizations that position identity as a business enabler reported outsized ROI, including improved margins, faster sales cycles, and significant reductions in manual overhead. Yet only a quarter of organizations currently frame IAM as a strategic business driver rather than a security control or compliance checkbox.
The report also finds that AI-enabled identity controls are deployed at four times the rate among mature organizations, and that real-time identity data synchronization, automated lifecycle workflows, and unified identity telemetry are critical enablers for higher maturity. But data hygiene remains a barrier: even advanced organizations report gaps in normalized identity data.
Practical steps for regional firms
SailPoint and its case studies recommend a disciplined deployment path that Singapore, Malaysian and Philippine firms can adopt. Immediate steps include cleaning identity data before migration, standardizing app onboarding, adopting automated lifecycle workflows, and assigning governable identities to non-human agents. The report finds that firms that prioritized data cleanup before tool migration were 1.6 times more likely to scale successfully.
For security operations, integrating identity telemetry into SIEM and SOAR workflows and deploying identity threat detection and response can reduce detection-to-remediation times and limit lateral movement during incidents. The report also urges enterprises to implement just-in-time and ephemeral access models, and to treat machine and agent credentials with the same lifecycle rigor as human accounts.
Voices from the field
The report highlights organizations such as Wipro and Specsavers as examples of large enterprises that have automated high-volume manual tasks and advanced to AI-driven lifecycle management. Wipro said upgrading identity controls helped it scale identity services across a large global workforce.
What this means for leaders
Analysts say IT and security leaders in Southeast Asia should treat identity modernization as a cross-functional program that touches HR, DevOps, cloud teams, legal and business units. That means building a clear business case, measuring margin and productivity outcomes, and securing top-level sponsorship to move beyond project-mode deployments that often run late and over budget.
SailPoint recommends that organizations take its online maturity assessment to see where they stand and to receive horizon-specific recommendations. The full report and assessment are available at SailPoint’s Horizons hub.
———-WATCH TECHSABADO ON OUR YOUTUBE CHANNEL:
WATCH OUR OTHER YOUTUBE CHANNELS:
PLEASE LIKE our FACEBOOK PAGE and SUBSCRIBE to OUR YOUTUBE CHANNEL.
PLEASE LIKE our FACEBOOK PAGE and SUBSCRIBE to OUR YOUTUBE CHANNEL.
