Small and medium enterprises (SMEs) face growing cyber threats but often lack the resources and expertise needed to adopt Zero Trust Architecture (ZTA). This pilot study examines the drivers and barriers shaping SME perceptions of ZTA necessity and proposes an exploratory staged adoption path. Survey data from 64 IT and security professionals in the Asia-Pacific region show that ZTA familiarity and cloud-computing needs are the strongest positive correlates of perceived necessity, whereas accumulated barriers show only a weak negative association. Identity and access management complexity and scalability emerge as the main implementation hurdles. Based on these findings, we propose a three-stage route for SMEs: strengthening identity governance, segmenting high-value assets, and introducing targeted monitoring in line with operational capacity. The study offers early evidence for more realistic Zero Trust transitions in resource-constrained firms.

翻译：中小型企业面临日益增长的网络威胁，但往往缺乏采用零信任架构所需的资源和专业知识。本试点研究探讨了塑造中小企业对零信任架构必要性认知的驱动因素与障碍，并提出了一种探索性的分阶段采纳路径。对亚太地区64名IT与安全专业人士的调查数据显示，零信任架构熟悉度与云计算需求是与感知必要性最强相关的正相关因素，而累积障碍仅呈现微弱负相关。身份与访问管理的复杂性和可扩展性成为主要实施障碍。基于这些发现，我们为中小企业提出三阶段路线：加强身份治理、分割高价值资产、并根据运营能力引入针对性监控。本研究为资源受限企业实现更现实的零信任转型提供了早期证据。