FEATURE
What 1Password’s CRN Security 100 Recognition Means for Singapore
18 February 2026 | Technology & Cybersecurity
When Toronto-based 1Password was named to CRN’s prestigious Security 100 list for the second consecutive year on 17 February 2026, the announcement attracted only modest attention in the global technology press. Yet in Singapore—a city-state aggressively positioning itself as Southeast Asia’s AI and cybersecurity hub—the recognition carries implications that reach far beyond a vendor’s marketing bulletin.
For Singapore enterprises, regulators, and channel partners navigating one of the most complex cybersecurity landscapes in the Asia-Pacific region, the forces that propelled 1Password onto that list are the very forces reshaping how the Lion City defends its digital economy.
The Recognition in Context
CRN’s annual Security 100 list, now in its eleventh year, functions as a bellwether for the enterprise channel security market. Compiled by The Channel Company, it selects vendors across five categories—Endpoint and Managed Security; Identity, Access and Data Security; Network Security; Security Operations, Risk and Threat Intelligence; and Web, Email and Application Security. The fact that 1Password retained its place in the Identity, Access and Data Security category is not incidental: identity has rapidly become the primary attack surface across the enterprise world.
Industry data underscores this shift. 1Password has surpassed USD 400 million in annual recurring revenue—a 60 per cent jump from its 2023 figure—and now secures more than 1.3 billion credentials across 180,000 business customers globally. The company carries a valuation of approximately USD 6.8 billion and is widely regarded as a 2026–2027 IPO candidate. These are not the metrics of a niche password utility. They are the metrics of a platform company at the centre of a category that is experiencing structural transformation.
“AI, automation, and SaaS sprawl are changing the way we work, and our partners are the ones guiding customers through that change every day.”
— Larissa Crandall, Global VP of Channel and Alliances, 1Password
The transformation in question is the emergence of non-human identities. As organisations deploy autonomous AI agents, robotic process automation, and machine-to-machine APIs at scale, the question of “who” or “what” is accessing enterprise systems has become vastly more complicated. Traditional identity and access management (IAM) frameworks were designed for human employees logging into known applications from known devices. They were not designed for the orchestration layers of an agentic AI stack.
Singapore’s Unique Threat Exposure
Singapore’s position as a financial, logistics, and technology nexus makes it an unusually attractive target. The Cyber Security Agency of Singapore (CSA) documented over 1,200 cyber incidents in recent reporting periods, with credential compromise and phishing among the leading vectors. The Monetary Authority of Singapore (MAS) issued its consultation paper on AI Risk Management Guidelines in November 2025, signalling that financial institutions face a new and binding layer of AI-specific governance obligations. The regulator’s expectations now extend to the management of AI models’ access credentials, not merely their outputs.
Against this backdrop, Singapore’s cybersecurity market is one of the fastest-growing in the world. Market estimates point to a compound annual growth rate of between 14 and 16 per cent through 2030, with the domestic market projected to reach USD 2 billion to USD 2.5 billion by the close of 2026. Professional and managed services account for as much as 45 per cent of total security spending, reflecting the complexity of compliance obligations and the relative shortage of in-house expertise.
That shortage is structural. The Ministry of Manpower’s Shortage Occupation List has consistently flagged Cyber Risk Analysts, Digital Forensics Specialists, and Security Architects as roles where local supply cannot meet demand. For solution providers and channel partners, this creates a clear incentive to engage vendors like 1Password whose platforms reduce the operational burden on understaffed security teams.
The Agentic AI Governance Imperative
Perhaps no development in 2025–2026 has more directly intersected with 1Password’s product positioning than Singapore’s formal recognition of agentic AI as a governance priority. In January 2026, the Infocomm Media Development Authority (IMDA) launched its Model AI Governance Framework for Agentic AI at the World Economic Forum. The framework requires that every action taken by an autonomous AI agent be traceable to a human decision-maker, that agent behaviour be subject to automated safety controls, and that data processed by agents remain within the legal boundaries of the Personal Data Protection Act (PDPA).
Separately, the CSA and GovTech published draft guidelines on Securing Agentic AI during International Cyber Week 2025, and the PDPC has signalled that “negligence during digital migration”—including insufficiently secured AI workflows—will no longer serve as a valid defence in enforcement proceedings. A landmark penalty of SGD 315,000 issued to a major integrated resort in late 2025 for data handling failures underlined this new posture.
“If your autonomous AI agent erroneously processes customer data or leaks personally identifiable information while executing a task, your organisation is liable.”
— Singapore PDPC Guidance, 2026
The compliance gap between what these frameworks demand and what most organisations currently have in place is significant. Mid-market enterprises across Southeast Asia averaged 47 SaaS applications each in 2025, up from 32 in 2023. Each application carries its own API keys, shared credentials, and service accounts. When AI agents are added to this ecosystem—agents that may invoke dozens of applications autonomously within a single workflow—the attack surface expands geometrically.
1Password’s Extended Access Management suite is designed precisely for this environment. By extending its enterprise password manager to govern machine identities and non-human credentials alongside human ones, the platform positions itself as what the company describes as a “trust layer” across the identity stack. This framing resonates directly with the language of Singapore’s regulatory frameworks, which use the term “trust” explicitly in the context of AI governance and data handling obligations.
Channel Partners as the Frontline
The CRN Security 100 designation is, at its core, a channel accolade. It recognises vendors that invest in the partner ecosystem as a primary route to market. This matters considerably for Singapore, where the enterprise security market is served predominantly through resellers, managed security service providers (MSSPs), and systems integrators rather than direct vendor relationships.
CyberArk—now being acquired by Palo Alto Networks in a transaction with direct implications for Singapore’s IAM landscape—invested USD 150 million in data centres across Singapore, Sydney, and Mumbai in October 2025, responding to in-country data hosting mandates from regulated customers. This signals that major identity security vendors view Singapore not merely as a sales territory but as a compliance-sensitive jurisdiction requiring localised infrastructure and partnership investment.
1Password’s channel strategy emphasises enabling partners to take a “more strategic role” in guiding customers through AI adoption. In practical terms, this means equipping Singapore’s solution providers with tools to address the specific anxieties their customers are experiencing: shadow IT proliferation, SaaS sprawl, workforce mobility, and the governance gaps introduced by agentic workflows.
For local MSSPs operating in Singapore’s financial services sector—where MAS Technology Risk Management guidelines impose detailed requirements on access control, privileged account management, and third-party risk—a vendor with 1Password’s channel credentials and product breadth represents a defensible procurement choice.
Competitive Implications for the Singapore Market
The identity security market in Singapore is contested. Microsoft’s activation of native passkey support in Windows 11 and Azure Active Directory in September 2025 has complicated the positioning of standalone password managers at the commodity end of the spectrum. CyberArk’s privileged access management capabilities remain the gold standard for enterprise environments with the most stringent compliance requirements. Bitwarden’s open-source model and AWS partnership cater to cloud-native workloads, particularly in the developer community.
1Password’s differentiation lies in its coverage of what the industry terms “mid-stack” identity: the vast space between consumer-grade password management and enterprise privileged access management where most organisations actually operate. Its August 2025 acquisition of a secrets management company for USD 75 million, integrating API key governance into its product suite, directly addresses the machine identity challenge that Singapore’s agentic AI frameworks are now codifying into compliance obligations.
The company’s roster of enterprise customers—including Salesforce, Slack, Stripe, MongoDB, and Canva—reflects an orientation toward the modern software stack that dominates Singapore’s technology sector. Singapore-headquartered or Singapore-listed companies in financial technology, logistics technology, and healthcare technology are precisely the organisations grappling with the identity sprawl that 1Password is built to address.
What Boards and CISOs Should Consider
For chief information security officers and board-level risk committees in Singapore, 1Password’s inclusion on the CRN Security 100 list is less significant as a vendor endorsement than as a signal about the category. The channel community’s growing engagement with identity security vendors reflects enterprise procurement trends that CISOs should be tracking in their own organisations.
Three questions are particularly salient in the Singapore context. First, does the organisation’s identity security posture extend to non-human identities? Machine credentials—API keys, service account tokens, certificates—are frequently outside the scope of existing IAM programmes, yet they represent a significant and growing attack surface. Singapore’s new agentic AI governance frameworks create compliance obligations around exactly this gap.
Second, is the organisation’s channel partner equipped to navigate these obligations on its behalf? The managed services model that dominates Singapore’s security market means that the capabilities and vendor relationships of the MSSP or integrator often determine the organisation’s effective security posture. Partners aligned with vendors that have deep channel investment—as evidenced by recognition such as the CRN Security 100—are better positioned to deliver the advisory support that compliance complexity demands.
Third, how does the organisation plan to meet the traceability requirements of Singapore’s Model AI Governance Framework for Agentic AI? The IMDA’s January 2026 framework requires that every agent action be attributable to a human decision-maker. Achieving this requires a credential and access management infrastructure that is agent-aware—a capability that sits at the frontier of the identity security market.
Conclusion: A Signal Worth Decoding
A placement on a vendor recognition list might, in other circumstances, be dismissed as trade press boilerplate. In the case of 1Password’s 2026 CRN Security 100 inclusion, the circumstances are not routine. The company is growing at 60 per cent annually in a market that is itself growing at double digits. Its product roadmap has converged precisely with the governance obligations that Singapore regulators are now formalising. And the channel through which it goes to market is the same channel through which most of Singapore’s enterprises procure and manage their security posture.
Singapore’s digital economy depends on trust—trust that data is protected, that access is governed, and that AI systems behave within the boundaries set for them. As autonomous agents become operationally central to finance, healthcare, logistics, and government services, the infrastructure for that trust will increasingly be an identity security platform. Whether 1Password, its competitors, or a configuration of both fills that role in Singapore will depend on procurement decisions, regulatory interpretations, and channel relationships that are being made right now.
What the CRN recognition confirms is that the market has decided this category matters. Singapore, given the sophistication of its regulatory environment and the ambition of its AI strategy, is perhaps better placed than any other market in Asia to translate that recognition into enterprise action.
SIDEBAR: Key Facts at a Glance
1Password ARR (2025) USD 400 million (+60% YoY)
1Password Valuation USD 6.8 billion
SG Cybersecurity CAGR ~15% (2025–2033 est.)
SG Market Size (2026 est.) USD 2.0–2.5 billion
Key SG Regulatory Bodies CSA, MAS, IMDA, PDPC
Sources include: CRN / The Channel Company, 1Password corporate communications, Mordor Intelligence Password Management Market Report, EY-Parthenon / CSA Singapore Cybersecurity Market Study, MAS AI Risk Management Guidelines (Nov 2025), IMDA Model AI Governance Framework for Agentic AI (Jan 2026), CSA Draft Addendum on Securing Agentic AI (Oct 2025), Straits Interactive PDPA & AI Governance Guide, ICLG Cybersecurity Laws and Regulations Singapore, TechBuzz.ai.