Zero Trust

NTT DATA making Zero Trust Real

Hiroshi Honjo- Head of Cybersecurity and Governance at NTT DATA’s Technology and Innovation General Headquarters in Tokyo, Steve Williams- Enterprise CISO at NTT DATA and Markus Kunzler- EMEA CISO at NTT DATA EMEA Ltd. share their learnings from NTT DATA’s implementation of Zero Trust and why CISOs must look to Zero Trust as the means to not only secure their business but also to continue earning the trust of their clients/customers.
The Zero Trust Model has been widely accepted by the global security community as the best method to secure our constantly evolving and interconnected global ecosystem. In a journey towards zero trust, you must decide what approach you are going to take. NTT DATA started out with Identity which is at the heart of a secure, adaptable, and decentralized workforce. Implementing Zero Trust required a cultural change but brought with it many benefits including

Optimized vendor relationships and reduced training and license costs by leveraging a common set of technology
Decreased security vulnerabilities by leveraging a common global security framework
Cost reduction and optimization through standardization
Cost and risk reduction through automation
Decreased support costs and helpdesk tickets

Watch the video to learn how your organization can gain these benefits through implementing a Zero Trust framework

Steve WIlliams Enterprize CISO (Chief Information Security Officer), NTT DATA Services: Steve Williams is the Enterprise CISO for NTT DATA Services. Steve is responsible for creating and maintaining an Information Security Program across NTT DATA Services, securing the services provided to our clients, and helping to harmonize the security strategy across NTT’s 900+ companies. He has more than 30 years of IT experience and before joining NTT DATA Services led global security teams at Dell, AMD and Pearson.

Hiroshi Honjo Head of Digital Growth at NTT DATA's Global Innovation Headquarters in Tokyo: Hiroshi Honjo is 10+ year experienced expert in security area. At the time of the interview, he was Head of Cyber Security and Governance of NTT DATA based in Tokyo, Japan, and was responsible for both protecting NTT DATA clients and NTT DATA itself from the cyber-attacks.

YouTube

Partner Ecosystem of Zero Trust Architecture

Identity

Identities represent people, services, or devices. When an identity attempts to access a resource, we need to verify that identity with strong authentication, ensure access is compliant and typical for that identity, and follow the least privilege access principles.

Device

Once an identity has been granted access to a resource, data can flow to a variety of different devices ? from corporate managed devices, over IoT devices to smartphones, BYOD to partner managed devices. This diversity creates a massive attack surface area, requiring we monitor and enforce device health and compliance for secure access.

Network Environment

All data is ultimately accessed over network infrastructure. Networking controls can provide critical inline controls to enhance visibility and help prevent attackers from moving laterally across the network. Networks should be segmented (including deeper in-subnet micro-segmentation) and real-time threat protection, transport encryption, monitoring, and analytics should be employed.

Application Workload

Applications and APIs provide the interface by which data is consumed. They may be legacy on-premises, lift-and-shifted to cloud workloads, cloud-native, or modern SaaS applications. Controls and technologies should be applied to discover Shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, monitor for abnormal behavior, control user actions, and validate secure configuration options.

Data

Security teams are focused on protecting data. Where possible, data should remain safe even if it leaves the devices, apps, infrastructure, and networks the organization controls. Data should be classified, labeled, and encrypted, and access restricted based on those attributes.

Visibility and Analytics

Gaining visibility into transactions between the components (5 pillars in the above figure) with contextual detail and the ability to correlate and analyze them, is an absolute must. As a result, we can further understand the interaction, quality, and performance of a built ecosystem, enabling us to enhance and realize new fine-grained policies, thus the adoption of controls. Capabilities must be aligned to specific outcomes and purposes, such as helping with the speed of detection and response to threats where the IR team is the biggest consumer, focusing on threat hunting, forensic investigation, compliance activities, etc.

Automation and Orchestration

One of the significant challenges for many organizations today is the availability of quality resources. Security is one of the most impacted verticals, where capacity disadvantage takes its place. Individuals can’t provide enough speed and scale to address such complexities within the ecosystem. Increasing complexity necessitates the use of automation. Automation and orchestration bring unparalleled ability to deliver a more efficient and effective security program. It is all about the right process at the right time. With automation, organizations can speed up the identification and resolution of specific threats.

Governance

Finally, security governance underpins the technologies described above and serves as the foundation of the Zero Trust architecture. Without a solid foundation, Zero Trust cannot be maintained no matter how cutting-edge the technology introduced. In order for the introduced technology to function effectively, it is important to ensure that governance is effective on a global basis by establishing rules, creating a system to ensure that the rules are followed, and training people, etc.

Success Stories

NTT's Contribution to Olympic and Paralympic Games Tokyo 2020

From the perspectives of Telecommunication Services with Cybersecurity

Global manufacturer group

One-stop support for global governance structure

Business need:

Standardization and implementation of global group information security management were the prerequisites for the client to boost the business globally.

Information security was perceived to be one of the major risks in accelerating the business globally, as information security incidents could disrupt business and damage the brand of the client Group.
However, there were no global standards or security infrastructure to defend the Group from threats, nor were there communication routes between the HQ and the global group companies to promote security and compliance.
Due to the lack of security human resources, the client Group was outsourcing security consulting, implementation, and operation to multiple companies. However, they needed to manage them together from just one outsourcing company.

Outcomes:

Implemented global governance structure, information security policy and standard, and security assessment process to maintain and improve the security of 15 group companies with roughly 30,000 employees all over the world.
Deployed standard security infrastructure (EDR, SIEM/UEBA, Cloud Proxy, CASB, and SOC) for several group companies after a thorough ROI evaluation.
Improved maturity scores based on NIST Cybersecurity Framework after 2 years

Global manufacturer group

Solution:: Provided one-stop support from consulting, and implementation to operation of Zero-trust security architecture.

Consulting

Security and risk assessment on the client’s global group companies
Issue identification and improvement plan formulation
Governance and technical architecture design

Implementation

Plan, design, and implement of transfer from the existing environment to Zero-trust security architecture.
Tools to enable Zero-trust
EDR (CrowdStrike), SIEM/UEBA (Exabeam), Cloud Proxy (Zscaler), SOC

Operation

24/7 SOC operation to support detection, response, and recovery

OT Incident Response and MDR Service for OT

Customer is a leading manufacturer of construction materials for interior design, building insulation, and design ceilings. Customer plants across the globe produce state-of-the-art drywall systems, plasters, and insulating materials as well as external thermal insulation composite systems.

Business need:

After a Ransomware attack 253 plants of the customers were disconnected with unknown security status
Customer needed a global partner for incident response in 68 countries with local capabilities to support plants on-site
The security of all plants should be improved immediately with OT threat detection, OT EDR, and OT network segmentation as baseline measures
In a second phase the customer requested a global MDR service for OT incl. threat detection, endpoint security, and virtual patching on network devices

Outcomes:

NTT DATA provides local incident response service for all plants
Plants were prioritized based on business needs
Main sites were back online and secured within two weeks
Rollout of EDR solution for 253 sites was finished within 4 months
Threat detection rollout was finished within 6 months
Network segmentation and improvements are an ongoing project
All new solutions are part of a global OT MDR service
NTT DATA was able to finish the service transition for this customer within 4 weeks after the attack

Solution:

The solutions include Fortigate, FortiEDR, Claroty Threat Detection
The installation is one of Claroty largest implementations globally
NTT DATA provides also global project management
Transition to 24/7 proactive management and monitoring
Setup of all needed MDR processes on the customer site

MORE

Latest Insight

Zero Trust: It‘s Here to Stay

A parallel cybersecurity strategy is required to modernize your technology landscape to combat a corporate firewall no longer protecting your data and users. While the cloud can provide unsurpassed agility, it can also expose new threat vectors. Your digital transformation must be accompanied by an innovative and comprehensive approach to reduce risk and attack surfaces.

DOWNLOAD