Zero Trust

NTT DATA making Zero Trust Real

Hiroshi Honjo- Head of Cybersecurity and Governance at NTT DATA’s Technology and Innovation General Headquarters in Tokyo, Steve Williams- Enterprise CISO at NTT DATA and Markus Kunzler- EMEA CISO at NTT DATA EMEA Ltd. share their learnings from NTT DATA’s implementation of Zero Trust and why CISOs must look to Zero Trust as the means to not only secure their business but also to continue earning the trust of their clients/customers.
The Zero Trust Model has been widely accepted by the global security community as the best method to secure our constantly evolving and interconnected global ecosystem. In a journey towards zero trust, you must decide what approach you are going to take. NTT DATA started out with Identity which is at the heart of a secure, adaptable, and decentralized workforce. Implementing Zero Trust required a cultural change but brought with it many benefits including

  • Optimized vendor relationships and reduced training and license costs by leveraging a common set of technology
  • Decreased security vulnerabilities by leveraging a common global security framework
  • Cost reduction and optimization through standardization
  • Cost and risk reduction through automation
  • Decreased support costs and helpdesk tickets

Watch the video to learn how your organization can gain these benefits through implementing a Zero Trust framework

Steve WIlliams
Enterprize CISO (Chief Information Security Officer), NTT DATA Services

Steve Williams is the Enterprise CISO for NTT DATA Services. Steve is responsible for creating and maintaining an Information Security Program across NTT DATA Services, securing the services provided to our clients, and helping to harmonize the security strategy across NTT’s 900+ companies. He has more than 30 years of IT experience and before joining NTT DATA Services led global security teams at Dell, AMD and Pearson.

Hiroshi Honjo
Head of Digital Growth at NTT DATA's Global Innovation Headquarters in Tokyo

Hiroshi Honjo is 10+ year experienced expert in security area. At the time of the interview, he was Head of Cyber Security and Governance of NTT DATA based in Tokyo, Japan, and was responsible for both protecting NTT DATA clients and NTT DATA itself from the cyber-attacks.

Partner Ecosystem of Zero Trust Architecture


Identities represent people, services, or devices. When an identity attempts to access a resource, we need to verify that identity with strong authentication, ensure access is compliant and typical for that identity, and follow the least privilege access principles.


Once an identity has been granted access to a resource, data can flow to a variety of different devices ? from corporate managed devices, over IoT devices to smartphones, BYOD to partner managed devices. This diversity creates a massive attack surface area, requiring we monitor and enforce device health and compliance for secure access.

Network Environment

All data is ultimately accessed over network infrastructure. Networking controls can provide critical inline controls to enhance visibility and help prevent attackers from moving laterally across the network. Networks should be segmented (including deeper in-subnet micro-segmentation) and real-time threat protection, transport encryption, monitoring, and analytics should be employed.

Application Workload

Applications and APIs provide the interface by which data is consumed. They may be legacy on-premises, lift-and-shifted to cloud workloads, cloud-native, or modern SaaS applications. Controls and technologies should be applied to discover Shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, monitor for abnormal behavior, control user actions, and validate secure configuration options.


Security teams are focused on protecting data. Where possible, data should remain safe even if it leaves the devices, apps, infrastructure, and networks the organization controls. Data should be classified, labeled, and encrypted, and access restricted based on those attributes.

Visibility and Analytics

Gaining visibility into transactions between the components (5 pillars in the above figure) with contextual detail and the ability to correlate and analyze them, is an absolute must. As a result, we can further understand the interaction, quality, and performance of a built ecosystem, enabling us to enhance and realize new fine-grained policies, thus the adoption of controls. Capabilities must be aligned to specific outcomes and purposes, such as helping with the speed of detection and response to threats where the IR team is the biggest consumer, focusing on threat hunting, forensic investigation, compliance activities, etc.

Automation and Orchestration

One of the significant challenges for many organizations today is the availability of quality resources. Security is one of the most impacted verticals, where capacity disadvantage takes its place. Individuals can’t provide enough speed and scale to address such complexities within the ecosystem. Increasing complexity necessitates the use of automation. Automation and orchestration bring unparalleled ability to deliver a more efficient and effective security program. It is all about the right process at the right time. With automation, organizations can speed up the identification and resolution of specific threats.


Finally, security governance underpins the technologies described above and serves as the foundation of the Zero Trust architecture. Without a solid foundation, Zero Trust cannot be maintained no matter how cutting-edge the technology introduced. In order for the introduced technology to function effectively, it is important to ensure that governance is effective on a global basis by establishing rules, creating a system to ensure that the rules are followed, and training people, etc.

Success Stories

Tokyo 2020 Olympic Games

NTT's Contribution to Olympic and Paralympic Games Tokyo 2020

From the perspectives of Telecommunication Services with Cybersecurity

Global manufacturer group

Global manufacturer group

One-stop support for global governance structure

NTTDATA Managed Detection and Response Service

NTTDATA Managed Detection and Response Service

Managing the Detection and Response services for a global tobacco giant, with locations around the world.

OT Incident Response and MDR Service for OT

OT Incident Response and MDR Service for OT

Customer is a leading manufacturer of construction materials for interior design, building insulation, and design ceilings. Customer plants across the globe produce state-of-the-art drywall systems, plasters, and insulating materials as well as external thermal insulation composite systems.

Monitoring and Incident Response for a Railway company after severe Incident

Monitoring and Incident Response for a Railway company after severe Incident

Leading railway provider company

NTTDATA Managed Detection and Response Service

NTTDATA Security Journey “ZEN Project”

Security Governance for 140k employees across 55 countries.

What are you looking for? search