By Bryan Sartin, Vice President of Security & Resiliency at Kyndryl

Security challenges have shifted significantly in recent years, thanks to more distributed IT architectures and a rise in hybrid work environments. As a result, organizations face growing threats of data breaches.

In fact, a Kyndryl survey found that while only 15% of organizations experienced unauthorized IT access in the past 24 months, 64% of organizations believe a coordinated, successful cyberattack is somewhat, very, or extremely likely to occur in the next 12 months.

To prevent unauthorized IT access, it’s important for organizations to implement a Zero Trust framework. A Zero Trust framework is based on the mindset to “trust no one implicitly.” Such an approach to security goes beyond reducing cybersecurity risks and protecting an organization’s data better. It could potentially improve the way businesses think about security entirely.

However, organizations may face common challenges when implementing a Zero Trust framework, such as changes to processes and workflows, trying to secure legacy systems or get support from leadership.

Here are five steps organizations can take to achieve Zero Trust.

1. Align security approach to business and IT strategy

First, determine the organization’s priorities. When an organization’s security strategy is tied to its business and IT strategy, it can ensure security measures are implemented to deliver ultimate business outcomes. 

2. Integrate a culture of Zero Trust

While it’s the security and IT team’s responsibility to keep the organization secure, integrating a Zero Trust culture in phases and through training will create a more unified organization. Smart security leaders position employees as the first line of defense.

3. Optimize frequently

Many organizations typically leverage 10, 20 or even 50 cybersecurity tools to manage their security posture, which creates unneeded complexity and additional challenges. Streamlining toolsets and reducing capability redundancies will make it easier for teams to manage their security posture, while optimizing their investment.

4. Stay focused

Organizations typically build cybersecurity strategies around a patchwork of security tools, rather than foundational digital assets such as workloads and applications. So, it’s important to take inventory of all digital assets and build the IT security strategy around them.

5. Implement a strong governance model

Once a Zero Trust strategy is created, it is crucial to have strong program governance to make sure you stay on track with defined vision, goals and objectives. Quickly address deficiencies that can prevent you from realizing the benefits of your Zero Trust initiative.

Implementing Zero Trust is not done overnight. It is a journey in which organizations can strategize and manage their security posture to help prevent potential cyberattacks and keep their business safe from unauthorized activity and disruption. Doing so will help create a more secure and resilient organization.

In recognition of Cybersecurity Awareness Month, this is the third installment of a weekly series in October that highlights how organizations can anticipate, protect against, withstand and recover from cyberattacks.

Bryan Sartin

Vice President of Security & Resiliency at Kyndryl