IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Getting started with zero trust security

Organizations with the most mature zero trust capabilities have reduced security expenditures, increased cyber resilience, and boosted talent retention rates.

Organizations have responded to the COVID-19 pandemic by accelerating digital business transformation, expanding cloud footprints, increasing their remote workforces, and integrating their supply chains. As a result, our research indicates the percentage of remote workers serviced by the security function increased by 41% between the end of 2019 and through 2020.

But moving communication, business, and personal interactions online has also significantly increased potential attack surfaces, resulting in a dramatic surge in cybersecurity incidents and exposed records. As workloads move to the cloud, threats move with them. IBM’s Institute for Business Value research indicates that in 2020, upwards of 90% of cyber-related incidents originated in cloud environments.

Valuable yet vulnerable: Securing critical infrastructure

The very nature of critical infrastructure implies a dynamic relationship between trust and risk. As operations move online, both IT and operational technology (OT) networks are subject to compromise. The July 2021 Kaseya ransomware attack, for example, affected up to 2,000 organizations and carried ransom demands in excess of $70 million. Our reliance on IT and OT environments means mission-critical infrastructure is increasingly vulnerable to new threats.

Interconnected risk: IT and OT risks are complex and interdependent
IBM - TW article pic.PNG
Trust is the basis for collaboration and partnership. As these capabilities become essential to delivering value, how we think about trust is rapidly changing. While traditional approaches to cybersecurity relied on permissions and discrete network boundaries, today’s networks are defined by dynamic services and diffuse boundaries. Today’s digital platforms generate value by virtue of being interconnected, by sharing information across multiple parties.

70% of organizations are unable to secure data that moves across multiple cloud and on-premises environments.

Tensions may be inevitable. Many OT systems have traditionally relied on system isolation, yet the demand for insights from connected devices and smart systems makes such practices difficult to sustain. If anything, a lack of connectivity can render existing vulnerabilities more difficult to remediate.

Making matters worse, risks often cascade: a failure in one system often results in the failure of others. Threat actors are becoming more sophisticated in their ability to capitalize on shortcomings in IT and OT security controls. While the potential impacts are significant, such risks can be difficult to anticipate.

Setting the pace in zero trust security

To better understand how organizations are implementing zero trust security, the IBM Institute for Business Value (IBV) partnered with Oxford Economics to survey more than 1,000 operations and security executives from organizations in 15 industries across the globe. Our analysis reveals 23% of organizations—a group we refer to as “zero trust pacesetters”—are ahead of their peers in deploying zero trust capabilities across their IT and OT environments and in their interactions with ecosystem partners.

These organizations have fashioned their IT and security operations as a single estate. They are proficient in partnering internally and externally to manage cybersecurity risk. They have modernized their security operations related to interdependent governance, risk, and compliance frameworks. They apply cloud, AI-driven analytics, and automation extensively. And they recruit, develop, and retain skilled cybersecurity resources to enable zero trust capabilities across their digital estates.

92% of organizations lack the ability to securely enable and extend new cloud-native capabilities to their internal and external partners.

Most importantly, their security operations can adapt to the complexity of the current business environment—whether it’s enabling a remote workforce; monitoring endpoints, applications, data, and network traffic; or analyzing the behaviors of employees, customers, and partners to identify emergent threats.

Read the full report to learn what sets zero trust pacesetters apart—and how your organization can create a zero trust roadmap that leads to greater cyber resilience.

For any questions or requests contact your IBM Representative today.
Restlessly reinventing since 1911, International Business Machines Corporation (IBM) has decades of experience strategically partnering with leading government organizations all over the globe, to help them build innovative technology solutions that accelerate the digital transformation of government.