FNN Executive Briefing: Understanding the Critical Role of UX to Zero Trust
- Making the technology-policy connection
- Filling the gaps, reducing complexity
- Education security teams borrow UX ideas from others
- Moving toward an adaptive defensive posture
The Cybersecurity and Infrastructure Security Agency
detailed five pillars in its Zero Trust Maturity Model.
The Defense Department has specified seven pillars.
John Kindervag of ON2IT, widely considered the father
of zero trust, typically refers to four basic zero trust
architecture design outcomes.
But whether embracing four, five or seven pillars, federal and industry experts have quickly come to understand one thing matters most when implementing a ZTA: user experience.
During a recent panel discussion convened by Federal News Network, federal chief information security officers and industry experts discussed how if zero trust adoption creates too much user friction, the entire initiative can collapse in on itself.
“It’s not about necessarily minimizing the impact on users. It’s actually being smart about the impact on users. One of my team members often calls it smart friction,” said Shane Barney, CISO for the U.S. Citizenship and Immigration Services in the Homeland Security Department.
“In other words, we’re leveraging and adding in friction where it makes sense based on data. We’re applying it in very, very precise ways,” he continued. “To say that the user experience is always going to be positive and nirvana, I don’t think is legit. I think really what we’re aiming to do is being able to easily defend the security decisions behind why we added friction — where we added it — because you’re going to add friction with this process.”
Barney said friction could come from a change in the geographic location that a user logs in from, for instance, or if the timeframe during which they log into the network is dramatically different than normal.
Federal News Network
Download the full report to learn how user experience affects your zero trust goals. Featuring insights from industry leaders are Crowdstrike, Okta and Zscaler.