FNN Executive Briefing: Understanding the Critical Role of UX to Zero Trust
- Making the technology-policy connection
- Filling the gaps, reducing complexity
- Education security teams borrow UX ideas from others
- Moving toward an adaptive defensive posture
The Cybersecurity and Infrastructure Security Agency
detailed five pillars in its Zero Trust Maturity Model.
The Defense Department has specified seven pillars.
John Kindervag of ON2IT, widely considered the father
of zero trust, typically refers to four basic zero trust
architecture design outcomes.
But whether embracing four, five or seven pillars,
federal and industry experts have quickly come
to understand one thing matters most when
implementing a ZTA: user experience.
During a recent panel discussion convened by Federal
News Network, federal chief information security
officers and industry experts discussed how if zero
trust adoption creates too much user friction, the
entire initiative can collapse in on itself.
“It’s not about necessarily minimizing the impact
on users. It’s actually being smart about the impact
on users. One of my team members often calls it
smart friction,” said Shane Barney, CISO for the U.S.
Citizenship and Immigration Services in the Homeland
Security Department.
“In other words, we’re leveraging and adding in friction
where it makes sense based on data. We’re applying it
in very, very precise ways,” he continued. “To say that
the user experience is always going to be positive and
nirvana, I don’t think is legit. I think really what we’re
aiming to do is being able to easily defend the security
decisions behind why we added friction — where we added it — because you’re going to add friction
with this process.”
Barney said friction could come from a change in
the geographic location that a user logs in from, for
instance, or if the timeframe during which they log into
the network is dramatically different than normal.
Jason Miller
Executive Editor
Federal News Network
Download the full report to learn how user experience affects your zero trust goals. Featuring insights from industry leaders are Crowdstrike, Okta and Zscaler.
By supplying my contact information, I authorize ̽Ƶ and its vendors and partner community to contact me with personalized communications about their products and services. Please review our Privacy Policy for more details or to opt-out at any time.