Does implementing Zero Trust mean sacrificing usability?
VP IT & Ecommerce in Finance (non-banking), 51 - 200 employees
We have some zero trust capabilities within the office, it’s just that we have to turn those on and that’s the added inconvenience. We take pride in service, and if I need to service a policyholder immediately I can’t be without access or have to take time to figure out my dual-factor authentication. Even though it's become very easy, there is still that added hindrance.Managing Partner in Services (non-Government), 11 - 50 employees
When we're talking to the board, we ask, what are the assets that you want to protect, and what is it worth to you to protect them? Years ago I had top secret clearance and we had very secure computers that were tempested. You had to be in the physical room with a wire attached to that machine to talk to it. There were no outside connections. So we could make you very secure but your laptop will take 17 minutes to boot up while you go get a cup of coffee and do something else. Where do you work in usability?You've got to prioritize what needs protecting. If our marketing communication (MarCom) gets compromised, do we care? No. But if a leading edge semiconductor company’s latest design on lithography gets compromised, that’s a problem. But if hackers get your MarCom, you probably don't care. So not everything is equal. That’s when you need to have little insulated islands of smaller hard shells with soft centers because you've still got to have the soft centers to have functionality.
Director of IT in Manufacturing, 5,001 - 10,000 employees
No, Zero trust for mitigate our risk not sacrifice for usChief Security Officer in Software, 10,001+ employees
No. The whole point of zero trust is it should provide a better experience for your employees and therefore enhance usability.CTO in Software, 201 - 500 employees
By itself it doesn't mean anything. It's an approach, a security model that can be applied to a specific area (e.g. ZTN) or broadly across the Enterprise. As was already noted in other comments, it's about eliminating any explicit or implicit trust and focusing on verifying everything (e.g. attestation of endpoints, authentication of users and connections, etc.) Based on the properties of the "as-is" and "to-be" environments and the specifics of the implementation, ZT can potentially improve usability or it can have an opposite effect.Director of IT in Healthcare and Biotech, 501 - 1,000 employees
In the way we approached zero trust, or just meant more training prior to full golive to prevent users from getting frustrated.Content you might like
Increased55%
Decreased25%
No change20%
247 PARTICIPANTS
Head of Information Security in Services (non-Government), 1,001 - 5,000 employees
You need to tell people what to expect and what not to expect from IT. We’ve tried to train people to expect that IT will do certain things or make requests which are okay to comply with, but IT will never call you out of ...read moreCTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.Yes, all employees30%
Yes, but only for some employees54%
No15%
I’m not sure…1%
84 PARTICIPANTS
It's easy from the outside—we can block everything with a firewall, but what do we do from the inside? Phishing emails are getting better and better, and people click on them. I get tracked. I don't click on anything, but there's only so much awareness training we can do. So how can we mitigate all these clicks that come through?