Does implementing Zero Trust mean sacrificing usability?

LeadershipInfrastructure
425 viewscircle icon1 Upvotecircle icon6 Comments
Sort by:
CISO in Healthcare and Biotech4 years ago

In the way we approached zero trust, or just meant more training prior to full golive to prevent users from getting frustrated.

Lightbulb on2
CTO in Software4 years ago

By itself it doesn't mean anything. It's an approach, a security model that can be applied to a specific area (e.g. ZTN) or broadly across the Enterprise. As was already noted in other comments, it's about eliminating any explicit or implicit trust and focusing on verifying everything (e.g. attestation of endpoints, authentication of users and connections, etc.) Based on the properties of the "as-is" and "to-be" environments and the specifics of the implementation, ZT can potentially improve usability or it can have an opposite effect.

Lightbulb on1
Chief Security Officer in Software4 years ago

No. The whole point of zero trust is it should provide a better experience for your employees and therefore enhance usability.

Lightbulb on2
Managing Partner in Services (non-Government)4 years ago

When we're talking to the board, we ask, what are the assets that you want to protect, and what is it worth to you to protect them? Years ago I had top secret clearance and we had very secure computers that were tempested. You had to be in the physical room with a wire attached to that machine to talk to it. There were no outside connections. So we could make you very secure but your laptop will take 17 minutes to boot up while you go get a cup of coffee and do something else. Where do you work in usability?

You've got to prioritize what needs protecting. If our marketing communication (MarCom) gets compromised, do we care? No. But if a leading edge semiconductor company’s latest design on lithography gets compromised, that’s a problem. But if hackers get your MarCom, you probably don't care. So not everything is equal. That’s when you need to have little insulated islands of smaller hard shells with soft centers because you've still got to have the soft centers to have functionality.

Lightbulb on1
VP IT & Ecommerce in Finance (non-banking)4 years ago

We have some zero trust capabilities within the office, it’s just that we have to turn those on and that’s the added inconvenience. We take pride in service, and if I need to service a policyholder immediately I can’t be without access or have to take time to figure out my dual-factor authentication. Even though it's become very easy, there is still that added hindrance.

Lightbulb on2

Content you might like

Digital transformation isn’t just about new tools—it’s about changing how teams work. Key lessons I’ve observed:

1. Start with process bottlenecks, not technology
2. Empower cross-functional teams
3. Measure outcomes, not outputs

What has been the most surprising lesson your teams have learned during a transformation?

What is the best work travel advice you’ve ever been given?

Read More Comments

How likely are you to use Kaspersky’s new online cybersecurity training program to enhance your team’s skills?

Very likely4%

Likely41%

Moderately likely25%

Moderately unlikely9%

Unlikely13%

Very unlikely6%

Unsure

View Results

Seeking input: Has anyone drafted an SOW for a cloud-based SIEM with setup, migration, and maintenance? I’m working on a FedRAMP-authorized SIEM SOW, migrating from on-prem Splunk, covering data, searches, alerts, dashboards, and models. 
Scope includes Environment Setup: 
Cloud provisioning, configuration, testing.
Connectors/Parsers: Custom data source integration.
Content Development: Rules, use cases, threat feeds.
Performance Tuning: Query/index optimization.
Runbooks: Operational procedures.

Also required: 24x7 support, maintenance, lifecycle and application management, role-based training, and documentation. 
Must comply with NIST SP 800-53, CJIS, and FedRAMP Moderate+. Goal: Secure, scalable SIEM for rapid deployment. I may be missing elements, so suggestions are welcome. Please share redacted SOWs or tips if possible.

How frequently do you meet with your Board?

Annually13%

Quarterly58%

Monthly15%

No regular meetings12%

Other1%

View Results